Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ec1ef42-8da9-4b32-a084-3943029a03a9.roa
File:                     2ec1ef42-8da9-4b32-a084-3943029a03a9.roa (raw, json)
Hash identifier:          WCw9pv1eLpF0qd/PU1QFpxqzf/W/V7wEP2Dc8ZIeW98=
Subject key identifier:   23:03:B0:AE:AE:17:89:60:3A:A5:19:7E:6A:3C:72:19:4C:C7:A4:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79E7897126361F8B2726D71C3F88C5F78D57ABB3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ec1ef42-8da9-4b32-a084-3943029a03a9.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        166.117.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:e7:89:71:26:36:1f:8b:27:26:d7:1c:3f:88:c5:f7:8d:57:ab:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=25016cd29869e1297e6844f4db60b7ba452b88c9d81a0e81001ce88b2e0f484d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:93:54:87:24:0b:6a:15:bc:2a:84:a0:50:3a:
                    ea:ff:49:a2:8f:ea:0d:bd:19:05:0f:a1:d6:fe:0f:
                    2a:8d:f9:d7:92:5e:7c:76:93:a0:46:70:68:fe:37:
                    38:f5:4b:90:7c:29:3b:bd:6a:bc:3d:78:c9:77:b4:
                    e0:58:4f:c5:13:cd:f5:45:6a:ed:e4:c7:56:a4:d1:
                    17:91:7b:bc:4c:cf:36:a9:6d:75:f9:c6:83:50:80:
                    55:66:d1:f7:dd:e7:82:9a:08:dc:60:a5:d5:8e:60:
                    74:23:66:ef:12:15:f7:9b:ae:42:65:be:e7:14:04:
                    e1:42:17:e2:b3:32:f2:75:e4:d8:b3:f9:38:f9:ab:
                    0e:03:e1:3e:87:b1:8a:bc:70:a1:7b:eb:bc:03:a2:
                    a5:34:73:45:97:f0:04:62:da:d0:75:96:45:90:ca:
                    fe:7b:11:ce:be:14:e9:ae:ba:c8:b5:1b:b3:55:21:
                    35:a7:3a:95:3d:1a:e0:5e:e1:9c:8f:79:05:46:78:
                    05:ad:07:27:4e:31:23:69:22:07:32:87:fc:68:9e:
                    03:e9:53:02:0a:3c:69:3d:32:a2:79:dc:12:82:db:
                    19:f5:68:56:57:c4:43:14:d8:82:40:96:d8:92:37:
                    3b:24:a4:7b:66:5d:06:5b:9c:36:00:08:dc:9c:db:
                    3c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:03:B0:AE:AE:17:89:60:3A:A5:19:7E:6A:3C:72:19:4C:C7:A4:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ec1ef42-8da9-4b32-a084-3943029a03a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.117.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:99:a7:8d:d0:15:f8:68:06:c8:3a:1a:82:7a:fb:ab:e8:f9:
         65:82:e0:cb:28:d3:65:b6:cf:dc:e7:64:4d:33:bd:3c:fa:71:
         8e:b5:ee:70:83:4f:c9:fa:21:9d:8f:58:46:4b:2b:de:48:31:
         3a:24:4a:41:e6:3f:eb:86:fe:b9:ca:e0:b6:e5:6a:c2:06:b2:
         b7:2c:75:62:b1:14:2b:0b:56:6e:35:76:c5:9d:75:54:28:f1:
         be:9d:75:22:98:49:f2:34:f5:41:23:50:55:11:17:6d:e1:29:
         6e:94:e3:0c:f2:da:af:4b:81:db:10:bd:21:d8:bf:bd:48:69:
         62:88:de:4b:dd:26:09:69:fc:2f:81:ee:15:96:96:f6:c1:8e:
         1f:0a:d4:fb:b7:f5:cf:a0:ac:19:4d:c6:d8:64:38:1d:dc:9d:
         48:9b:c7:40:0d:91:42:fe:de:e4:f9:ba:c6:09:20:b6:57:43:
         76:3d:ea:98:cb:4b:c1:63:87:bb:77:0a:22:08:79:8e:cf:b6:
         48:26:85:ba:a2:50:cd:4e:2a:f8:75:46:e9:69:4a:4e:5c:84:
         00:da:1f:14:c7:d2:41:6e:6c:b6:21:d0:5d:77:59:b6:f0:5e:
         2d:cd:f9:87:41:04:ec:40:fa:23:ab:9d:85:f1:f2:bc:d1:c6:
         48:07:76:ff
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeeeJcSY2H4snJtccP4jF941Xq7MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTAxNmNkMjk4NjllMTI5N2U2ODQ0ZjRkYjYwYjdiYTQ1
MmI4OGM5ZDgxYTBlODEwMDFjZTg4YjJlMGY0ODRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+k1SHJAtqFbwqhKBQOur/SaKP6g29GQUPodb+DyqN+deS
Xnx2k6BGcGj+Nzj1S5B8KTu9arw9eMl3tOBYT8UTzfVFau3kx1ak0ReRe7xMzzap
bXX5xoNQgFVm0ffd54KaCNxgpdWOYHQjZu8SFfebrkJlvucUBOFCF+KzMvJ15Niz
+Tj5qw4D4T6HsYq8cKF767wDoqU0c0WX8ARi2tB1lkWQyv57Ec6+FOmuusi1G7NV
ITWnOpU9GuBe4ZyPeQVGeAWtBydOMSNpIgcyh/xongPpUwIKPGk9MqJ53BKC2xn1
aFZXxEMU2IJAltiSNzskpHtmXQZbnDYACNyc2zxLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIwOwrq4XiWA6pRl+ajxyGUzHpLowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlYzFlZjQyLThkYTktNGIzMi1hMDg0LTM5NDMwMjlhMDNhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCmdTANBgkqhkiG9w0BAQsFAAOCAQEAdpmnjdAV+GgGyDoagnr7q+j5ZYLg
yyjTZbbP3OdkTTO9PPpxjrXucINPyfohnY9YRksr3kgxOiRKQeY/64b+ucrgtuVq
wgaytyx1YrEUKwtWbjV2xZ11VCjxvp11IphJ8jT1QSNQVREXbeEpbpTjDPLar0uB
2xC9Idi/vUhpYojeS90mCWn8L4HuFZaW9sGOHwrU+7f1z6CsGU3G2GQ4HdydSJvH
QA2RQv7e5Pm6xgkgtldDdj3qmMtLwWOHu3cKIgh5js+2SCaFuqJQzU4q+HVG6WlK
TlyEANofFMfSQW5stiHQXXdZtvBeLc35h0EE7ED6I6udhfHyvNHGSAd2/w==
-----END CERTIFICATE-----