Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3a9b2090-afad-4e5b-a976-16b6f992733d.roa
File:                     3a9b2090-afad-4e5b-a976-16b6f992733d.roa (raw, json)
Hash identifier:          bROmT021y0mAQXC8jwlzzOrX/bnahXlXb2IX+jhalGk=
Subject key identifier:   0E:1F:2A:BA:E8:E8:4D:27:BE:B5:53:0A:3A:4C:8F:BD:E1:A5:B6:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       091632BF7F9A06B6FE68EB29096FD432A1D62781
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3a9b2090-afad-4e5b-a976-16b6f992733d.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        209.92.52.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:16:32:bf:7f:9a:06:b6:fe:68:eb:29:09:6f:d4:32:a1:d6:27:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=afcf8f4af056e9fac7b0ce7fdb8837b67150e682463ce7a843947fd09f46685c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3d:e5:46:b8:a9:dd:9b:e5:2a:91:a7:e6:d9:
                    b5:c9:1a:a3:4f:61:16:83:3d:c3:9a:c0:2d:3b:66:
                    a8:90:6b:97:17:46:94:c1:87:e3:91:c4:b5:4c:c3:
                    b5:88:37:22:f7:65:f7:ce:34:f5:c2:0a:ad:59:57:
                    89:30:0a:b7:e9:89:bd:4b:7f:87:e7:46:6a:04:5f:
                    b9:53:84:e4:93:0e:a9:04:a9:96:4e:10:ec:bd:38:
                    09:f2:f5:0b:b5:49:78:78:b0:6f:5d:83:2e:c4:97:
                    ef:ae:fe:ba:67:de:8e:15:4f:95:da:ae:f1:5e:61:
                    32:6b:8c:70:eb:53:5c:b1:9b:e1:d6:88:b8:71:10:
                    fb:5e:d0:7e:8a:9c:45:63:48:28:04:6c:4b:07:69:
                    b4:79:37:4f:ab:08:f7:36:0a:d3:18:a3:55:86:78:
                    15:0d:39:82:d4:2d:20:b1:e1:a7:ec:1c:42:58:4f:
                    30:11:26:78:1d:c9:9d:dc:11:f7:a1:fd:49:31:90:
                    0a:74:12:2d:06:29:4f:a5:81:ff:41:d6:e9:ac:3d:
                    e5:b1:51:6b:d0:a7:0b:f5:ee:1a:54:a5:c4:45:50:
                    6e:c9:3c:eb:d8:af:eb:69:32:f0:2d:44:7c:ee:94:
                    2d:d5:c9:6f:2a:96:16:fd:20:7a:fe:89:ab:8d:03:
                    3c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:1F:2A:BA:E8:E8:4D:27:BE:B5:53:0A:3A:4C:8F:BD:E1:A5:B6:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3a9b2090-afad-4e5b-a976-16b6f992733d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f4:4f:5d:40:52:41:41:29:e9:4e:69:f2:fb:10:87:fb:2f:
         9f:89:59:e1:f8:41:58:52:ae:59:ff:5c:07:aa:5e:c4:d1:e1:
         06:13:4e:f8:7a:48:db:f8:b6:7e:2e:65:91:ae:e1:14:79:5b:
         7f:9c:ca:fa:75:9e:63:89:e5:12:ec:49:a4:b4:c4:84:ba:9b:
         ae:26:16:ad:24:4f:63:c9:ab:cf:b0:79:0e:cf:d5:3e:50:25:
         0a:c4:8e:18:bc:dc:82:2c:bc:d1:c7:d1:fd:17:17:bd:7c:a2:
         53:c5:bc:ad:03:9d:9e:b7:73:36:22:cf:12:87:76:e9:34:ef:
         11:55:7f:9e:7d:3c:57:ce:2e:a1:40:24:79:a6:99:f2:27:fd:
         4b:a1:0d:cf:a1:cd:fb:1a:4d:ab:53:8b:b3:4f:2b:32:e2:56:
         6a:a1:6d:ed:df:13:ae:5f:5c:92:21:e2:ad:16:15:55:45:61:
         0f:58:13:6f:7b:22:0f:0b:29:9c:9d:8d:1a:32:44:ee:f6:7f:
         e8:28:cd:47:ce:d5:dd:6e:8f:7a:71:5b:b5:d6:ea:b5:95:0e:
         7e:7c:f7:ba:4d:2b:08:01:69:5a:20:e7:95:de:19:8d:8e:e3:
         ba:4e:22:92:80:da:d9:ac:aa:6f:92:9b:7d:a7:2b:3a:11:37:
         93:39:7a:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCRYyv3+aBrb+aOspCW/UMqHWJ4EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmNmOGY0YWYwNTZlOWZhYzdiMGNlN2ZkYjg4MzdiNjcx
NTBlNjgyNDYzY2U3YTg0Mzk0N2ZkMDlmNDY2ODVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCePeVGuKndm+Uqkafm2bXJGqNPYRaDPcOawC07ZqiQa5cX
RpTBh+ORxLVMw7WINyL3ZffONPXCCq1ZV4kwCrfpib1Lf4fnRmoEX7lThOSTDqkE
qZZOEOy9OAny9Qu1SXh4sG9dgy7El++u/rpn3o4VT5XarvFeYTJrjHDrU1yxm+HW
iLhxEPte0H6KnEVjSCgEbEsHabR5N0+rCPc2CtMYo1WGeBUNOYLULSCx4afsHEJY
TzARJngdyZ3cEfeh/UkxkAp0Ei0GKU+lgf9B1umsPeWxUWvQpwv17hpUpcRFUG7J
POvYr+tpMvAtRHzulC3VyW8qlhb9IHr+iauNAzy1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDh8quujoTSe+tVMKOkyPveGltoIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNhOWIyMDkwLWFmYWQtNGU1Yi1hOTc2LTE2YjZmOTkyNzMzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADRXDQwDQYJKoZIhvcNAQELBQADggEBAFX0T11AUkFBKelOafL7EIf7L5+J
WeH4QVhSrln/XAeqXsTR4QYTTvh6SNv4tn4uZZGu4RR5W3+cyvp1nmOJ5RLsSaS0
xIS6m64mFq0kT2PJq8+weQ7P1T5QJQrEjhi83IIsvNHH0f0XF718olPFvK0DnZ63
czYizxKHduk07xFVf559PFfOLqFAJHmmmfIn/UuhDc+hzfsaTatTi7NPKzLiVmqh
be3fE65fXJIh4q0WFVVFYQ9YE297Ig8LKZydjRoyRO72f+gozUfO1d1uj3pxW7XW
6rWVDn5897pNKwgBaVog55XeGY2O47pOIpKA2tmsqm+Sm32nKzoRN5M5eoM=
-----END CERTIFICATE-----