Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/442833be-c4a2-4cf8-8fa1-a716e557e4c5.roa
File:                     442833be-c4a2-4cf8-8fa1-a716e557e4c5.roa (raw, json)
Hash identifier:          t7a+RNbhg3n/HNzh1G6/L7IRvCubUFcVY2CW93ahV4w=
Subject key identifier:   B4:6E:72:12:3B:F7:9E:83:09:C0:B4:92:17:E1:1B:7A:9D:BD:D2:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48066E0F37B7CE1BA6B3211877CE05F8BCB4EFEE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/442833be-c4a2-4cf8-8fa1-a716e557e4c5.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        207.223.80.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:06:6e:0f:37:b7:ce:1b:a6:b3:21:18:77:ce:05:f8:bc:b4:ef:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=806f4d5750ff66f5e95f8bb76194d86b41f87f603cfac5eaa6c0349e3b7bc85c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:54:cb:33:6e:66:8b:e6:4a:b1:06:be:e2:59:
                    02:cb:23:ae:09:72:e6:a2:14:fc:00:44:5e:8a:59:
                    84:f6:f9:dd:82:a1:6f:98:df:95:c6:d6:dd:5f:3a:
                    19:1d:c3:63:0b:07:6e:4e:dd:f2:5f:22:be:61:68:
                    82:5a:c2:51:22:c1:83:40:a4:7f:4e:e6:a1:c5:79:
                    c1:d0:62:f0:cc:94:f5:5e:af:9d:d1:e7:5b:e2:80:
                    b7:56:17:4c:a7:2d:0c:2a:6e:f6:31:18:d9:1b:c4:
                    a1:52:26:41:68:32:a1:30:cc:c4:da:74:0f:96:f0:
                    98:7c:c3:ed:db:55:4e:b5:d8:7c:1d:b4:7c:72:f6:
                    3a:a9:c4:03:ee:8b:e1:81:89:ea:fb:19:35:e7:0f:
                    69:02:a9:ba:3a:c6:04:4a:84:92:8f:53:40:b3:5a:
                    6f:bc:6d:51:79:ca:82:61:b3:eb:36:1c:34:fb:6a:
                    e5:36:ec:aa:ce:5e:79:6b:4c:53:01:77:66:82:3a:
                    4e:f3:b1:bb:37:d1:f9:49:7c:bb:c5:34:83:a8:3a:
                    cb:69:90:19:f9:4b:0b:a9:e5:56:22:e8:5c:46:09:
                    68:59:24:59:9c:c6:d2:f6:c5:a1:c2:e8:5f:fd:d2:
                    a2:e5:04:10:73:02:b0:e8:ba:7e:0a:44:c5:bf:e8:
                    6e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:6E:72:12:3B:F7:9E:83:09:C0:B4:92:17:E1:1B:7A:9D:BD:D2:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/442833be-c4a2-4cf8-8fa1-a716e557e4c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         19:e2:4a:92:cf:e3:7f:20:c9:36:08:03:ca:da:04:c6:e4:56:
         43:8e:66:8a:26:d7:7a:fd:e1:ee:80:61:44:3a:2c:06:e3:f8:
         7e:d2:59:45:9d:78:e2:45:4b:3d:f1:68:a1:6d:cc:61:b7:f2:
         3a:fa:1d:64:96:ab:10:66:7b:8c:68:8d:bd:46:b3:a9:eb:df:
         b2:ce:7d:ec:ec:9a:b5:34:e0:a6:d0:26:e2:e1:b5:49:4c:c5:
         85:bc:69:c0:cc:40:14:b3:7f:06:d8:53:90:0d:43:50:14:bd:
         0a:8a:c7:9d:5f:35:67:6a:ef:d2:b4:6b:0b:f2:c6:46:81:5c:
         26:db:7d:53:28:cd:14:1e:2b:5f:a8:91:a6:ed:d2:77:5f:1a:
         87:b1:b5:80:3d:42:54:df:13:88:fa:d5:17:94:51:46:b8:17:
         1a:a0:56:e6:39:a9:ba:f2:43:66:91:cb:f1:28:c8:4c:f0:6d:
         c2:1f:3c:66:76:cc:c1:5e:81:cd:3f:68:fc:ec:c1:38:3b:f5:
         62:bb:ca:46:6d:19:76:e3:90:2c:49:10:cc:ae:7a:56:6c:0f:
         1d:30:67:63:10:86:0c:33:a3:06:80:b1:70:b6:8f:27:9b:22:
         6a:16:c6:b5:6f:91:ee:c8:d6:d7:c6:3d:73:4f:3c:e8:c0:59:
         5e:a9:ca:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSAZuDze3zhumsyEYd84F+Ly07+4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDZmNGQ1NzUwZmY2NmY1ZTk1ZjhiYjc2MTk0ZDg2YjQx
Zjg3ZjYwM2NmYWM1ZWFhNmMwMzQ5ZTNiN2JjODVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXVMszbmaL5kqxBr7iWQLLI64JcuaiFPwARF6KWYT2+d2C
oW+Y35XG1t1fOhkdw2MLB25O3fJfIr5haIJawlEiwYNApH9O5qHFecHQYvDMlPVe
r53R51vigLdWF0ynLQwqbvYxGNkbxKFSJkFoMqEwzMTadA+W8Jh8w+3bVU612Hwd
tHxy9jqpxAPui+GBier7GTXnD2kCqbo6xgRKhJKPU0CzWm+8bVF5yoJhs+s2HDT7
auU27KrOXnlrTFMBd2aCOk7zsbs30flJfLvFNIOoOstpkBn5Swup5VYi6FxGCWhZ
JFmcxtL2xaHC6F/90qLlBBBzArDoun4KRMW/6G7RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtG5yEjv3noMJwLSSF+Ebep290v4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ0MjgzM2JlLWM0YTItNGNmOC04ZmExLWE3MTZlNTU3ZTRjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATP31AwDQYJKoZIhvcNAQELBQADggEBABniSpLP438gyTYIA8raBMbkVkOO
Zoom13r94e6AYUQ6LAbj+H7SWUWdeOJFSz3xaKFtzGG38jr6HWSWqxBme4xojb1G
s6nr37LOfezsmrU04KbQJuLhtUlMxYW8acDMQBSzfwbYU5ANQ1AUvQqKx51fNWdq
79K0awvyxkaBXCbbfVMozRQeK1+okabt0ndfGoextYA9QlTfE4j61ReUUUa4Fxqg
VuY5qbryQ2aRy/EoyEzwbcIfPGZ2zMFegc0/aPzswTg79WK7ykZtGXbjkCxJEMyu
elZsDx0wZ2MQhgwzowaAsXC2jyebImoWxrVvke7I1tfGPXNPPOjAWV6pysE=
-----END CERTIFICATE-----