Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/462610a7-1e4e-4b5a-92fa-f4abccf74908.roa
File:                     462610a7-1e4e-4b5a-92fa-f4abccf74908.roa (raw, json)
Hash identifier:          itFezAN1IH1Agyazei3ld0w6C4/KSwaNtbx2EQolPjI=
Subject key identifier:   5A:D2:52:AE:BB:7A:5C:1F:94:7D:26:FA:14:8F:9B:BE:82:48:C4:0C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CCFC9BD013E95204F1ECED87BA1DCC183DB1032
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/462610a7-1e4e-4b5a-92fa-f4abccf74908.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        68.66.112.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:cf:c9:bd:01:3e:95:20:4f:1e:ce:d8:7b:a1:dc:c1:83:db:10:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=c7cd7233a925b8d56011333d8c181d274d7f721b18de0abdaf770890313a9e34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:92:f9:16:10:a4:18:4d:44:c8:3b:19:4c:04:
                    60:89:66:3a:d9:33:b9:23:18:7e:6e:54:20:c9:cb:
                    b4:81:76:f2:93:1e:25:6c:73:eb:55:d6:d9:a3:b2:
                    b4:69:91:a3:e1:a7:aa:9e:2e:cf:ed:9d:cd:c0:3e:
                    3e:6c:b1:5c:8e:1b:d3:40:5e:18:65:de:f2:b9:8f:
                    c7:c3:3f:7d:d0:2c:f6:0e:0c:82:6e:b8:f6:2b:91:
                    1e:ff:b7:4a:36:00:c1:f8:0c:da:34:45:d0:ee:da:
                    98:e1:8f:06:0b:77:9f:43:e7:dd:a2:e6:b1:01:04:
                    f8:7f:7a:07:fd:df:86:81:42:46:c3:39:f9:0e:85:
                    81:37:4b:f0:45:37:4a:63:33:f1:97:61:20:44:0a:
                    6a:a9:67:f3:e2:c8:c6:0d:5a:9d:98:a2:f7:a0:38:
                    3d:c0:20:14:98:ab:f4:5c:19:2d:cb:fd:9f:84:92:
                    d8:3d:cd:66:39:e6:c7:0a:59:4e:cb:0d:b2:4c:86:
                    52:91:03:20:6e:af:08:7d:21:28:ff:63:c9:06:ec:
                    1d:7b:1c:3e:3e:b9:fb:e1:ce:7c:a5:c4:d2:dd:3f:
                    0e:99:37:89:a0:a2:d8:58:9a:12:f5:2f:e7:4f:06:
                    fe:d9:67:f0:96:75:60:34:98:d8:c4:b2:53:e1:e2:
                    f3:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:D2:52:AE:BB:7A:5C:1F:94:7D:26:FA:14:8F:9B:BE:82:48:C4:0C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/462610a7-1e4e-4b5a-92fa-f4abccf74908.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.66.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         c6:17:7c:0e:dd:b9:f0:de:c9:97:1f:77:1a:8b:41:62:26:f9:
         3e:70:80:41:48:c0:c1:18:40:05:12:5f:c5:45:39:25:00:89:
         97:eb:ba:f6:6b:fa:ab:31:0d:ec:4a:68:82:f1:ec:b7:3d:09:
         4e:68:30:a1:69:3a:3e:30:50:e8:ec:b7:d8:c6:8a:db:0e:31:
         e4:73:c0:8f:7a:0c:f1:91:74:ed:f7:b3:6f:90:24:ab:3a:89:
         ed:0f:33:c1:ea:85:f1:61:b7:6f:18:0f:c0:25:f8:71:30:b1:
         32:04:33:b8:9a:ad:7d:fe:31:8c:c4:8d:ca:8c:dd:a5:47:74:
         c1:c8:63:24:57:87:59:5a:7e:b4:b5:c2:98:57:31:7c:42:3c:
         85:c5:4e:09:59:c2:25:39:a5:28:e9:20:7c:88:de:1f:c2:4a:
         8e:42:f8:72:1d:ca:10:d3:5a:1e:af:19:a8:ee:2e:fa:27:49:
         33:76:02:80:3e:26:ef:6d:c1:bb:16:e9:01:fe:93:3a:98:78:
         c2:88:65:25:04:da:71:65:d0:58:b9:88:a0:de:21:fe:cb:7a:
         55:e7:b2:63:03:a9:02:ad:3e:44:06:bb:f8:76:57:ea:d8:75:
         cc:bf:55:ab:68:e6:d8:67:89:9c:3f:b7:19:4f:fa:d4:d4:24:
         41:8a:a1:51
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPM/JvQE+lSBPHs7Ye6HcwYPbEDIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjN2NkNzIzM2E5MjViOGQ1NjAxMTMzM2Q4YzE4MWQyNzRk
N2Y3MjFiMThkZTBhYmRhZjc3MDg5MDMxM2E5ZTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEkvkWEKQYTUTIOxlMBGCJZjrZM7kjGH5uVCDJy7SBdvKT
HiVsc+tV1tmjsrRpkaPhp6qeLs/tnc3APj5ssVyOG9NAXhhl3vK5j8fDP33QLPYO
DIJuuPYrkR7/t0o2AMH4DNo0RdDu2pjhjwYLd59D592i5rEBBPh/egf934aBQkbD
OfkOhYE3S/BFN0pjM/GXYSBECmqpZ/PiyMYNWp2YovegOD3AIBSYq/RcGS3L/Z+E
ktg9zWY55scKWU7LDbJMhlKRAyBurwh9ISj/Y8kG7B17HD4+ufvhznylxNLdPw6Z
N4mgothYmhL1L+dPBv7ZZ/CWdWA0mNjEslPh4vNxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWtJSrrt6XB+UfSb6FI+bvoJIxAwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2MjYxMGE3LTFlNGUtNGI1YS05MmZhLWY0YWJjY2Y3NDkwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAREQnAwDQYJKoZIhvcNAQELBQADggEBAMYXfA7dufDeyZcfdxqLQWIm+T5w
gEFIwMEYQAUSX8VFOSUAiZfruvZr+qsxDexKaILx7Lc9CU5oMKFpOj4wUOjst9jG
itsOMeRzwI96DPGRdO33s2+QJKs6ie0PM8HqhfFht28YD8Al+HEwsTIEM7iarX3+
MYzEjcqM3aVHdMHIYyRXh1lafrS1wphXMXxCPIXFTglZwiU5pSjpIHyI3h/CSo5C
+HIdyhDTWh6vGajuLvonSTN2AoA+Ju9twbsW6QH+kzqYeMKIZSUE2nFl0Fi5iKDe
If7LelXnsmMDqQKtPkQGu/h2V+rYdcy/Vato5thniZw/txlP+tTUJEGKoVE=
-----END CERTIFICATE-----