Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47701c8b-e269-4cbd-a00d-601cd67f4694.roa
File:                     47701c8b-e269-4cbd-a00d-601cd67f4694.roa (raw, json)
Hash identifier:          gqc/WbH877CeSONOBm/wVqXxQPfGkohk5aLAXr0T0MQ=
Subject key identifier:   CC:EB:43:34:5D:64:4E:52:DC:DD:A6:2C:5F:F2:0B:E9:72:8B:35:E1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       302AF0957B314B3A9D934B15AEABFBA61FE21C41
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47701c8b-e269-4cbd-a00d-601cd67f4694.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        198.41.96.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:2a:f0:95:7b:31:4b:3a:9d:93:4b:15:ae:ab:fb:a6:1f:e2:1c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=e37e45396861f8c796b609056d043e5c2a80a02d2cf2e76baca4979ecb989143, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c5:41:a9:16:84:e0:70:7f:a0:ee:10:25:73:
                    c0:42:c7:1d:4e:3b:c7:9f:2d:20:38:f2:1f:d0:ec:
                    de:9a:01:a4:1c:ed:ea:f0:d6:49:49:99:62:b8:5d:
                    52:37:ad:13:86:7f:aa:10:5e:41:f6:fc:79:86:e6:
                    7e:ab:7c:9a:4d:5b:20:58:cc:a9:b7:e0:db:37:eb:
                    b6:b5:53:47:01:67:f6:c8:b5:7d:15:fa:68:44:dd:
                    49:2b:e7:75:08:ce:fe:5d:42:9b:cd:c7:02:05:ab:
                    b0:d9:ba:01:16:24:02:d7:cd:f8:6c:53:40:62:51:
                    d8:93:37:ce:58:97:d4:b9:e4:29:7a:87:1b:08:af:
                    2e:47:2f:c3:e7:6b:fc:81:4a:c7:fb:53:9d:03:61:
                    89:9f:63:9a:53:95:66:f2:86:ac:3d:8f:29:41:5a:
                    99:6f:b0:8b:1d:6e:53:99:f9:bf:4f:e0:06:e1:a7:
                    b3:5f:00:7c:d4:55:f5:74:7f:76:b8:ea:eb:b3:7b:
                    07:1f:65:91:25:00:2d:39:d8:5a:ed:4c:68:4a:4b:
                    7d:75:ca:56:b8:3f:f0:9a:d4:b7:df:35:9c:af:76:
                    d0:29:59:aa:d8:84:14:2c:82:7b:18:70:96:8a:47:
                    9c:89:e7:8f:27:3d:dd:1f:ed:16:24:5f:35:0a:c6:
                    68:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:EB:43:34:5D:64:4E:52:DC:DD:A6:2C:5F:F2:0B:E9:72:8B:35:E1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/47701c8b-e269-4cbd-a00d-601cd67f4694.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.41.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:13:e2:59:ca:9c:a1:ae:a7:0d:32:b5:00:11:1e:8c:8c:f1:
         4e:9f:a2:e9:b5:50:1a:72:e6:fe:d3:a8:3a:87:10:2b:c9:89:
         2c:5d:2e:5d:b8:de:ff:41:04:75:18:79:25:f0:c0:d4:d6:3d:
         67:63:e4:8b:8b:36:06:d8:a1:46:b6:16:f5:5a:d8:32:eb:9e:
         da:bf:61:92:80:65:43:bf:76:1c:90:d8:76:ac:9e:45:38:c8:
         45:a2:4b:ff:7c:91:3f:2a:de:fc:d2:66:82:63:39:11:a4:08:
         38:5b:f7:06:7d:3f:52:dc:16:56:c3:20:ec:a1:b2:4a:5b:bc:
         35:f0:87:38:ef:bd:37:7e:1a:f4:ae:f8:3e:06:da:db:ab:00:
         94:aa:69:36:54:bb:7d:d2:01:fd:49:3b:06:b0:75:c4:21:1c:
         ac:a8:0b:64:48:7e:88:c6:58:53:8e:e4:d0:41:76:9f:97:85:
         05:14:3b:ed:7a:fc:38:ef:1b:e1:c3:a5:15:3b:dd:ef:c3:c2:
         9e:c1:54:a6:62:88:17:b0:28:7b:de:13:4b:4d:c5:dd:e8:5b:
         7b:32:5b:05:95:05:50:a5:7e:e4:61:44:c0:e8:e7:02:14:7e:
         63:9c:2d:63:92:f3:7b:b6:64:27:e9:a6:f6:fe:e4:f3:8f:ea:
         c8:3a:25:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMCrwlXsxSzqdk0sVrqv7ph/iHEEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzdlNDUzOTY4NjFmOGM3OTZiNjA5MDU2ZDA0M2U1YzJh
ODBhMDJkMmNmMmU3NmJhY2E0OTc5ZWNiOTg5MTQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnxUGpFoTgcH+g7hAlc8BCxx1OO8efLSA48h/Q7N6aAaQc
7erw1klJmWK4XVI3rROGf6oQXkH2/HmG5n6rfJpNWyBYzKm34Ns367a1U0cBZ/bI
tX0V+mhE3Ukr53UIzv5dQpvNxwIFq7DZugEWJALXzfhsU0BiUdiTN85Yl9S55Cl6
hxsIry5HL8Pna/yBSsf7U50DYYmfY5pTlWbyhqw9jylBWplvsIsdblOZ+b9P4Abh
p7NfAHzUVfV0f3a46uuzewcfZZElAC052FrtTGhKS311yla4P/Ca1LffNZyvdtAp
WarYhBQsgnsYcJaKR5yJ548nPd0f7RYkXzUKxmiXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzOtDNF1kTlLc3aYsX/IL6XKLNeEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ3NzAxYzhiLWUyNjktNGNiZC1hMDBkLTYwMWNkNjdmNDY5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXGKWAwDQYJKoZIhvcNAQELBQADggEBADgT4lnKnKGupw0ytQARHoyM8U6f
oum1UBpy5v7TqDqHECvJiSxdLl243v9BBHUYeSXwwNTWPWdj5IuLNgbYoUa2FvVa
2DLrntq/YZKAZUO/dhyQ2HasnkU4yEWiS/98kT8q3vzSZoJjORGkCDhb9wZ9P1Lc
FlbDIOyhskpbvDXwhzjvvTd+GvSu+D4G2turAJSqaTZUu33SAf1JOwawdcQhHKyo
C2RIfojGWFOO5NBBdp+XhQUUO+16/DjvG+HDpRU73e/Dwp7BVKZiiBewKHveE0tN
xd3oW3syWwWVBVClfuRhRMDo5wIUfmOcLWOS83u2ZCfppvb+5POP6sg6Jf0=
-----END CERTIFICATE-----