Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/482d2241-afe2-430f-b01f-fb326716f78a.roa
File:                     482d2241-afe2-430f-b01f-fb326716f78a.roa (raw, json)
Hash identifier:          Ja2fBgymyxv4wvBLsymzNqunszSTT+dwJSotEcZTou8=
Subject key identifier:   D3:1C:7F:EB:30:EB:40:D4:97:50:1E:17:0B:DF:97:48:0A:E3:23:F9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7FB4AE143F2E9065DE2CBFB8B7FB0C94AC3B518C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/482d2241-afe2-430f-b01f-fb326716f78a.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        65.4.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b4:ae:14:3f:2e:90:65:de:2c:bf:b8:b7:fb:0c:94:ac:3b:51:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=46251286d52547db6595c872ec7d69892f9c6b4746d7d7660ce32c73c17e208f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3b:bf:80:c9:66:8c:88:da:ac:13:2f:7a:be:
                    2a:c2:83:b8:2d:65:b7:b1:91:bd:c8:1f:5a:90:59:
                    07:c4:aa:a5:4d:80:ea:3d:80:22:3b:9c:eb:36:dd:
                    1c:c1:38:3a:1f:2b:4b:8b:58:a4:c4:c2:22:e2:70:
                    30:6a:a2:9a:35:12:fb:ef:53:1c:44:e6:94:47:d3:
                    b0:f5:70:f3:b8:b3:16:12:6f:85:b3:5c:17:2a:e7:
                    a0:be:06:15:c8:da:e0:b2:78:83:9a:b8:a6:89:bd:
                    4a:b9:84:af:b3:09:80:54:a7:2c:cf:f2:5c:49:72:
                    bd:c1:e7:db:37:f7:cf:64:69:09:d6:33:d2:5e:bd:
                    27:6b:f0:cb:f4:cc:53:de:da:07:03:fc:31:76:5b:
                    88:b4:e6:d2:8d:4a:4e:ea:10:95:d9:8a:e8:ba:81:
                    38:b7:20:de:49:30:36:a6:f1:82:fc:40:da:f7:4b:
                    c3:02:1f:96:0c:d2:d5:4b:01:af:41:cf:7c:9b:6b:
                    5f:08:0c:bb:a2:6b:64:b0:45:ab:83:33:ae:a4:25:
                    c1:b5:5a:78:61:90:d2:76:c8:02:2b:36:fc:a2:a0:
                    42:43:e4:b5:1c:df:aa:ff:30:9a:26:b1:12:cc:8b:
                    04:43:ca:4b:69:48:6d:27:7a:54:5a:1b:b5:e0:a3:
                    1c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:1C:7F:EB:30:EB:40:D4:97:50:1E:17:0B:DF:97:48:0A:E3:23:F9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/482d2241-afe2-430f-b01f-fb326716f78a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.4.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:d3:a3:a0:1c:d1:87:d5:95:a1:bf:be:bc:de:f9:2a:4d:2c:
         5a:bb:e6:13:57:21:9b:85:bd:0a:c4:b3:f4:d2:09:4d:a1:04:
         f6:65:df:05:98:d9:18:26:33:4f:dd:88:ae:99:e6:65:f7:6e:
         67:4d:f8:96:47:c1:51:20:ae:d3:a6:b1:e5:52:5d:3c:ad:9c:
         21:42:1b:59:a5:75:95:13:3d:57:db:6d:e7:d4:4b:3a:5e:01:
         ee:ab:f7:37:3c:41:b7:5a:a2:25:60:81:f9:70:b7:4e:b7:06:
         84:f6:26:5e:a8:9f:e2:7e:5d:f7:49:94:b9:2c:6d:65:d8:cc:
         3b:0f:a9:b7:72:3c:e9:bf:17:07:a4:92:a4:d0:82:84:9b:ac:
         08:73:2b:b2:7a:17:74:3b:74:a8:70:cc:84:9d:e4:e7:25:c5:
         7e:94:99:ee:d8:ec:c6:97:83:fb:d7:2f:5b:7c:d5:10:2f:c7:
         59:85:5c:ff:2b:3a:22:1c:b7:60:c0:73:3f:3e:7d:0d:68:2c:
         91:71:a2:c7:84:aa:59:10:18:30:48:a8:34:44:5f:95:2d:f1:
         4f:aa:8a:b4:ac:d7:c5:f2:40:01:94:a7:35:a9:c2:da:30:b9:
         56:85:45:4b:cc:af:3b:c3:b3:68:10:b0:d8:78:16:04:4c:d9:
         6d:4a:6b:b6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUf7SuFD8ukGXeLL+4t/sMlKw7UYwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NjI1MTI4NmQ1MjU0N2RiNjU5NWM4NzJlYzdkNjk4OTJm
OWM2YjQ3NDZkN2Q3NjYwY2UzMmM3M2MxN2UyMDhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQO7+AyWaMiNqsEy96virCg7gtZbexkb3IH1qQWQfEqqVN
gOo9gCI7nOs23RzBODofK0uLWKTEwiLicDBqopo1EvvvUxxE5pRH07D1cPO4sxYS
b4WzXBcq56C+BhXI2uCyeIOauKaJvUq5hK+zCYBUpyzP8lxJcr3B59s3989kaQnW
M9JevSdr8Mv0zFPe2gcD/DF2W4i05tKNSk7qEJXZiui6gTi3IN5JMDam8YL8QNr3
S8MCH5YM0tVLAa9Bz3yba18IDLuia2SwRauDM66kJcG1WnhhkNJ2yAIrNvyioEJD
5LUc36r/MJomsRLMiwRDyktpSG0nelRaG7Xgoxw7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0xx/6zDrQNSXUB4XC9+XSArjI/kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4MmQyMjQxLWFmZTItNDMwZi1iMDFmLWZiMzI2NzE2Zjc4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBBBDANBgkqhkiG9w0BAQsFAAOCAQEAOtOjoBzRh9WVob++vN75Kk0sWrvm
E1chm4W9CsSz9NIJTaEE9mXfBZjZGCYzT92IrpnmZfduZ034lkfBUSCu06ax5VJd
PK2cIUIbWaV1lRM9V9tt59RLOl4B7qv3NzxBt1qiJWCB+XC3TrcGhPYmXqif4n5d
90mUuSxtZdjMOw+pt3I86b8XB6SSpNCChJusCHMrsnoXdDt0qHDMhJ3k5yXFfpSZ
7tjsxpeD+9cvW3zVEC/HWYVc/ys6Ihy3YMBzPz59DWgskXGix4SqWRAYMEioNERf
lS3xT6qKtKzXxfJAAZSnNanC2jC5VoVFS8yvO8OzaBCw2HgWBEzZbUprtg==
-----END CERTIFICATE-----