Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48978838-6652-479f-aafc-0f11679eada6.roa
File:                     48978838-6652-479f-aafc-0f11679eada6.roa (raw, json)
Hash identifier:          le07Iwwh8mt1jX5Bz1cdl92GxLNpJeqIVtXoDxLqQ2k=
Subject key identifier:   5A:74:23:52:9C:2C:36:EA:A4:40:97:C0:C5:C9:0D:97:A7:0B:6E:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       327A744041F9724779BA16BB3CA9B20BF1EC6741
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48978838-6652-479f-aafc-0f11679eada6.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        136.18.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:7a:74:40:41:f9:72:47:79:ba:16:bb:3c:a9:b2:0b:f1:ec:67:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=2e22d0242fbdb7dea9ffe4b65849e17108bce77b9c0791a2975ccf6bf2e21b41, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:76:1d:f2:37:2c:88:54:15:5b:eb:96:c3:94:
                    c6:33:8e:e3:33:f1:d9:28:d9:40:83:20:31:1d:77:
                    42:cf:28:f8:8f:21:21:c7:48:95:70:47:f8:ea:04:
                    9f:b9:18:45:1a:3f:a1:0b:65:5b:9a:e8:a5:ec:9e:
                    f1:d8:cb:62:09:70:dd:e9:a0:97:7f:00:47:68:30:
                    8d:92:cc:e1:58:4e:73:5a:c2:68:bb:9d:83:14:64:
                    5d:a5:23:45:42:5d:9a:04:7b:9d:2d:16:5b:ca:0c:
                    59:51:76:51:e5:40:b2:89:a3:17:3e:a9:a1:9c:ed:
                    4d:12:ce:4c:c2:87:63:ec:7d:97:9f:e1:c5:8a:1a:
                    b0:b7:b0:30:fd:34:33:db:26:09:a0:88:66:8f:cd:
                    19:07:23:cd:d4:9f:34:a9:c4:dd:68:18:59:c6:5a:
                    ea:3a:0a:c5:64:15:6e:64:74:5b:74:ad:18:cf:fa:
                    f5:75:e8:e4:b4:35:e2:f9:be:80:e1:ef:52:47:ce:
                    90:40:33:94:71:26:8c:58:16:f0:18:d2:21:08:2f:
                    6d:49:6e:df:85:36:9c:4e:a1:a9:61:57:93:e5:26:
                    35:69:90:dc:d0:04:ed:9c:75:39:1e:92:9d:a8:8e:
                    96:21:f2:17:74:4e:d5:31:68:8e:df:6d:75:57:15:
                    2f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:74:23:52:9C:2C:36:EA:A4:40:97:C0:C5:C9:0D:97:A7:0B:6E:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/48978838-6652-479f-aafc-0f11679eada6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         98:9a:86:fa:c3:0a:4a:57:78:c2:3c:ff:4b:63:78:47:4e:df:
         8e:9c:88:19:82:7c:c8:0c:9d:35:16:dc:47:13:65:f5:fc:31:
         58:5f:32:8d:c1:7f:19:d4:c6:d0:7e:1c:7d:c0:f3:ce:23:cf:
         bf:e3:7f:35:f8:07:ea:ec:71:05:64:b0:2c:b5:88:57:14:8d:
         f3:13:55:02:29:5d:d9:8c:ad:15:88:c8:f4:71:50:59:55:32:
         a8:8a:63:ef:51:cb:f3:ca:5e:f9:9e:06:dc:03:ca:86:64:9b:
         0a:a1:51:48:ba:6c:b0:fe:2e:fd:df:49:13:bd:50:73:03:87:
         75:0f:22:5c:30:e2:c1:51:41:47:7e:55:73:04:f7:44:8b:2e:
         01:d2:22:c9:76:e1:f0:0d:01:e1:f7:b0:92:bd:0e:d4:38:f4:
         d3:14:20:89:03:20:06:c2:a8:de:29:73:5e:a8:21:4a:63:c0:
         b7:ea:62:44:84:1c:b7:19:46:08:25:4d:99:36:d2:8a:31:db:
         f1:29:92:76:f6:66:1a:68:75:be:7c:8c:73:c4:b7:2c:64:23:
         cd:9a:7e:75:f5:63:9e:55:25:c2:11:47:f8:47:64:64:7c:a2:
         39:cd:4c:a9:19:b3:8d:4c:48:1a:d9:6c:14:a2:41:9a:0f:ea:
         89:6f:a8:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMnp0QEH5ckd5uha7PKmyC/HsZ0EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZTIyZDAyNDJmYmRiN2RlYTlmZmU0YjY1ODQ5ZTE3MTA4
YmNlNzdiOWMwNzkxYTI5NzVjY2Y2YmYyZTIxYjQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSdh3yNyyIVBVb65bDlMYzjuMz8dko2UCDIDEdd0LPKPiP
ISHHSJVwR/jqBJ+5GEUaP6ELZVua6KXsnvHYy2IJcN3poJd/AEdoMI2SzOFYTnNa
wmi7nYMUZF2lI0VCXZoEe50tFlvKDFlRdlHlQLKJoxc+qaGc7U0SzkzCh2PsfZef
4cWKGrC3sDD9NDPbJgmgiGaPzRkHI83UnzSpxN1oGFnGWuo6CsVkFW5kdFt0rRjP
+vV16OS0NeL5voDh71JHzpBAM5RxJoxYFvAY0iEIL21Jbt+FNpxOoalhV5PlJjVp
kNzQBO2cdTkekp2ojpYh8hd0TtUxaI7fbXVXFS/XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWnQjUpwsNuqkQJfAxckNl6cLbhAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4OTc4ODM4LTY2NTItNDc5Zi1hYWZjLTBmMTE2NzllYWRhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeIEoAwDQYJKoZIhvcNAQELBQADggEBAJiahvrDCkpXeMI8/0tjeEdO346c
iBmCfMgMnTUW3EcTZfX8MVhfMo3BfxnUxtB+HH3A884jz7/jfzX4B+rscQVksCy1
iFcUjfMTVQIpXdmMrRWIyPRxUFlVMqiKY+9Ry/PKXvmeBtwDyoZkmwqhUUi6bLD+
Lv3fSRO9UHMDh3UPIlww4sFRQUd+VXME90SLLgHSIsl24fANAeH3sJK9DtQ49NMU
IIkDIAbCqN4pc16oIUpjwLfqYkSEHLcZRgglTZk20oox2/Epknb2Zhpodb58jHPE
tyxkI82afnX1Y55VJcIRR/hHZGR8ojnNTKkZs41MSBrZbBSiQZoP6olvqGo=
-----END CERTIFICATE-----