Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/494e8d0d-25a8-404b-8157-5b7827329817.roa
File:                     494e8d0d-25a8-404b-8157-5b7827329817.roa (raw, json)
Hash identifier:          UsQiU2RS7WgJvm9R7N4tgk8fhL16X/4KbFQHx/rKde4=
Subject key identifier:   15:9D:D0:7E:C6:3C:3B:D4:93:1A:9F:DE:75:71:2D:9B:BD:CC:23:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4BC2CF6752E0A5A6F23F677A20961A2129D468CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/494e8d0d-25a8-404b-8157-5b7827329817.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        170.68.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:c2:cf:67:52:e0:a5:a6:f2:3f:67:7a:20:96:1a:21:29:d4:68:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=72a03e26ab3633ee8c074e3302ca8f83c991a2592979d134b6dc018a604d907f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:94:14:7f:af:4e:c3:1e:8b:ef:7c:eb:b3:8c:
                    70:a0:d7:d7:eb:0e:eb:3b:3c:ae:8b:84:0b:1e:89:
                    eb:cd:19:1a:f2:2c:bf:e8:5e:da:93:eb:18:48:a8:
                    d2:ef:3d:f6:ea:cc:34:b9:ec:f4:8c:9a:72:66:75:
                    57:c6:ea:b7:4e:ef:ef:d6:f0:5b:3e:73:ca:2a:4b:
                    a5:c3:a8:ba:60:88:19:fc:4b:62:ee:24:2d:f0:2d:
                    13:23:32:ca:03:f1:c8:e9:f0:ec:7f:ed:04:d9:51:
                    6d:83:ef:9f:df:e8:62:9c:d0:2f:93:d1:72:c5:01:
                    9d:6d:08:00:9a:7b:3b:93:ec:4d:44:11:ba:b2:57:
                    e4:6a:04:55:d9:74:df:04:47:e7:f3:9d:2c:c7:3f:
                    84:20:9c:c4:44:5a:ff:1c:88:9a:d6:65:c8:4e:a2:
                    ff:30:4d:4a:b4:09:e5:e1:f3:ca:d1:f4:ec:d5:a5:
                    51:cc:b3:2b:7c:77:0d:22:3c:42:73:51:28:9d:26:
                    ee:7e:88:59:1c:c0:41:18:24:80:c9:69:18:aa:05:
                    84:32:74:a1:e9:1b:c6:dd:89:81:3d:87:67:6d:c0:
                    a4:0a:a9:9b:39:31:0e:24:0f:7e:ea:b4:43:c8:74:
                    24:86:3b:c0:f7:7e:3b:cd:9e:86:39:a5:97:7f:33:
                    79:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:9D:D0:7E:C6:3C:3B:D4:93:1A:9F:DE:75:71:2D:9B:BD:CC:23:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/494e8d0d-25a8-404b-8157-5b7827329817.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.68.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:af:f7:81:cc:d5:bb:a7:4b:45:72:bd:a4:74:5e:dd:c2:be:
         c6:c3:29:9a:9f:83:50:52:78:e7:91:74:b7:88:4c:73:07:81:
         48:a2:0f:0e:1a:63:b0:04:41:0a:71:42:82:a0:f2:d9:44:67:
         28:45:d2:89:35:6b:e4:fa:67:be:4b:dd:82:a9:71:97:d0:ba:
         8e:b1:79:65:e1:f5:b3:66:b3:a2:f3:08:75:86:01:87:a8:89:
         67:80:13:b9:3f:05:b6:be:d3:a3:29:af:c5:89:33:75:15:26:
         d2:ad:3b:14:50:06:6d:05:fe:80:da:1f:9c:5c:e7:eb:4a:7a:
         25:cb:17:08:78:4a:02:1d:f9:09:46:1c:44:f7:5f:4d:a0:91:
         a7:bd:93:9a:88:cf:6e:51:97:73:9d:71:70:50:b6:a6:04:34:
         01:ed:14:19:b5:ea:8b:93:e3:6e:6f:a4:18:c2:d9:b6:61:01:
         a2:41:46:04:5a:a9:54:b7:6c:3f:51:78:b2:55:90:09:3b:bc:
         40:e1:00:2b:7a:9e:29:4b:53:33:e2:47:66:61:5c:83:1b:35:
         4f:4d:ed:9b:26:55:e1:1a:21:22:6b:c0:69:61:41:2a:a8:a1:
         04:5b:17:80:61:ff:8c:0c:a2:ec:6a:d6:1e:e6:01:02:40:6e:
         fd:23:6f:aa
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUS8LPZ1LgpabyP2d6IJYaISnUaM4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MmEwM2UyNmFiMzYzM2VlOGMwNzRlMzMwMmNhOGY4M2M5
OTFhMjU5Mjk3OWQxMzRiNmRjMDE4YTYwNGQ5MDdmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCelBR/r07DHovvfOuzjHCg19frDus7PK6LhAseievNGRry
LL/oXtqT6xhIqNLvPfbqzDS57PSMmnJmdVfG6rdO7+/W8Fs+c8oqS6XDqLpgiBn8
S2LuJC3wLRMjMsoD8cjp8Ox/7QTZUW2D75/f6GKc0C+T0XLFAZ1tCACaezuT7E1E
EbqyV+RqBFXZdN8ER+fznSzHP4QgnMREWv8ciJrWZchOov8wTUq0CeXh88rR9OzV
pVHMsyt8dw0iPEJzUSidJu5+iFkcwEEYJIDJaRiqBYQydKHpG8bdiYE9h2dtwKQK
qZs5MQ4kD37qtEPIdCSGO8D3fjvNnoY5pZd/M3kpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFZ3QfsY8O9STGp/edXEtm73MI7wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5NGU4ZDBkLTI1YTgtNDA0Yi04MTU3LTViNzgyNzMyOTgxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCqRDANBgkqhkiG9w0BAQsFAAOCAQEAiK/3gczVu6dLRXK9pHRe3cK+xsMp
mp+DUFJ455F0t4hMcweBSKIPDhpjsARBCnFCgqDy2URnKEXSiTVr5Ppnvkvdgqlx
l9C6jrF5ZeH1s2azovMIdYYBh6iJZ4ATuT8Ftr7ToymvxYkzdRUm0q07FFAGbQX+
gNofnFzn60p6JcsXCHhKAh35CUYcRPdfTaCRp72TmojPblGXc51xcFC2pgQ0Ae0U
GbXqi5Pjbm+kGMLZtmEBokFGBFqpVLdsP1F4slWQCTu8QOEAK3qeKUtTM+JHZmFc
gxs1T03tmyZV4RohImvAaWFBKqihBFsXgGH/jAyi7GrWHuYBAkBu/SNvqg==
-----END CERTIFICATE-----