Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/532a54d4-e0b1-487e-9b5d-e01127858779.roa
File:                     532a54d4-e0b1-487e-9b5d-e01127858779.roa (raw, json)
Hash identifier:          T72793V2Rq3NRiFXoNMSzrWGD+k/2VTQKRxH9CQroyc=
Subject key identifier:   32:F4:CA:80:30:BA:31:8D:25:46:DB:F4:1E:88:A5:E3:3B:4D:53:63
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01D25FA9F4EE1444E5F02E92FF3A159E9C26DE3C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/532a54d4-e0b1-487e-9b5d-e01127858779.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.231.96.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:d2:5f:a9:f4:ee:14:44:e5:f0:2e:92:ff:3a:15:9e:9c:26:de:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=4a8e5a4c9219a3106153a796efa2eff9d8eef189f7afbdb992da2671c1f393a0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:db:8a:19:c4:47:5b:35:d7:df:80:2c:4b:57:
                    71:cd:c1:30:67:14:95:85:06:ed:a7:28:b6:9d:ce:
                    eb:57:34:17:68:60:07:44:4f:7e:34:f7:fd:14:bf:
                    df:0c:94:5a:3a:fe:7c:58:5a:b5:e9:48:25:5b:02:
                    c4:90:bc:e6:ac:05:d1:5e:ae:2c:06:f8:3b:56:64:
                    e6:d5:8e:1f:13:b7:a0:b3:70:ec:75:42:fd:2e:49:
                    c9:a5:6d:17:b1:5b:be:f8:16:8b:82:59:98:7c:5e:
                    a3:70:1f:5d:11:77:3d:c8:22:96:ca:60:7b:67:0b:
                    e4:ff:96:12:a9:d3:98:e4:1e:78:da:10:8a:f1:58:
                    dc:a6:6b:64:b0:90:7e:4f:46:60:d7:43:ba:89:b6:
                    e8:20:8e:76:a5:f6:d3:1f:30:c7:ac:bf:c7:a9:cc:
                    e6:db:af:8d:f7:85:9d:ad:7f:97:94:90:d3:f4:db:
                    f2:1f:01:be:37:37:8f:ae:94:29:89:42:7a:d7:6c:
                    71:bb:5a:0f:55:1e:dc:8e:a8:c0:ef:40:96:79:c8:
                    0f:e2:ff:ae:23:e2:72:a8:c3:76:fb:5d:37:87:5c:
                    3f:3c:f9:1d:d0:a2:63:2f:77:d5:88:c3:17:68:64:
                    83:e4:01:ee:b3:c0:b1:5a:39:59:94:e3:a5:e4:d9:
                    4f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:F4:CA:80:30:BA:31:8D:25:46:DB:F4:1E:88:A5:E3:3B:4D:53:63
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/532a54d4-e0b1-487e-9b5d-e01127858779.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.231.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         38:dd:ab:c5:7c:d5:ec:b0:dd:0c:e5:d4:dc:7a:e4:2a:1a:f8:
         63:8e:77:39:dc:25:86:a1:ea:5e:a8:15:a8:4c:03:05:27:68:
         50:78:26:5c:2b:71:8c:e2:7b:16:60:74:dd:db:f9:60:7b:62:
         9c:91:9f:2a:64:fc:66:37:4e:6d:da:1d:c2:53:62:b8:70:26:
         b1:77:31:ed:84:56:75:bc:29:c6:60:45:f0:66:80:5b:43:c7:
         ed:f7:ac:1a:67:99:30:88:7c:97:eb:ef:04:f0:93:3b:1a:31:
         d5:91:11:d4:8b:95:58:8e:0b:21:f5:a9:14:fc:5b:94:80:a1:
         66:67:69:0e:29:5b:a3:14:e9:e1:a5:31:4e:83:89:3a:0e:ce:
         e2:45:ee:32:a1:b3:01:71:bd:75:c4:ab:1a:5e:92:29:c7:b2:
         cc:da:d2:17:64:9d:f2:92:b1:df:2c:19:b2:64:7d:77:79:31:
         20:a7:08:f5:6a:88:66:c9:3a:32:53:3d:6c:9f:e3:df:de:e2:
         1f:0d:68:8e:c0:0d:f5:64:15:97:7a:e3:24:f3:c6:5d:1e:f6:
         c5:ad:d6:fd:e9:4c:71:65:95:93:b4:2d:94:38:82:14:66:08:
         ba:04:ae:b1:09:13:cf:91:99:32:4a:9e:04:9b:25:82:18:e9:
         f2:0c:7f:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAdJfqfTuFETl8C6S/zoVnpwm3jwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YThlNWE0YzkyMTlhMzEwNjE1M2E3OTZlZmEyZWZmOWQ4
ZWVmMTg5ZjdhZmJkYjk5MmRhMjY3MWMxZjM5M2EwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDX24oZxEdbNdffgCxLV3HNwTBnFJWFBu2nKLadzutXNBdo
YAdET3409/0Uv98MlFo6/nxYWrXpSCVbAsSQvOasBdFeriwG+DtWZObVjh8Tt6Cz
cOx1Qv0uScmlbRexW774FouCWZh8XqNwH10Rdz3IIpbKYHtnC+T/lhKp05jkHnja
EIrxWNyma2SwkH5PRmDXQ7qJtuggjnal9tMfMMesv8epzObbr433hZ2tf5eUkNP0
2/IfAb43N4+ulCmJQnrXbHG7Wg9VHtyOqMDvQJZ5yA/i/64j4nKow3b7XTeHXD88
+R3QomMvd9WIwxdoZIPkAe6zwLFaOVmU46Xk2U83AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMvTKgDC6MY0lRtv0Hoil4ztNU2MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzMmE1NGQ0LWUwYjEtNDg3ZS05YjVkLWUwMTEyNzg1ODc3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXY52AwDQYJKoZIhvcNAQELBQADggEBADjdq8V81eyw3Qzl1Nx65Coa+GOO
dzncJYah6l6oFahMAwUnaFB4JlwrcYziexZgdN3b+WB7YpyRnypk/GY3Tm3aHcJT
YrhwJrF3Me2EVnW8KcZgRfBmgFtDx+33rBpnmTCIfJfr7wTwkzsaMdWREdSLlViO
CyH1qRT8W5SAoWZnaQ4pW6MU6eGlMU6DiToOzuJF7jKhswFxvXXEqxpekinHssza
0hdknfKSsd8sGbJkfXd5MSCnCPVqiGbJOjJTPWyf49/e4h8NaI7ADfVkFZd64yTz
xl0e9sWt1v3pTHFllZO0LZQ4ghRmCLoErrEJE8+RmTJKngSbJYIY6fIMfwE=
-----END CERTIFICATE-----