Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c4f9314-87cb-4e14-9219-eef3577a2174.roa
File:                     5c4f9314-87cb-4e14-9219-eef3577a2174.roa (raw, json)
Hash identifier:          H8W6kdagVwMkB2xcd29kg3SaK8u73a5SNaVlDHf6lGA=
Subject key identifier:   63:FB:78:F3:18:6E:13:BB:20:67:27:3D:92:EE:00:63:AF:69:5F:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0E49804E7223BFE827A04CF211F7AD143F2D4E2C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c4f9314-87cb-4e14-9219-eef3577a2174.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.39.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:49:80:4e:72:23:bf:e8:27:a0:4c:f2:11:f7:ad:14:3f:2d:4e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=c89fcdac1acc506d72514384dbc2f1287740786cd66d0bacb93425e7753fb22f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e4:72:20:a9:a8:75:eb:b0:4a:79:b6:9b:67:
                    6b:67:4b:2a:76:1e:f0:33:a1:df:aa:0e:8f:5b:79:
                    43:ae:91:26:d7:ea:29:2d:a1:d6:93:02:a9:3e:15:
                    07:ac:13:0d:32:75:2d:39:08:18:54:55:ac:ec:4f:
                    b6:92:c7:7d:aa:ff:4b:71:3f:63:70:11:0d:6f:e8:
                    72:93:b3:1b:67:fe:66:df:8c:32:c0:be:a2:40:3b:
                    08:e9:a2:e7:b3:52:81:54:65:c6:dc:0d:8f:85:be:
                    17:99:ef:02:b2:42:6f:22:8c:be:0d:a2:d5:86:0c:
                    e8:0d:c7:5c:b5:d4:17:b0:f0:a3:3e:96:32:24:d6:
                    6b:d7:cc:09:d7:13:40:c4:45:a8:30:95:b1:d0:01:
                    b3:18:cc:78:7c:da:3a:02:a9:57:f9:47:6e:3a:de:
                    e7:66:04:46:2f:ee:e8:be:81:48:ae:e6:6d:58:e1:
                    41:19:59:cf:f6:ef:f1:5c:c3:7a:fd:8a:2e:14:2a:
                    af:1e:7f:f2:3c:b1:f3:b1:be:f9:76:31:12:27:49:
                    c9:83:77:40:72:11:a7:d3:1b:08:97:09:41:c9:16:
                    74:ee:12:68:61:5c:24:ad:e4:dd:b5:28:86:ff:d9:
                    b8:fc:60:f6:f5:bc:92:07:68:4b:cc:cc:c9:df:84:
                    4f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FB:78:F3:18:6E:13:BB:20:67:27:3D:92:EE:00:63:AF:69:5F:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c4f9314-87cb-4e14-9219-eef3577a2174.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.39.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9d:56:ff:8d:90:e5:61:96:79:24:cd:3c:b9:95:a1:b7:be:b1:
         9b:17:93:f2:54:83:ed:1e:8e:b4:a7:90:a4:27:7a:c3:d8:60:
         9a:84:e3:ca:a3:b5:37:23:7c:45:85:be:84:a8:ee:e7:9a:c4:
         4a:5c:bb:0b:df:5d:54:d5:3c:39:6c:75:d8:2d:ed:14:03:9f:
         10:68:a1:a6:d9:ae:79:db:68:ad:ed:0a:60:cb:6a:40:0f:12:
         40:d9:ac:0c:9b:e9:89:10:7f:d8:1c:f4:29:a3:6e:93:34:cc:
         30:3a:c0:f9:f8:19:c3:93:d7:fb:c8:d7:b5:aa:33:2e:56:e4:
         09:7a:56:23:44:a3:9a:37:5a:06:53:46:02:e7:57:44:7a:62:
         1f:ab:10:71:ff:95:5c:6e:2e:4e:d8:6e:97:6b:ba:03:98:9a:
         0c:c9:78:1f:68:c7:a9:ad:6c:e2:f0:15:46:ff:b2:de:f1:72:
         66:e9:e7:0d:7e:f7:8e:3d:b8:27:f3:38:13:a6:0e:89:8f:30:
         c1:8a:e6:ad:65:25:05:14:3c:2c:54:bd:a7:01:c2:75:c6:d6:
         fd:67:34:81:95:8c:cd:5b:fa:36:5d:1a:65:c5:8e:07:39:55:
         e8:d1:7d:d8:6b:5b:9a:48:03:c5:5b:00:83:a1:45:2a:b5:0b:
         b3:d4:2f:5c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDkmATnIjv+gnoEzyEfetFD8tTiwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODlmY2RhYzFhY2M1MDZkNzI1MTQzODRkYmMyZjEyODc3
NDA3ODZjZDY2ZDBiYWNiOTM0MjVlNzc1M2ZiMjJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD5HIgqah167BKebabZ2tnSyp2HvAzod+qDo9beUOukSbX
6iktodaTAqk+FQesEw0ydS05CBhUVazsT7aSx32q/0txP2NwEQ1v6HKTsxtn/mbf
jDLAvqJAOwjpouezUoFUZcbcDY+FvheZ7wKyQm8ijL4NotWGDOgNx1y11Bew8KM+
ljIk1mvXzAnXE0DERagwlbHQAbMYzHh82joCqVf5R2463udmBEYv7ui+gUiu5m1Y
4UEZWc/27/Fcw3r9ii4UKq8ef/I8sfOxvvl2MRInScmDd0ByEafTGwiXCUHJFnTu
EmhhXCSt5N21KIb/2bj8YPb1vJIHaEvMzMnfhE93AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY/t48xhuE7sgZyc9ku4AY69pXwAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVjNGY5MzE0LTg3Y2ItNGUxNC05MjE5LWVlZjM1NzdhMjE3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbYJ4AwDQYJKoZIhvcNAQELBQADggEBAJ1W/42Q5WGWeSTNPLmVobe+sZsX
k/JUg+0ejrSnkKQnesPYYJqE48qjtTcjfEWFvoSo7ueaxEpcuwvfXVTVPDlsddgt
7RQDnxBooabZrnnbaK3tCmDLakAPEkDZrAyb6YkQf9gc9CmjbpM0zDA6wPn4GcOT
1/vI17WqMy5W5Al6ViNEo5o3WgZTRgLnV0R6Yh+rEHH/lVxuLk7YbpdrugOYmgzJ
eB9ox6mtbOLwFUb/st7xcmbp5w1+9449uCfzOBOmDomPMMGK5q1lJQUUPCxUvacB
wnXG1v1nNIGVjM1b+jZdGmXFjgc5VejRfdhrW5pIA8VbAIOhRSq1C7PUL1w=
-----END CERTIFICATE-----