Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/613367f1-288d-490e-a6ec-6c12c5bf1805.roa
File:                     613367f1-288d-490e-a6ec-6c12c5bf1805.roa (raw, json)
Hash identifier:          IYSg8dudOuuH4Pty+vB6WiVSzySLwMlK94GBbNMhXtc=
Subject key identifier:   C6:52:F0:2E:2C:0B:92:F9:01:5C:09:05:6B:A5:D3:05:92:75:1A:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4744B149FAA3D813D647B840EB1E9DA61E33E143
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/613367f1-288d-490e-a6ec-6c12c5bf1805.roa
Signing time:             Fri 29 Nov 2024 00:00:00 +0000
ROA not before:           Fri 29 Nov 2024 00:00:00 +0000
ROA not after:            Fri 03 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        192.189.196.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:44:b1:49:fa:a3:d8:13:d6:47:b8:40:eb:1e:9d:a6:1e:33:e1:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 29 00:00:00 2024 GMT
            Not After : Jan  3 23:59:59 2025 GMT
        Subject: serialNumber=2ee056667a3ba0d74a2338bb590e9a648ac8c5b64e262ee442afb75c625bb70d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:93:7d:ac:38:43:a8:c5:ae:a0:65:20:e6:d4:
                    50:70:b1:9b:ca:79:8d:cd:58:31:fc:31:5a:9b:13:
                    d7:7e:5c:bb:eb:33:62:52:be:33:8d:63:52:34:f0:
                    1c:b4:84:32:c5:dd:3c:97:4f:9a:41:37:b3:a7:23:
                    73:f0:ab:15:a5:d0:f2:1d:d3:52:f3:72:b8:00:2a:
                    39:ea:3d:fe:99:8d:0d:06:2f:d2:71:8f:ef:31:ee:
                    b1:2f:38:4b:5f:4b:f3:8c:3f:0a:cd:d4:f4:0c:fd:
                    09:6d:c0:bb:45:e9:b9:24:ec:d6:ac:b5:f7:c1:45:
                    36:91:fc:45:ad:8d:a6:77:62:df:3a:ed:02:db:ef:
                    a9:15:51:a4:7d:fc:c1:2f:b8:75:b5:e0:c2:5b:6e:
                    a7:c8:1e:f6:fb:30:21:ba:5a:33:8e:d1:ff:c8:5e:
                    91:41:a1:f8:10:50:63:58:47:4c:24:11:bd:77:da:
                    6b:b2:aa:28:20:71:b2:1c:31:1d:63:8d:fa:09:d5:
                    7e:ec:55:f9:a8:b9:45:52:6d:70:7e:dd:3d:41:4b:
                    4a:f6:b4:38:38:e2:52:fb:31:52:6e:53:8c:ba:3d:
                    77:a1:b2:d2:bb:0e:5d:c5:c1:61:ff:41:57:b5:75:
                    d0:5c:7d:19:81:23:66:e0:1b:3d:43:e9:96:56:fd:
                    86:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:52:F0:2E:2C:0B:92:F9:01:5C:09:05:6B:A5:D3:05:92:75:1A:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/613367f1-288d-490e-a6ec-6c12c5bf1805.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:c4:3a:30:d0:ca:45:e5:2d:6d:c8:3a:f7:35:79:df:5e:47:
         67:60:3e:79:50:0b:2f:64:c4:b2:b3:04:a0:0e:02:07:71:9a:
         53:97:91:99:4b:a1:cc:c8:17:57:1d:b6:54:79:bb:7a:2b:bb:
         d2:84:3a:ee:07:f0:1d:1e:f5:68:b3:04:40:8f:06:f9:3a:5a:
         53:9a:15:e2:d9:7c:d3:6e:78:88:ec:49:a6:af:38:f9:59:7e:
         bf:f3:54:77:64:d3:24:db:0e:56:c9:9b:c5:72:15:d1:43:48:
         88:e2:c2:f3:e0:ce:5d:d5:42:b4:41:d5:c7:3a:16:74:71:b4:
         79:d0:37:0b:29:23:26:4b:4a:fb:76:0c:fb:b7:8a:96:00:6c:
         e2:6b:cc:7a:c3:5e:b4:76:44:99:61:a0:ef:3e:ae:40:ce:5a:
         e0:3e:ec:63:96:88:7d:17:6d:d5:55:1d:87:b8:89:25:6b:3f:
         e1:2c:a4:22:7c:38:f7:d9:31:f5:1e:32:38:ec:59:77:da:6f:
         d9:e4:af:d2:e4:d0:fc:bd:de:87:ac:7e:0e:71:24:9b:80:7d:
         cc:9b:8a:84:0b:2e:ee:6b:b9:e5:3d:c5:b9:a5:c2:46:87:cb:
         a8:32:17:ef:39:75:1b:a9:4a:7d:ee:8e:d6:ac:7f:37:53:ba:
         21:e5:bf:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR0SxSfqj2BPWR7hA6x6dph4z4UMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI5MDAwMDAwWhcNMjUwMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZWUwNTY2NjdhM2JhMGQ3NGEyMzM4YmI1OTBlOWE2NDhh
YzhjNWI2NGUyNjJlZTQ0MmFmYjc1YzYyNWJiNzBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5k32sOEOoxa6gZSDm1FBwsZvKeY3NWDH8MVqbE9d+XLvr
M2JSvjONY1I08By0hDLF3TyXT5pBN7OnI3PwqxWl0PId01LzcrgAKjnqPf6ZjQ0G
L9Jxj+8x7rEvOEtfS/OMPwrN1PQM/QltwLtF6bkk7NastffBRTaR/EWtjaZ3Yt86
7QLb76kVUaR9/MEvuHW14MJbbqfIHvb7MCG6WjOO0f/IXpFBofgQUGNYR0wkEb13
2muyqiggcbIcMR1jjfoJ1X7sVfmouUVSbXB+3T1BS0r2tDg44lL7MVJuU4y6PXeh
stK7Dl3FwWH/QVe1ddBcfRmBI2bgGz1D6ZZW/YbPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxlLwLiwLkvkBXAkFa6XTBZJ1Gg8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxMzM2N2YxLTI4OGQtNDkwZS1hNmVjLTZjMTJjNWJmMTgwNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAvcQwDQYJKoZIhvcNAQELBQADggEBACzEOjDQykXlLW3IOvc1ed9eR2dg
PnlQCy9kxLKzBKAOAgdxmlOXkZlLoczIF1cdtlR5u3oru9KEOu4H8B0e9WizBECP
Bvk6WlOaFeLZfNNueIjsSaavOPlZfr/zVHdk0yTbDlbJm8VyFdFDSIjiwvPgzl3V
QrRB1cc6FnRxtHnQNwspIyZLSvt2DPu3ipYAbOJrzHrDXrR2RJlhoO8+rkDOWuA+
7GOWiH0XbdVVHYe4iSVrP+EspCJ8OPfZMfUeMjjsWXfab9nkr9Lk0Py93oesfg5x
JJuAfcybioQLLu5rueU9xbmlwkaHy6gyF+85dRupSn3ujtasfzdTuiHlv+s=
-----END CERTIFICATE-----