Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/620567f9-be60-4c78-8178-0a391b1c1133.roa
File:                     620567f9-be60-4c78-8178-0a391b1c1133.roa (raw, json)
Hash identifier:          6tANwDltCUtGNTFzemOSJx4Shit1uE5gqLl7LBTTfYk=
Subject key identifier:   E9:25:52:6E:03:A3:6A:EE:52:72:72:55:AF:CC:64:35:32:C9:A6:89
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7527E63D1296B821B4D2C991FF6FAFBD90386416
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/620567f9-be60-4c78-8178-0a391b1c1133.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        160.223.224.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:27:e6:3d:12:96:b8:21:b4:d2:c9:91:ff:6f:af:bd:90:38:64:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=3e6c4554871e0c0878d6844929fd972d4e14a009ede297ec2eb4446a52eb0ffc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:48:b0:ef:13:9b:d9:0f:26:85:7d:28:57:b4:
                    6c:7e:e6:86:20:89:c7:a3:1a:46:3e:20:d6:9a:6d:
                    d3:c9:12:7e:5b:30:02:55:c8:b7:38:95:48:b6:12:
                    1f:24:df:73:ec:af:4b:47:53:41:0a:73:00:43:89:
                    98:17:36:fe:0e:5b:39:69:ee:05:e6:0b:2f:b1:7a:
                    2a:46:78:19:e8:41:de:47:c8:13:28:fd:cd:c6:46:
                    7c:29:31:e9:f8:fe:91:ae:5a:25:24:37:37:e6:30:
                    87:aa:df:87:53:c9:be:c8:fb:80:55:10:d1:67:2c:
                    9c:61:48:fb:1d:23:75:6d:6d:33:e3:9c:93:b0:a6:
                    d2:6a:8f:56:6b:06:8a:20:17:8e:0f:e5:37:6f:8e:
                    41:47:b6:ae:fe:b8:66:34:9d:3b:f0:6c:5d:59:ce:
                    d2:31:77:18:2c:f2:92:5e:4f:d1:63:3b:d3:40:75:
                    ad:3e:23:59:2f:82:f5:3e:98:44:56:f8:40:53:86:
                    c9:e8:7d:8a:ae:5f:8d:69:db:59:ac:dd:cf:92:75:
                    93:47:ad:70:68:f9:19:eb:9b:4a:0c:b3:42:f8:03:
                    22:e2:1c:62:15:bf:d2:ed:8c:58:90:3d:b5:9b:f0:
                    cf:e9:01:6b:cf:1d:58:c3:d3:e1:70:82:8c:b3:5c:
                    71:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:25:52:6E:03:A3:6A:EE:52:72:72:55:AF:CC:64:35:32:C9:A6:89
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/620567f9-be60-4c78-8178-0a391b1c1133.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.223.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9e:8e:26:f6:ed:ec:d8:b5:14:64:df:df:96:72:91:89:19:66:
         48:57:8e:4e:48:a1:50:b7:45:18:93:fc:6c:49:bf:7f:af:7e:
         8d:16:7a:4b:7d:37:2c:05:24:1a:c9:cb:68:20:9c:16:40:6c:
         e7:34:5f:e2:a6:b5:56:d4:65:20:12:06:08:ab:25:ae:76:8b:
         b3:30:cc:5b:67:ec:ba:54:12:e9:dd:29:32:16:01:3a:a8:32:
         5e:a2:bc:e5:03:63:58:15:95:ad:41:55:72:72:11:89:45:b4:
         95:b5:aa:3e:d6:28:56:c0:52:53:51:48:46:cd:d2:91:8a:b1:
         a1:40:89:00:97:93:ba:c4:c4:f3:72:8e:bf:86:03:ec:c8:f4:
         79:17:f6:5c:93:11:b0:23:be:60:71:d2:fe:d5:b4:d0:db:e4:
         fc:76:ee:0c:1e:78:1f:cb:1b:57:53:c6:53:26:e9:f7:de:0f:
         e6:1e:24:80:7d:37:f8:f4:4e:b8:fe:6f:cd:92:fe:90:36:f8:
         4e:28:b7:74:bc:c9:2e:cb:89:fe:41:6b:12:18:7b:a0:ae:6d:
         66:c2:05:9d:c0:34:48:ef:c9:64:9a:d1:56:93:cb:8f:e9:78:
         a3:ef:63:16:4b:08:8e:4a:7a:08:23:1a:a7:e5:16:f2:18:0a:
         b5:81:63:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdSfmPRKWuCG00smR/2+vvZA4ZBYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTZjNDU1NDg3MWUwYzA4NzhkNjg0NDkyOWZkOTcyZDRl
MTRhMDA5ZWRlMjk3ZWMyZWI0NDQ2YTUyZWIwZmZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNSLDvE5vZDyaFfShXtGx+5oYgicejGkY+INaabdPJEn5b
MAJVyLc4lUi2Eh8k33Psr0tHU0EKcwBDiZgXNv4OWzlp7gXmCy+xeipGeBnoQd5H
yBMo/c3GRnwpMen4/pGuWiUkNzfmMIeq34dTyb7I+4BVENFnLJxhSPsdI3VtbTPj
nJOwptJqj1ZrBoogF44P5TdvjkFHtq7+uGY0nTvwbF1ZztIxdxgs8pJeT9FjO9NA
da0+I1kvgvU+mERW+EBThsnofYquX41p21ms3c+SdZNHrXBo+Rnrm0oMs0L4AyLi
HGIVv9LtjFiQPbWb8M/pAWvPHVjD0+FwgoyzXHFnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6SVSbgOjau5ScnJVr8xkNTLJpokwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyMDU2N2Y5LWJlNjAtNGM3OC04MTc4LTBhMzkxYjFjMTEzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWg3+AwDQYJKoZIhvcNAQELBQADggEBAJ6OJvbt7Ni1FGTf35ZykYkZZkhX
jk5IoVC3RRiT/GxJv3+vfo0Wekt9NywFJBrJy2ggnBZAbOc0X+KmtVbUZSASBgir
Ja52i7MwzFtn7LpUEundKTIWATqoMl6ivOUDY1gVla1BVXJyEYlFtJW1qj7WKFbA
UlNRSEbN0pGKsaFAiQCXk7rExPNyjr+GA+zI9HkX9lyTEbAjvmBx0v7VtNDb5Px2
7gweeB/LG1dTxlMm6ffeD+YeJIB9N/j0Trj+b82S/pA2+E4ot3S8yS7Lif5BaxIY
e6CubWbCBZ3ANEjvyWSa0VaTy4/peKPvYxZLCI5KeggjGqflFvIYCrWBY24=
-----END CERTIFICATE-----