Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73a56537-9a0d-4341-9bde-01628f91343b.roa
File:                     73a56537-9a0d-4341-9bde-01628f91343b.roa (raw, json)
Hash identifier:          2rw4SdaNrDmIqRBBe37XfHd9C4fUqjfo4ZpnIVz6Z2E=
Subject key identifier:   D0:E2:69:91:1C:47:41:D4:35:64:FD:63:BB:0F:95:69:02:1D:F4:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       69AC7AEFA20F42A0857685DC711433DE564EA857
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73a56537-9a0d-4341-9bde-01628f91343b.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.113.224.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:ac:7a:ef:a2:0f:42:a0:85:76:85:dc:71:14:33:de:56:4e:a8:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=b681391711d1867aa67eb037c4f35921fb5a949889bb510b354c077dbfafb432, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:05:df:5a:21:e5:0a:c3:81:ad:e0:01:a5:4f:
                    6a:89:05:81:50:0b:d3:e9:82:03:2f:88:c2:ee:cb:
                    2b:e9:37:5f:7b:01:a3:a8:9d:c6:da:ab:09:d1:b4:
                    3a:30:30:c6:7f:21:d4:69:de:a3:bf:35:16:cf:75:
                    70:ff:a3:d0:d6:8b:20:1f:09:78:bd:b6:c5:a1:2d:
                    37:f2:f7:ae:5e:62:c6:f5:93:21:a8:69:c9:c8:75:
                    e1:32:fe:e7:c2:96:0a:ac:5f:90:3f:ea:c8:64:de:
                    4d:13:a5:b3:25:b1:aa:ba:b1:c7:1f:f8:45:2f:a8:
                    9c:d0:d9:60:6b:3b:32:36:fe:2a:cc:f5:72:fd:4a:
                    2e:c5:1a:f4:75:60:c4:c6:ef:5d:40:7a:08:c2:cb:
                    bd:48:cd:a7:4c:0c:a5:dd:83:a7:89:63:59:5c:ef:
                    a8:4a:17:92:f1:dc:51:7e:83:67:39:52:e6:4c:01:
                    8b:fd:72:f7:ca:e1:ce:7a:72:ca:59:ac:10:a5:a0:
                    12:bf:e7:46:a5:72:dd:56:2f:f6:bb:26:5d:3a:8d:
                    db:02:63:09:d3:62:7b:16:e8:31:70:24:4f:ce:8d:
                    36:34:dc:63:82:b7:aa:08:a4:2b:8c:e7:b7:46:ee:
                    7f:ec:54:b8:10:a8:25:af:f3:67:b3:e7:d4:23:fd:
                    3a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:E2:69:91:1C:47:41:D4:35:64:FD:63:BB:0F:95:69:02:1D:F4:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73a56537-9a0d-4341-9bde-01628f91343b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.113.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         9d:c5:d1:7a:ed:82:ca:c1:dd:2a:ec:9f:1b:2c:bd:11:00:4b:
         d5:58:2b:b0:06:ea:9f:6e:07:41:e6:22:30:2a:81:ee:51:ff:
         38:46:59:00:8a:bf:ae:b6:7d:37:f1:0f:9c:b6:f7:3f:1c:4d:
         6c:1e:7f:25:99:d0:d3:9d:4d:43:55:e3:a3:ef:42:68:5b:cb:
         e0:8b:78:4f:9d:22:e2:7c:2f:d8:6e:5b:ec:b3:75:84:54:09:
         13:25:67:cd:37:24:f5:51:76:d2:4e:7c:bd:91:20:5f:25:46:
         d9:b8:40:dd:5c:c1:02:08:2d:e7:5b:4c:32:d0:c3:fe:31:d5:
         11:2c:ac:83:0e:7d:d8:c6:92:70:09:22:7f:4c:88:36:80:6b:
         16:86:2f:77:86:49:d6:5d:b2:65:c1:3f:fd:9d:e9:ad:2a:66:
         61:45:bb:98:6b:40:58:b4:e9:8c:55:69:00:d7:db:e4:96:06:
         03:4a:f1:19:fa:c8:ca:42:f2:00:20:26:b6:2f:b7:b5:5a:be:
         26:9e:ff:f7:ae:3c:7c:09:29:93:58:a1:f1:dd:12:67:b5:24:
         51:4f:91:1c:43:4b:50:f3:9e:8c:80:c6:16:8b:29:10:67:61:
         c3:ce:3f:a3:fd:89:f1:2b:f1:92:e5:67:bf:15:27:ff:cc:a7:
         d7:9c:cc:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaax676IPQqCFdoXccRQz3lZOqFcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNjgxMzkxNzExZDE4NjdhYTY3ZWIwMzdjNGYzNTkyMWZi
NWE5NDk4ODliYjUxMGIzNTRjMDc3ZGJmYWZiNDMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrBd9aIeUKw4Gt4AGlT2qJBYFQC9PpggMviMLuyyvpN197
AaOoncbaqwnRtDowMMZ/IdRp3qO/NRbPdXD/o9DWiyAfCXi9tsWhLTfy965eYsb1
kyGoacnIdeEy/ufClgqsX5A/6shk3k0TpbMlsaq6sccf+EUvqJzQ2WBrOzI2/irM
9XL9Si7FGvR1YMTG711AegjCy71IzadMDKXdg6eJY1lc76hKF5Lx3FF+g2c5UuZM
AYv9cvfK4c56cspZrBCloBK/50alct1WL/a7Jl06jdsCYwnTYnsW6DFwJE/OjTY0
3GOCt6oIpCuM57dG7n/sVLgQqCWv82ez59Qj/TpJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0OJpkRxHQdQ1ZP1juw+VaQId9DIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzczYTU2NTM3LTlhMGQtNDM0MS05YmRlLTAxNjI4ZjkxMzQzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXYceAwDQYJKoZIhvcNAQELBQADggEBAJ3F0XrtgsrB3SrsnxssvREAS9VY
K7AG6p9uB0HmIjAqge5R/zhGWQCKv662fTfxD5y29z8cTWwefyWZ0NOdTUNV46Pv
Qmhby+CLeE+dIuJ8L9huW+yzdYRUCRMlZ803JPVRdtJOfL2RIF8lRtm4QN1cwQII
LedbTDLQw/4x1REsrIMOfdjGknAJIn9MiDaAaxaGL3eGSdZdsmXBP/2d6a0qZmFF
u5hrQFi06YxVaQDX2+SWBgNK8Rn6yMpC8gAgJrYvt7Vaviae//euPHwJKZNYofHd
Eme1JFFPkRxDS1DznoyAxhaLKRBnYcPOP6P9ifEr8ZLlZ78VJ//Mp9eczNM=
-----END CERTIFICATE-----