Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7aabfe13-aec1-4bbe-81c2-0e502a836188.roa
File:                     7aabfe13-aec1-4bbe-81c2-0e502a836188.roa (raw, json)
Hash identifier:          ONkaXnAaaFxv2T0aVYEMSzm/pOl9d77QzYM0lfW+4nc=
Subject key identifier:   99:00:F1:2D:6C:E5:99:43:A1:27:11:7A:36:EE:63:6E:F8:54:4D:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       557D181E6ECE9CBDC77D2957585EE689878AF93D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7aabfe13-aec1-4bbe-81c2-0e502a836188.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        209.92.128.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:7d:18:1e:6e:ce:9c:bd:c7:7d:29:57:58:5e:e6:89:87:8a:f9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=82610f2d2e2a417379dd31dbe51359b40ac5069a2e0381e35875bb626aa92f44, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ed:b9:0a:52:d0:37:89:5a:54:44:71:62:95:
                    4f:ae:32:c1:37:be:c3:fc:d0:f4:bf:12:95:6c:ff:
                    a9:a4:2a:42:d0:90:0d:b9:2c:cc:a6:6b:4c:50:03:
                    e7:90:36:a9:20:8b:1c:cf:5f:c6:2d:e4:18:2b:de:
                    26:1e:47:58:cf:98:50:65:90:d8:9d:44:9a:fb:56:
                    fb:5e:57:7f:e5:dd:05:98:f5:d4:0e:f9:93:6c:b7:
                    d0:bd:4b:74:80:7e:59:f0:f4:ba:14:67:a0:21:e5:
                    69:b2:4a:10:50:31:ad:2c:d9:33:4d:9a:5a:1e:15:
                    f8:67:5f:2c:7a:0f:ef:e1:d9:47:29:c2:eb:97:5e:
                    29:99:68:d0:80:54:1a:ef:33:2f:c4:e2:c0:35:e7:
                    ec:22:89:8f:c0:a0:3b:06:ea:f3:5c:29:5a:c6:5a:
                    69:3c:87:b6:c0:66:8a:87:e8:ee:b8:85:b1:80:82:
                    d1:16:39:2d:30:3f:32:3d:26:cd:b7:f4:0f:e6:74:
                    28:ff:98:16:3f:1d:9f:9b:2c:66:fc:bb:e3:d6:28:
                    e2:1a:ff:63:d4:c2:ad:91:95:f1:d0:c7:77:63:d7:
                    33:3f:55:51:a5:9f:1a:1b:36:dc:d7:90:ea:2d:a7:
                    02:3c:e1:4e:ef:c1:e4:36:e7:13:87:c0:a3:49:ea:
                    79:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:00:F1:2D:6C:E5:99:43:A1:27:11:7A:36:EE:63:6E:F8:54:4D:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7aabfe13-aec1-4bbe-81c2-0e502a836188.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.92.128.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cd:2e:9a:f5:a9:4f:11:f7:d5:6f:96:ba:05:56:18:66:ef:d9:
         7f:5e:6f:53:d6:69:a2:5f:c8:e2:4c:83:44:ae:f0:1e:34:40:
         88:c5:a9:45:34:c9:5c:44:86:b8:2f:9c:5a:60:cd:01:bc:24:
         55:e5:e6:b2:37:65:b6:44:e3:82:89:ff:21:cd:4b:f3:85:fa:
         12:95:99:6e:02:4f:a7:d2:f8:b0:90:a7:8e:80:5d:1c:ee:d8:
         ab:48:3d:c8:6f:63:9e:d4:6d:dc:23:73:91:1c:62:b3:e0:15:
         f0:d3:0e:2e:3f:dd:a4:fd:55:bf:28:c4:b7:77:b9:83:a5:5f:
         38:7f:ed:22:1e:3f:63:cb:34:1e:73:14:2d:dd:ed:c2:ab:bd:
         7f:b5:b9:95:2b:0e:64:d5:37:ec:0c:de:8d:d5:d0:5a:b6:fb:
         97:e3:7a:25:54:31:9d:e6:d1:5c:ca:87:c2:74:f6:e3:7d:5d:
         6b:20:d9:da:b7:26:e4:e8:fe:9e:70:1b:93:00:77:fb:20:f0:
         c3:7d:e7:a7:c2:45:35:0b:98:ff:56:f0:57:3c:f1:35:21:06:
         96:d4:52:63:1f:42:79:c9:b9:2d:1f:3c:e5:65:92:f6:a4:aa:
         77:37:7f:28:78:a3:7a:14:05:68:11:d2:ab:84:29:f8:3d:39:
         44:de:8c:b1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVX0YHm7OnL3HfSlXWF7miYeK+T0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjYxMGYyZDJlMmE0MTczNzlkZDMxZGJlNTEzNTliNDBh
YzUwNjlhMmUwMzgxZTM1ODc1YmI2MjZhYTkyZjQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc7bkKUtA3iVpURHFilU+uMsE3vsP80PS/EpVs/6mkKkLQ
kA25LMyma0xQA+eQNqkgixzPX8Yt5Bgr3iYeR1jPmFBlkNidRJr7VvteV3/l3QWY
9dQO+ZNst9C9S3SAflnw9LoUZ6Ah5WmyShBQMa0s2TNNmloeFfhnXyx6D+/h2Ucp
wuuXXimZaNCAVBrvMy/E4sA15+wiiY/AoDsG6vNcKVrGWmk8h7bAZoqH6O64hbGA
gtEWOS0wPzI9Js239A/mdCj/mBY/HZ+bLGb8u+PWKOIa/2PUwq2RlfHQx3dj1zM/
VVGlnxobNtzXkOotpwI84U7vweQ25xOHwKNJ6nnlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmQDxLWzlmUOhJxF6Nu5jbvhUTbwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdhYWJmZTEzLWFlYzEtNGJiZS04MWMyLTBlNTAyYTgzNjE4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPRXIAwDQYJKoZIhvcNAQELBQADggEBAM0umvWpTxH31W+WugVWGGbv2X9e
b1PWaaJfyOJMg0Su8B40QIjFqUU0yVxEhrgvnFpgzQG8JFXl5rI3ZbZE44KJ/yHN
S/OF+hKVmW4CT6fS+LCQp46AXRzu2KtIPchvY57Ubdwjc5EcYrPgFfDTDi4/3aT9
Vb8oxLd3uYOlXzh/7SIeP2PLNB5zFC3d7cKrvX+1uZUrDmTVN+wM3o3V0Fq2+5fj
eiVUMZ3m0VzKh8J09uN9XWsg2dq3JuTo/p5wG5MAd/sg8MN956fCRTULmP9W8Fc8
8TUhBpbUUmMfQnnJuS0fPOVlkvakqnc3fyh4o3oUBWgR0quEKfg9OUTejLE=
-----END CERTIFICATE-----