Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b67654c-85cf-471f-a1ef-0ab719d0e082.roa
File:                     9b67654c-85cf-471f-a1ef-0ab719d0e082.roa (raw, json)
Hash identifier:          fQbITADdJwfvlNur8mlPKFXBx4mMxNzniWlVq3rctLk=
Subject key identifier:   AA:C9:10:37:EC:E3:AB:FF:AE:A8:FA:AC:57:94:FA:E5:4F:CF:C5:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24A817AED66121CC61B1E5875DBF56A4F5857DB2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b67654c-85cf-471f-a1ef-0ab719d0e082.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        15.240.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:a8:17:ae:d6:61:21:cc:61:b1:e5:87:5d:bf:56:a4:f5:85:7d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=05660da00f7ed1c30793d6087905cea220eaa7cf0c175749133b6c427bfbc697, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:42:dd:20:9f:cf:63:01:e0:3a:ce:10:f7:72:
                    9c:b0:bb:88:4a:50:dc:50:6d:2f:13:cd:bb:d0:26:
                    2c:f9:c9:26:f3:c5:4e:86:87:f2:df:02:e9:16:72:
                    76:43:3a:ef:a8:71:0f:5a:3c:36:dd:f3:c8:6f:22:
                    b6:b0:1c:c2:62:35:36:1d:a9:ec:8d:62:04:44:a5:
                    48:7b:4c:ae:c0:91:ec:d9:d8:75:3b:82:7e:25:cb:
                    39:c9:22:d8:fa:ef:d1:98:6f:e9:15:61:44:3d:5d:
                    37:08:ec:70:e6:63:56:81:15:c8:e0:91:6b:2a:82:
                    57:af:2b:2c:fe:82:6c:7e:32:6b:cf:40:7b:ef:de:
                    3d:f7:67:1c:28:2a:fe:d2:fd:f7:45:97:be:b5:3b:
                    89:6e:b0:2e:5d:d6:a0:0c:f9:1d:41:14:39:1e:ef:
                    64:0a:0b:04:7b:aa:29:10:d7:93:9e:fd:c3:98:24:
                    3e:53:20:5d:a6:5f:d2:1d:c3:9d:bb:03:04:1e:9a:
                    4e:2f:8c:71:dc:ce:8c:89:ea:c7:20:e7:7b:35:0a:
                    25:65:96:f4:4c:f4:84:a3:3a:dd:f6:c3:27:af:6e:
                    fc:8d:d9:11:18:db:9b:8b:25:c0:a4:73:53:e1:c3:
                    1c:cd:7f:46:f4:40:42:da:ec:e5:70:b0:1a:0a:6e:
                    b8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C9:10:37:EC:E3:AB:FF:AE:A8:FA:AC:57:94:FA:E5:4F:CF:C5:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9b67654c-85cf-471f-a1ef-0ab719d0e082.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.240.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b3:dd:99:c4:aa:e8:8b:ae:ea:03:9f:d7:d1:26:ba:9f:6c:e2:
         51:62:23:00:0d:a8:86:41:f7:6c:5b:29:a3:cb:ce:98:7f:56:
         8a:02:14:fd:4d:ae:1b:9e:23:0e:b3:1b:b7:e8:e5:3b:40:a7:
         86:1f:83:7b:90:9f:e4:59:40:35:e3:00:ec:7f:5b:55:f3:2c:
         a1:f3:22:0a:90:3f:1d:85:c1:77:01:4c:83:aa:4d:0d:28:09:
         e5:64:9a:96:db:51:6c:a9:5f:bc:51:9b:1f:98:56:cd:b5:e2:
         bb:86:3a:b9:dd:3a:f2:cd:9d:74:46:3e:03:1c:ee:53:7b:68:
         43:c2:5b:75:09:f6:3b:ee:af:c2:37:a7:69:27:29:82:73:b3:
         cb:11:dd:65:5f:c9:93:eb:81:8f:8b:e1:ea:0c:b5:07:ad:a4:
         d4:4b:5e:27:e2:68:af:9f:bb:c7:0c:3c:b0:89:1a:c0:20:85:
         e0:84:5a:d5:95:80:d1:24:7e:b2:96:5a:6c:9f:92:70:d2:84:
         20:e8:8f:55:1e:be:99:84:0a:e3:39:6a:1f:a9:83:7d:df:41:
         7f:ff:cd:5a:d7:1a:6e:0e:4f:21:31:7b:04:d4:53:f3:ac:ed:
         75:ed:e0:cc:15:76:c2:8d:9a:09:54:2a:e8:33:90:c2:72:28:
         61:7c:51:e4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJKgXrtZhIcxhseWHXb9WpPWFfbIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTY2MGRhMDBmN2VkMWMzMDc5M2Q2MDg3OTA1Y2VhMjIw
ZWFhN2NmMGMxNzU3NDkxMzNiNmM0MjdiZmJjNjk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtQt0gn89jAeA6zhD3cpywu4hKUNxQbS8TzbvQJiz5ySbz
xU6Gh/LfAukWcnZDOu+ocQ9aPDbd88hvIrawHMJiNTYdqeyNYgREpUh7TK7AkezZ
2HU7gn4lyznJItj679GYb+kVYUQ9XTcI7HDmY1aBFcjgkWsqglevKyz+gmx+MmvP
QHvv3j33ZxwoKv7S/fdFl761O4lusC5d1qAM+R1BFDke72QKCwR7qikQ15Oe/cOY
JD5TIF2mX9Idw527AwQemk4vjHHczoyJ6scg53s1CiVllvRM9ISjOt32wyevbvyN
2REY25uLJcCkc1PhwxzNf0b0QELa7OVwsBoKbrj7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqskQN+zjq/+uqPqsV5T65U/PxewwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliNjc2NTRjLTg1Y2YtNDcxZi1hMWVmLTBhYjcxOWQwZTA4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP8DANBgkqhkiG9w0BAQsFAAOCAQEAs92ZxKroi67qA5/X0Sa6n2ziUWIj
AA2ohkH3bFspo8vOmH9WigIU/U2uG54jDrMbt+jlO0Cnhh+De5Cf5FlANeMA7H9b
VfMsofMiCpA/HYXBdwFMg6pNDSgJ5WSalttRbKlfvFGbH5hWzbXiu4Y6ud068s2d
dEY+AxzuU3toQ8JbdQn2O+6vwjenaScpgnOzyxHdZV/Jk+uBj4vh6gy1B62k1Ete
J+Jor5+7xww8sIkawCCF4IRa1ZWA0SR+spZabJ+ScNKEIOiPVR6+mYQK4zlqH6mD
fd9Bf//NWtcabg5PITF7BNRT86ztde3gzBV2wo2aCVQq6DOQwnIoYXxR5A==
-----END CERTIFICATE-----