Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9fe87566-7391-4a4d-9b05-2d20251c129f.roa
File:                     9fe87566-7391-4a4d-9b05-2d20251c129f.roa (raw, json)
Hash identifier:          XdmncvDNhEDnIQHjJ3gChJWMYZlMuv7XKq9A6Pk9qo0=
Subject key identifier:   FB:04:45:AC:16:55:62:CB:AB:25:1E:21:0E:45:D7:12:3C:BD:4A:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       299D86A537D0E3D956A36FEB0BDFFF06AF9327DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9fe87566-7391-4a4d-9b05-2d20251c129f.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.60.96.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:9d:86:a5:37:d0:e3:d9:56:a3:6f:eb:0b:df:ff:06:af:93:27:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: serialNumber=abae646d719185d86bff0c3951e417d59d070b69bd954e48129d29ec65e3679b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3b:46:e2:32:aa:f9:a0:b0:c2:bd:bb:b0:76:
                    c0:0c:86:f1:34:8f:4d:3c:c8:00:ad:c4:ff:08:41:
                    d6:1d:45:47:5c:b9:ba:cd:b9:56:7e:7f:7e:12:dd:
                    07:68:0b:32:9a:bf:e3:76:f6:19:9a:8c:81:92:ef:
                    d3:1c:a3:9a:8d:a2:54:a0:8b:14:db:e2:99:3a:bf:
                    c5:4c:55:2e:6d:64:8d:de:de:74:01:ef:d3:b5:60:
                    52:fa:15:7c:45:8b:7a:92:76:97:8e:b8:08:a5:7a:
                    fa:b0:fa:44:e5:b2:e7:a9:59:f9:2b:1b:a1:a3:0e:
                    d0:d4:91:be:78:2b:e4:23:38:48:c6:03:dc:cc:61:
                    c0:7f:2a:de:f2:53:27:1a:1e:29:f7:b5:ad:14:43:
                    e5:d6:5a:a3:a6:8a:d7:d7:2a:c3:1b:92:a4:f6:89:
                    c3:5c:22:03:6f:25:0b:7a:2d:4e:95:be:5c:cf:d8:
                    d1:5e:26:19:b8:19:7b:d1:fc:17:26:d5:59:e7:a7:
                    75:47:63:34:c7:f2:5f:88:88:9b:1f:19:bd:65:82:
                    90:96:27:4e:7f:54:37:cd:ac:40:70:a7:eb:d4:63:
                    9a:57:0d:85:ab:ec:b5:28:9f:8a:47:e1:98:08:14:
                    f6:4c:15:8c:93:e0:8a:04:1f:4c:0d:1f:e3:4b:aa:
                    95:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:04:45:AC:16:55:62:CB:AB:25:1E:21:0E:45:D7:12:3C:BD:4A:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9fe87566-7391-4a4d-9b05-2d20251c129f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:e7:ed:9b:d5:69:df:66:df:49:23:fa:28:ad:d7:b2:60:3a:
         44:7f:8a:3f:3c:3f:be:d7:26:c4:23:eb:49:43:d8:92:b0:43:
         fc:39:2a:53:45:d4:69:9d:6c:29:3e:ca:90:aa:e3:a1:62:db:
         fd:4c:89:8b:f4:31:a2:4b:07:31:3a:f4:b8:47:87:e1:c9:fc:
         c9:5c:33:7b:e2:26:14:76:33:9c:29:f7:34:10:62:f6:1c:3b:
         15:35:9a:be:b6:78:64:c6:e2:a0:e1:a9:37:52:ee:d7:73:e8:
         c2:12:b2:32:6d:45:9d:0a:e1:fc:13:38:78:88:96:67:0b:50:
         20:c5:9d:61:3c:70:fe:82:e1:d4:8a:6c:96:5f:cc:fd:64:f0:
         df:c2:de:b9:36:02:fa:c3:c2:dc:98:61:f8:f9:65:41:0f:97:
         f4:2b:62:3a:da:d0:59:20:b9:e2:75:21:e9:c5:e8:e6:23:52:
         fd:17:c9:6a:3e:a5:cc:79:e2:2a:cf:3d:12:54:9d:56:3a:25:
         46:80:15:ce:db:7f:35:15:c9:eb:7f:16:01:86:e1:e1:ca:a3:
         b0:d9:2f:d2:b5:33:4f:4e:33:87:de:4b:be:f8:da:23:6c:8b:
         8a:bc:d7:0d:7f:cf:4c:b3:14:34:ad:fa:dc:8a:18:59:16:b3:
         64:fc:9b:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKZ2GpTfQ49lWo2/rC9//Bq+TJ90wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYmFlNjQ2ZDcxOTE4NWQ4NmJmZjBjMzk1MWU0MTdkNTlk
MDcwYjY5YmQ5NTRlNDgxMjlkMjllYzY1ZTM2NzliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOO0biMqr5oLDCvbuwdsAMhvE0j008yACtxP8IQdYdRUdc
ubrNuVZ+f34S3QdoCzKav+N29hmajIGS79Mco5qNolSgixTb4pk6v8VMVS5tZI3e
3nQB79O1YFL6FXxFi3qSdpeOuAilevqw+kTlsuepWfkrG6GjDtDUkb54K+QjOEjG
A9zMYcB/Kt7yUycaHin3ta0UQ+XWWqOmitfXKsMbkqT2icNcIgNvJQt6LU6VvlzP
2NFeJhm4GXvR/Bcm1Vnnp3VHYzTH8l+IiJsfGb1lgpCWJ05/VDfNrEBwp+vUY5pX
DYWr7LUon4pH4ZgIFPZMFYyT4IoEH0wNH+NLqpU/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+wRFrBZVYsurJR4hDkXXEjy9SnUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmZTg3NTY2LTczOTEtNGE0ZC05YjA1LTJkMjAyNTFjMTI5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPGAwDQYJKoZIhvcNAQELBQADggEBAHzn7ZvVad9m30kj+iit17JgOkR/
ij88P77XJsQj60lD2JKwQ/w5KlNF1GmdbCk+ypCq46Fi2/1MiYv0MaJLBzE69LhH
h+HJ/MlcM3viJhR2M5wp9zQQYvYcOxU1mr62eGTG4qDhqTdS7tdz6MISsjJtRZ0K
4fwTOHiIlmcLUCDFnWE8cP6C4dSKbJZfzP1k8N/C3rk2AvrDwtyYYfj5ZUEPl/Qr
Yjra0FkgueJ1IenF6OYjUv0XyWo+pcx54irPPRJUnVY6JUaAFc7bfzUVyet/FgGG
4eHKo7DZL9K1M09OM4feS7742iNsi4q81w1/z0yzFDSt+tyKGFkWs2T8m2w=
-----END CERTIFICATE-----