Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0d3899c-68e1-480d-bf6d-f64904cfb45b.roa
File:                     a0d3899c-68e1-480d-bf6d-f64904cfb45b.roa (raw, json)
Hash identifier:          vIaAvVjaoQNWTD0TKTmnTRwDSQngG/9eTEOvbuveJ74=
Subject key identifier:   9A:2B:06:68:77:B0:79:97:C4:84:E9:48:93:6B:95:EC:83:AD:DA:6B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       269171642B4167E82CD295D4D4EF6C5DB02E62EF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0d3899c-68e1-480d-bf6d-f64904cfb45b.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        72.21.128.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:91:71:64:2b:41:67:e8:2c:d2:95:d4:d4:ef:6c:5d:b0:2e:62:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=85f249a9cc10dab68523c9d3b9b92a26f571110776fde630bd3b97e557368390, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e8:d9:ba:a6:58:a1:4c:d6:da:57:d9:fe:84:
                    51:0f:a9:15:b9:99:cd:b5:a2:78:bd:cc:51:f7:0c:
                    11:25:26:cc:84:15:c9:a9:de:76:80:69:0c:28:a7:
                    2f:c3:39:0c:ec:dc:87:ef:da:02:2e:bb:76:ce:ea:
                    c5:fa:38:75:05:0a:e8:a6:a5:50:dd:da:ae:13:f3:
                    10:e5:d8:31:71:d1:76:61:6a:d0:45:18:ea:16:32:
                    96:c3:d0:01:2b:41:b6:34:ae:af:ff:25:1e:42:e5:
                    30:dc:35:66:5e:ca:fa:ad:5e:e9:70:b7:24:4d:53:
                    07:d3:f0:bc:e1:42:cf:84:f9:66:ed:d4:6b:c4:07:
                    32:32:e2:4f:97:78:46:de:0a:6d:98:53:bd:dd:93:
                    82:0c:43:5a:b3:e0:5d:2b:75:c2:fc:9f:e2:93:3d:
                    90:cf:89:e8:dd:74:a4:12:85:41:a6:75:c9:9e:df:
                    7a:54:30:75:5f:3b:6a:0d:e0:89:dc:cd:3d:80:16:
                    84:0b:bc:c6:41:61:6d:be:4d:9d:3d:c0:2b:1a:a6:
                    82:33:87:12:3a:8c:15:65:1e:b7:fd:bb:f3:65:0b:
                    8b:dd:b7:c2:03:94:d3:9c:f5:66:48:5d:a7:74:b9:
                    d5:46:65:24:5e:58:b5:be:75:ae:ee:1d:51:9a:3b:
                    ed:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2B:06:68:77:B0:79:97:C4:84:E9:48:93:6B:95:EC:83:AD:DA:6B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0d3899c-68e1-480d-bf6d-f64904cfb45b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.21.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         6f:66:01:39:3f:f0:d9:a2:15:60:f6:37:5a:cc:28:65:eb:c1:
         04:0b:89:31:1a:6a:26:ad:5d:1c:b2:5d:7c:40:fd:46:2e:da:
         c0:07:99:43:fb:d5:a5:d1:23:dc:06:4e:2b:32:2e:dd:9f:bd:
         24:f3:a4:b2:85:b6:36:02:f0:da:53:5a:1d:f3:35:34:d1:7b:
         5a:17:62:8c:dc:30:2f:6d:df:90:6d:be:d8:4f:0a:67:d2:59:
         ff:c9:d3:66:d5:7b:16:68:5c:64:7e:1a:ec:aa:98:f1:d2:5e:
         5f:9e:53:83:34:05:30:3e:d0:97:51:d7:17:8f:7b:bc:35:ae:
         5a:df:97:a9:4d:6e:01:53:1d:05:ea:c8:31:b5:bf:6f:b1:30:
         56:d1:ef:c6:d4:86:14:48:bb:26:38:28:b1:5e:b4:94:d6:a4:
         ee:b3:f0:c3:b4:b3:7e:d2:10:19:ff:39:39:fc:70:a4:34:0d:
         1a:6f:b5:03:c3:cd:9f:eb:98:5d:f9:3a:0a:4d:96:86:e8:ce:
         8c:0b:ab:f1:fd:7d:d0:7f:53:29:85:47:31:ae:8f:f1:f8:84:
         43:16:d4:41:9a:b0:e9:49:c0:b7:3f:ad:e5:2e:1e:c5:a8:54:
         a1:bb:49:5a:74:04:f8:26:7b:4b:05:6f:94:11:ee:44:02:18:
         82:9d:61:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJpFxZCtBZ+gs0pXU1O9sXbAuYu8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NWYyNDlhOWNjMTBkYWI2ODUyM2M5ZDNiOWI5MmEyNmY1
NzExMTA3NzZmZGU2MzBiZDNiOTdlNTU3MzY4MzkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw6Nm6plihTNbaV9n+hFEPqRW5mc21oni9zFH3DBElJsyE
Fcmp3naAaQwopy/DOQzs3Ifv2gIuu3bO6sX6OHUFCuimpVDd2q4T8xDl2DFx0XZh
atBFGOoWMpbD0AErQbY0rq//JR5C5TDcNWZeyvqtXulwtyRNUwfT8LzhQs+E+Wbt
1GvEBzIy4k+XeEbeCm2YU73dk4IMQ1qz4F0rdcL8n+KTPZDPiejddKQShUGmdcme
33pUMHVfO2oN4InczT2AFoQLvMZBYW2+TZ09wCsapoIzhxI6jBVlHrf9u/NlC4vd
t8IDlNOc9WZIXad0udVGZSReWLW+da7uHVGaO+0zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmisGaHeweZfEhOlIk2uV7IOt2mswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EwZDM4OTljLTY4ZTEtNDgwZC1iZjZkLWY2NDkwNGNmYjQ1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVIFYAwDQYJKoZIhvcNAQELBQADggEBAG9mATk/8NmiFWD2N1rMKGXrwQQL
iTEaaiatXRyyXXxA/UYu2sAHmUP71aXRI9wGTisyLt2fvSTzpLKFtjYC8NpTWh3z
NTTRe1oXYozcMC9t35BtvthPCmfSWf/J02bVexZoXGR+GuyqmPHSXl+eU4M0BTA+
0JdR1xePe7w1rlrfl6lNbgFTHQXqyDG1v2+xMFbR78bUhhRIuyY4KLFetJTWpO6z
8MO0s37SEBn/OTn8cKQ0DRpvtQPDzZ/rmF35OgpNlobozowLq/H9fdB/UymFRzGu
j/H4hEMW1EGasOlJwLc/reUuHsWoVKG7SVp0BPgme0sFb5QR7kQCGIKdYUA=
-----END CERTIFICATE-----