Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af889b26-8d83-496e-82b3-12cfaef1a338.roa
File:                     af889b26-8d83-496e-82b3-12cfaef1a338.roa (raw, json)
Hash identifier:          2UAb8eu2mEzXYa5X0Auop4mcLB7ki5YDNs4gj2x3K3s=
Subject key identifier:   74:E0:95:B8:57:A9:7A:54:D2:90:84:34:B8:55:79:BA:F2:A7:16:70
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4800344A75C942B3A25F0D42BC4726449290E750
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af889b26-8d83-496e-82b3-12cfaef1a338.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        57.198.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:00:34:4a:75:c9:42:b3:a2:5f:0d:42:bc:47:26:44:92:90:e7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=dd732eed260e9f438c6135ae4fdbad338ed4c725cc85182696a26baa050cd623, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8c:d8:4b:39:13:b1:22:0c:cc:e9:ca:01:f0:
                    dc:e5:97:42:24:32:99:b5:75:c1:f5:d6:de:d7:ac:
                    8a:9d:ea:69:9f:64:d4:04:2e:f5:2e:f1:c3:26:bd:
                    af:33:27:6c:10:82:aa:a9:6f:dd:14:7c:28:c8:0f:
                    2b:52:b3:2a:68:3b:11:1c:3a:8a:d8:2c:69:46:6a:
                    95:1b:c9:65:c7:d7:2e:f7:98:a0:f8:5c:43:fe:f9:
                    cc:d2:46:7a:3f:a3:6b:c5:58:04:d0:dc:ec:cf:8a:
                    62:8e:89:33:18:47:10:1a:d2:28:c1:00:b3:c0:8f:
                    30:2f:de:95:fe:5e:60:6f:c4:11:5a:2c:e8:00:e1:
                    eb:be:c3:0d:31:96:66:65:02:a8:b1:44:16:e6:0c:
                    fe:67:42:64:d9:23:e0:a9:1f:0e:af:05:68:19:2a:
                    01:06:ce:13:63:2f:7a:9a:fd:e7:16:95:00:5b:3b:
                    20:3e:17:03:9d:4d:50:30:16:bb:53:11:d9:74:b6:
                    d7:28:c3:a4:f9:ea:60:0f:50:90:91:d5:c8:84:ed:
                    8d:65:f4:26:24:df:97:e8:d8:10:91:ea:8a:a0:ab:
                    9e:42:be:04:8e:9a:a0:84:8d:4b:49:b6:f4:dd:b7:
                    5f:e3:c2:73:f4:dd:31:33:11:5f:3c:e3:9d:0a:b4:
                    33:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E0:95:B8:57:A9:7A:54:D2:90:84:34:B8:55:79:BA:F2:A7:16:70
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/af889b26-8d83-496e-82b3-12cfaef1a338.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.198.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c5:0b:61:f8:f0:b2:6b:28:e5:58:00:e4:70:d0:7d:c1:27:50:
         b3:be:0b:44:2b:76:e0:86:d3:ed:92:5c:55:48:42:eb:d8:da:
         16:59:89:64:38:24:ea:f3:7a:bc:0e:a3:17:2c:69:3e:8c:c8:
         6e:16:69:01:b7:81:78:a9:bd:67:9c:4b:4f:70:c9:af:5e:08:
         98:63:7b:46:1b:9a:44:20:4e:00:69:c5:98:c6:16:2d:f6:ef:
         5e:6c:44:48:77:89:08:f9:14:37:4c:45:98:dd:92:b0:6d:42:
         7f:f1:98:8f:ce:b6:60:91:08:4f:3e:9d:3f:61:b3:02:34:98:
         ad:9e:06:5e:cf:8c:20:19:5e:a6:a4:b5:26:59:87:3e:5d:ee:
         cd:ff:f9:36:df:f3:e3:e0:11:5c:97:ca:18:38:11:d3:ac:16:
         a0:85:fb:cf:ce:31:2d:c2:8c:a0:16:42:86:10:0c:9a:24:32:
         e7:9a:7f:60:d1:ce:ef:32:91:36:84:09:60:d0:16:55:6c:ba:
         ea:27:cb:8a:ab:6e:60:ee:f2:e5:f1:f6:fc:bd:1f:b1:fe:a6:
         e5:f3:23:bc:b0:9e:f6:39:00:a7:e3:4c:a4:d1:55:09:2b:c0:
         ab:ed:51:6f:d2:fc:34:8c:44:b9:12:fa:19:43:94:52:55:c1:
         ea:ec:21:9e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSAA0SnXJQrOiXw1CvEcmRJKQ51AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDczMmVlZDI2MGU5ZjQzOGM2MTM1YWU0ZmRiYWQzMzhl
ZDRjNzI1Y2M4NTE4MjY5NmEyNmJhYTA1MGNkNjIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1jNhLOROxIgzM6coB8Nzll0IkMpm1dcH11t7XrIqd6mmf
ZNQELvUu8cMmva8zJ2wQgqqpb90UfCjIDytSsypoOxEcOorYLGlGapUbyWXH1y73
mKD4XEP++czSRno/o2vFWATQ3OzPimKOiTMYRxAa0ijBALPAjzAv3pX+XmBvxBFa
LOgA4eu+ww0xlmZlAqixRBbmDP5nQmTZI+CpHw6vBWgZKgEGzhNjL3qa/ecWlQBb
OyA+FwOdTVAwFrtTEdl0ttcow6T56mAPUJCR1ciE7Y1l9CYk35fo2BCR6oqgq55C
vgSOmqCEjUtJtvTdt1/jwnP03TEzEV88450KtDMlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdOCVuFepelTSkIQ0uFV5uvKnFnAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmODg5YjI2LThkODMtNDk2ZS04MmIzLTEyY2ZhZWYxYTMzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5xjANBgkqhkiG9w0BAQsFAAOCAQEAxQth+PCyayjlWADkcNB9wSdQs74L
RCt24IbT7ZJcVUhC69jaFlmJZDgk6vN6vA6jFyxpPozIbhZpAbeBeKm9Z5xLT3DJ
r14ImGN7RhuaRCBOAGnFmMYWLfbvXmxESHeJCPkUN0xFmN2SsG1Cf/GYj862YJEI
Tz6dP2GzAjSYrZ4GXs+MIBlepqS1JlmHPl3uzf/5Nt/z4+ARXJfKGDgR06wWoIX7
z84xLcKMoBZChhAMmiQy55p/YNHO7zKRNoQJYNAWVWy66ifLiqtuYO7y5fH2/L0f
sf6m5fMjvLCe9jkAp+NMpNFVCSvAq+1Rb9L8NIxEuRL6GUOUUlXB6uwhng==
-----END CERTIFICATE-----