Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb056361-7fb7-4756-820e-72652caad6c4.roa
File:                     bb056361-7fb7-4756-820e-72652caad6c4.roa (raw, json)
Hash identifier:          KcE3TWXYa3UywMKlHy239AaA9r9mlpCuSYhakdPBeRU=
Subject key identifier:   92:C6:C5:C6:C4:F6:D0:D0:D8:47:5F:52:E0:18:26:DC:D9:35:1C:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57F81F2A64509133F014BECE65ABF4E51E4BB991
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb056361-7fb7-4756-820e-72652caad6c4.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        143.191.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f8:1f:2a:64:50:91:33:f0:14:be:ce:65:ab:f4:e5:1e:4b:b9:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=978b93075235d741c4e940c59e2723e253576d38164cb73c89fced011a2dd735, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e6:35:ff:5f:32:d6:11:43:78:d6:16:96:63:
                    51:ae:bc:68:fb:56:5b:d7:b0:8b:f6:aa:45:f7:ae:
                    cb:ef:d3:1c:12:f1:8b:4a:28:ea:04:ff:0b:f4:09:
                    5d:e0:92:c4:b2:53:b7:fc:95:0a:e5:fa:c9:f3:5b:
                    ac:52:46:4d:0b:63:8b:f0:2d:67:bd:6c:f4:5f:c6:
                    2e:b7:7e:9b:57:59:1a:7c:6a:9b:fb:02:3e:78:60:
                    0b:c6:c8:f0:ff:86:00:09:90:5f:aa:4c:05:d2:70:
                    5e:de:30:a7:d5:d2:0b:e1:99:60:14:ba:2e:12:19:
                    e1:46:13:fb:ae:12:32:88:43:9f:d1:be:e8:58:89:
                    e0:bc:3f:35:2f:f1:b0:65:67:28:11:cd:08:2f:88:
                    48:fa:c1:5b:ec:73:b4:8e:84:58:59:24:3e:cf:9d:
                    aa:70:0d:18:64:1b:2a:5d:d0:71:82:23:2d:77:f2:
                    58:ac:89:3a:54:d9:e7:2d:b6:51:dd:65:4b:f2:db:
                    d8:a7:43:2f:11:d6:7a:5e:4c:8a:0d:ef:ce:66:df:
                    95:0f:63:bc:30:9d:5f:aa:45:9b:12:ec:b3:f5:ec:
                    0a:dc:31:45:80:d7:06:4b:4b:9f:34:68:9e:95:0b:
                    de:93:e8:d5:68:3d:29:a7:b7:2d:e3:cd:72:e2:26:
                    d3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C6:C5:C6:C4:F6:D0:D0:D8:47:5F:52:E0:18:26:DC:D9:35:1C:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb056361-7fb7-4756-820e-72652caad6c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.191.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         40:b4:ab:d5:25:d0:52:b3:06:82:fa:8b:12:06:a3:94:95:6f:
         65:29:fa:6e:44:46:f2:f9:dc:43:93:2a:30:d6:f8:40:b9:40:
         8b:fc:b2:61:13:52:be:b8:a4:64:34:aa:1f:b2:22:5e:8a:cb:
         ee:1d:eb:5b:44:4a:c3:63:cd:f9:61:43:6f:ed:9e:cb:33:a3:
         9b:0e:8c:58:67:89:20:ee:c8:1d:cd:72:e7:a2:54:6f:46:f4:
         4b:fa:3b:9f:54:d5:a5:7b:16:3d:02:8e:4d:d0:0a:6b:bc:34:
         3a:72:8a:bc:be:aa:5c:0c:da:42:22:a5:68:f2:0a:d1:0b:1f:
         08:71:66:12:1d:b4:92:98:e9:d2:23:a9:32:e5:1e:e1:13:2f:
         d2:60:9d:83:17:f7:32:f6:64:3b:51:04:a8:da:c7:eb:c5:aa:
         c4:1f:a5:e1:5d:cc:a5:cb:9c:b3:0b:26:8c:b5:ad:6b:f6:7d:
         bb:d8:55:39:39:e4:40:87:ee:cd:ac:56:fd:44:39:5a:7d:84:
         a3:57:2a:cf:6e:f3:9b:3b:85:90:b9:6b:1c:4c:9d:dc:9b:dc:
         1c:3c:90:d6:7a:08:6c:97:ff:d9:90:e7:b0:37:cd:91:67:b5:
         3e:55:d1:c1:54:b0:9f:1c:39:2e:87:f7:4a:c5:23:99:48:38:
         da:b4:f7:00
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUV/gfKmRQkTPwFL7OZav05R5LuZEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzhiOTMwNzUyMzVkNzQxYzRlOTQwYzU5ZTI3MjNlMjUz
NTc2ZDM4MTY0Y2I3M2M4OWZjZWQwMTFhMmRkNzM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC95jX/XzLWEUN41haWY1GuvGj7VlvXsIv2qkX3rsvv0xwS
8YtKKOoE/wv0CV3gksSyU7f8lQrl+snzW6xSRk0LY4vwLWe9bPRfxi63fptXWRp8
apv7Aj54YAvGyPD/hgAJkF+qTAXScF7eMKfV0gvhmWAUui4SGeFGE/uuEjKIQ5/R
vuhYieC8PzUv8bBlZygRzQgviEj6wVvsc7SOhFhZJD7PnapwDRhkGypd0HGCIy13
8lisiTpU2ecttlHdZUvy29inQy8R1npeTIoN785m35UPY7wwnV+qRZsS7LP17Arc
MUWA1wZLS580aJ6VC96T6NVoPSmnty3jzXLiJtM1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUksbFxsT20NDYR19S4Bgm3Nk1HPowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiMDU2MzYxLTdmYjctNDc1Ni04MjBlLTcyNjUyY2FhZDZjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCPvzANBgkqhkiG9w0BAQsFAAOCAQEAQLSr1SXQUrMGgvqLEgajlJVvZSn6
bkRG8vncQ5MqMNb4QLlAi/yyYRNSvrikZDSqH7IiXorL7h3rW0RKw2PN+WFDb+2e
yzOjmw6MWGeJIO7IHc1y56JUb0b0S/o7n1TVpXsWPQKOTdAKa7w0OnKKvL6qXAza
QiKlaPIK0QsfCHFmEh20kpjp0iOpMuUe4RMv0mCdgxf3MvZkO1EEqNrH68WqxB+l
4V3MpcucswsmjLWta/Z9u9hVOTnkQIfuzaxW/UQ5Wn2Eo1cqz27zmzuFkLlrHEyd
3JvcHDyQ1noIbJf/2ZDnsDfNkWe1PlXRwVSwnxw5Lof3SsUjmUg42rT3AA==
-----END CERTIFICATE-----