Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb057842-e4b3-4bea-a28d-41f2d4ac96e3.roa
File:                     bb057842-e4b3-4bea-a28d-41f2d4ac96e3.roa (raw, json)
Hash identifier:          uwPIgDt8WvVOtBqM+ZbrOwL/Yd/eBzMFurwuQ5Bzt3Y=
Subject key identifier:   7D:CF:54:FA:85:48:28:F1:1D:EC:0D:2B:26:95:53:BC:BA:00:02:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5A1C0BA37024BC1E8FED010CE913637681761A15
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb057842-e4b3-4bea-a28d-41f2d4ac96e3.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        162.120.52.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:1c:0b:a3:70:24:bc:1e:8f:ed:01:0c:e9:13:63:76:81:76:1a:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=ff38f9c906e111896a5e4107bb5d2bac8484c9ad26ce132c534575761e392cf8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:bb:e3:e2:ca:6d:a6:df:bb:db:df:8c:3e:5a:
                    7a:10:44:5a:05:3c:28:5e:0b:0b:4a:3b:3b:d0:0b:
                    74:31:6f:76:10:12:80:84:f5:d0:ba:7f:f8:72:be:
                    93:eb:81:1c:12:16:cb:3c:93:a2:c3:af:94:55:65:
                    11:7d:6b:62:31:46:17:29:31:8b:f7:74:de:f3:c3:
                    44:45:1c:d7:c1:be:3a:08:ee:0f:2c:c7:26:80:f5:
                    1b:f6:70:dd:e7:ca:86:5d:ba:d9:6f:81:9e:f8:66:
                    f2:09:bf:f1:43:6b:dc:b0:43:0a:5c:d2:4f:0b:9d:
                    d8:1b:2f:c3:45:2d:a8:6e:f8:12:ea:51:ea:9a:8e:
                    61:31:de:e1:93:fc:0a:99:51:63:3d:13:36:34:fc:
                    ce:88:b1:ff:14:0c:f4:0b:2c:10:ef:01:79:16:45:
                    79:c7:3e:69:d0:4d:57:5d:73:b5:0a:8f:0e:12:18:
                    4f:48:ff:d0:8b:f2:b0:b0:a9:2c:48:8f:7c:a1:36:
                    5c:90:e5:d9:08:4e:6e:d3:bc:ae:76:13:1e:2d:74:
                    e3:6d:26:aa:cf:96:e2:32:63:00:7e:a4:55:ec:4c:
                    19:7c:b5:a9:4b:83:16:87:bf:78:22:a3:f1:f8:75:
                    78:3b:14:4c:d5:0d:6e:a3:2f:ca:0d:f4:88:05:03:
                    63:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CF:54:FA:85:48:28:F1:1D:EC:0D:2B:26:95:53:BC:BA:00:02:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb057842-e4b3-4bea-a28d-41f2d4ac96e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.120.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:01:1b:90:da:91:96:55:b0:6e:d2:bc:9f:f6:1f:1c:80:45:
         0b:0a:cf:fc:65:be:00:77:86:7b:4e:5e:7e:fc:49:21:57:38:
         66:10:1a:db:4f:51:19:53:c5:f2:0b:13:2f:8e:85:9f:42:eb:
         d6:0e:86:55:aa:08:75:45:3f:46:c5:21:71:a3:f3:62:5b:63:
         84:20:dd:2c:21:d5:65:90:ca:49:4e:e4:11:40:92:ae:52:04:
         7f:8d:51:4c:78:81:4f:86:d8:02:c8:f2:c6:4c:ff:7b:c7:09:
         15:b3:84:07:bb:76:bb:a9:1c:c4:ad:c4:2a:e7:86:4d:0d:4b:
         44:f1:ba:65:a9:b3:ca:72:98:a0:4a:be:d9:49:88:68:e8:4a:
         30:fc:47:36:8d:e0:5f:e8:a8:7f:22:2c:29:6b:cb:6a:c3:82:
         05:54:91:35:47:59:57:0f:ef:2e:66:a0:98:26:11:07:5e:79:
         ed:51:e4:aa:7f:24:40:ba:17:25:0a:40:b2:f1:e1:b1:76:4e:
         e4:40:da:ca:be:d0:96:29:91:a6:88:2d:1e:05:2f:d6:01:7f:
         77:64:00:9b:c7:e1:56:2b:25:e3:a3:5f:75:52:4b:e0:bd:7f:
         de:10:4e:3a:50:b8:57:e0:64:2f:ff:bd:f2:42:6c:13:48:ac:
         b8:cd:10:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWhwLo3AkvB6P7QEM6RNjdoF2GhUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjM4ZjljOTA2ZTExMTg5NmE1ZTQxMDdiYjVkMmJhYzg0
ODRjOWFkMjZjZTEzMmM1MzQ1NzU3NjFlMzkyY2Y4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIu+Piym2m37vb34w+WnoQRFoFPCheCwtKOzvQC3Qxb3YQ
EoCE9dC6f/hyvpPrgRwSFss8k6LDr5RVZRF9a2IxRhcpMYv3dN7zw0RFHNfBvjoI
7g8sxyaA9Rv2cN3nyoZdutlvgZ74ZvIJv/FDa9ywQwpc0k8LndgbL8NFLahu+BLq
UeqajmEx3uGT/AqZUWM9EzY0/M6Isf8UDPQLLBDvAXkWRXnHPmnQTVddc7UKjw4S
GE9I/9CL8rCwqSxIj3yhNlyQ5dkITm7TvK52Ex4tdONtJqrPluIyYwB+pFXsTBl8
talLgxaHv3gio/H4dXg7FEzVDW6jL8oN9IgFA2NxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUfc9U+oVIKPEd7A0rJpVTvLoAAs8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiMDU3ODQyLWU0YjMtNGJlYS1hMjhkLTQxZjJkNGFjOTZlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKieDQwDQYJKoZIhvcNAQELBQADggEBAH4BG5DakZZVsG7SvJ/2HxyARQsK
z/xlvgB3hntOXn78SSFXOGYQGttPURlTxfILEy+OhZ9C69YOhlWqCHVFP0bFIXGj
82JbY4Qg3Swh1WWQyklO5BFAkq5SBH+NUUx4gU+G2ALI8sZM/3vHCRWzhAe7drup
HMStxCrnhk0NS0TxumWps8pymKBKvtlJiGjoSjD8RzaN4F/oqH8iLClry2rDggVU
kTVHWVcP7y5moJgmEQdeee1R5Kp/JEC6FyUKQLLx4bF2TuRA2sq+0JYpkaaILR4F
L9YBf3dkAJvH4VYrJeOjX3VSS+C9f94QTjpQuFfgZC//vfJCbBNIrLjNENg=
-----END CERTIFICATE-----