Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cc33ca23-2bdf-4a84-bbda-84a13b753114.roa
File:                     cc33ca23-2bdf-4a84-bbda-84a13b753114.roa (raw, json)
Hash identifier:          odFVKpdlYL2E4cjR61mhwSkVgHi658tI7QhpsCTEBeI=
Subject key identifier:   AC:84:87:01:31:07:97:B9:52:BF:39:31:D7:2F:2E:31:CD:A8:B1:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FEA754C85EA735B9D9FC64CEFEED72258146C0A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cc33ca23-2bdf-4a84-bbda-84a13b753114.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        107.152.132.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ea:75:4c:85:ea:73:5b:9d:9f:c6:4c:ef:ee:d7:22:58:14:6c:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=db4742f8efb13e1f8d35d2e9d04dfc6aec4bb38fceffefc619698db82e71f6bb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:44:ef:c4:c9:c9:34:ed:ad:a4:27:81:66:cc:
                    cb:ad:db:6b:15:6a:f8:01:5c:7b:0f:7b:8f:74:15:
                    81:92:8b:0e:39:53:6b:f8:2f:8f:59:c3:a6:2e:9a:
                    48:08:8e:99:ee:af:01:5c:87:bb:10:8d:5b:a3:7d:
                    d7:d7:96:dd:73:02:34:16:fc:c2:cd:e5:18:6f:bf:
                    69:06:d7:41:b5:6f:0a:d5:74:8e:92:96:f6:53:c1:
                    d4:79:39:18:2e:74:2a:ab:2d:f6:c3:e2:c1:23:82:
                    3b:40:dd:18:e3:2e:cd:aa:94:02:a1:b9:55:13:9d:
                    1d:62:b0:59:74:56:eb:e5:67:9d:c8:cb:d0:43:6c:
                    4e:c1:b6:08:ce:55:47:d6:1d:6e:23:ac:48:8c:a5:
                    d0:06:07:ac:03:af:9f:39:09:15:48:a3:ed:eb:08:
                    97:8e:ad:2a:c6:5b:cc:1d:e9:9b:43:6e:84:19:19:
                    7d:3e:85:e9:71:e4:a1:ee:4a:cd:0d:c3:d8:68:8e:
                    4d:d6:c1:54:11:f4:1a:4a:d9:c3:87:d8:c4:2c:8c:
                    45:83:0e:da:be:ad:9b:cb:ed:34:0d:9b:c1:19:38:
                    9d:43:5f:a1:ff:25:12:2a:58:c6:ca:e1:c7:c2:bc:
                    e2:91:4d:d9:bc:68:1f:26:d8:59:9b:1c:04:7c:22:
                    51:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:84:87:01:31:07:97:B9:52:BF:39:31:D7:2F:2E:31:CD:A8:B1:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cc33ca23-2bdf-4a84-bbda-84a13b753114.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.152.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         62:58:3c:a1:89:cd:08:33:d0:9e:a4:6b:5f:0c:5a:9c:d2:dc:
         bb:83:08:df:d9:6c:6c:2b:2f:3f:cc:20:58:1b:5b:1e:c9:ad:
         ce:b4:0f:55:c5:70:e7:25:e2:72:74:fd:36:7e:94:d8:6f:d8:
         d8:d6:2b:2b:61:ee:a5:13:3e:ec:94:4d:06:07:cc:62:a0:eb:
         01:b8:71:85:25:01:bf:82:f4:7d:bb:00:d8:2a:dd:bb:74:33:
         de:2c:c4:3f:47:fe:d5:4c:99:7b:3f:90:c3:42:07:53:8f:47:
         bc:c9:b8:86:eb:ab:0c:f5:5c:f1:93:d3:83:29:a3:ed:8a:d7:
         bb:99:82:76:40:ac:45:1d:02:cc:9a:a3:31:45:5f:1c:46:19:
         1d:dc:20:d3:54:40:10:7f:31:21:00:62:40:d6:fc:af:bd:d9:
         04:a2:ac:4d:1e:d0:7f:74:d7:f0:28:fe:dd:69:f1:8a:d4:7f:
         12:33:22:67:ec:3f:e1:7a:a8:eb:9a:45:cc:35:27:28:5d:52:
         fa:6a:04:15:ba:e1:e1:d8:f6:a0:2f:9c:e7:60:21:41:5f:eb:
         08:48:e6:32:7f:fa:af:8b:22:0f:9e:ab:c1:00:c4:76:24:17:
         71:04:6d:6a:bc:c7:08:4e:7b:ca:5a:1e:05:86:21:d4:cd:00:
         26:b0:7d:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL+p1TIXqc1udn8ZM7+7XIlgUbAowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjQ3NDJmOGVmYjEzZTFmOGQzNWQyZTlkMDRkZmM2YWVj
NGJiMzhmY2VmZmVmYzYxOTY5OGRiODJlNzFmNmJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCNRO/Eyck07a2kJ4FmzMut22sVavgBXHsPe490FYGSiw45
U2v4L49Zw6YumkgIjpnurwFch7sQjVujfdfXlt1zAjQW/MLN5Rhvv2kG10G1bwrV
dI6SlvZTwdR5ORgudCqrLfbD4sEjgjtA3RjjLs2qlAKhuVUTnR1isFl0VuvlZ53I
y9BDbE7BtgjOVUfWHW4jrEiMpdAGB6wDr585CRVIo+3rCJeOrSrGW8wd6ZtDboQZ
GX0+helx5KHuSs0Nw9hojk3WwVQR9BpK2cOH2MQsjEWDDtq+rZvL7TQNm8EZOJ1D
X6H/JRIqWMbK4cfCvOKRTdm8aB8m2FmbHAR8IlEfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrISHATEHl7lSvzkx1y8uMc2osZQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NjMzNjYTIzLTJiZGYtNGE4NC1iYmRhLTg0YTEzYjc1MzExNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrmIQwDQYJKoZIhvcNAQELBQADggEBAGJYPKGJzQgz0J6ka18MWpzS3LuD
CN/ZbGwrLz/MIFgbWx7Jrc60D1XFcOcl4nJ0/TZ+lNhv2NjWKyth7qUTPuyUTQYH
zGKg6wG4cYUlAb+C9H27ANgq3bt0M94sxD9H/tVMmXs/kMNCB1OPR7zJuIbrqwz1
XPGT04Mpo+2K17uZgnZArEUdAsyaozFFXxxGGR3cINNUQBB/MSEAYkDW/K+92QSi
rE0e0H901/Ao/t1p8YrUfxIzImfsP+F6qOuaRcw1JyhdUvpqBBW64eHY9qAvnOdg
IUFf6whI5jJ/+q+LIg+eq8EAxHYkF3EEbWq8xwhOe8paHgWGIdTNACawfWI=
-----END CERTIFICATE-----