Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce1fb8ae-b11f-4d53-9264-87bf8f24c78a.roa
File:                     ce1fb8ae-b11f-4d53-9264-87bf8f24c78a.roa (raw, json)
Hash identifier:          U+gqiz7cWnzZx24Yte7qdrpkTb5qLqS74nzN1HR5xKg=
Subject key identifier:   27:E4:9F:BF:A0:8B:8E:F1:94:F7:B0:23:C5:25:21:D1:17:0F:B6:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4096880F533A51618EB47D0BE3F5601478B947
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce1fb8ae-b11f-4d53-9264-87bf8f24c78a.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        67.202.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:96:88:0f:53:3a:51:61:8e:b4:7d:0b:e3:f5:60:14:78:b9:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=c1a62695eb004de9949c4a000bee95e455e5c9abcd5c0963e560fd85d9cf7b5f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:44:e2:e6:5c:d5:bf:16:33:bd:ce:d8:6b:d1:
                    b2:69:3e:08:a2:e2:8d:9c:1e:a7:89:ed:60:5b:44:
                    6f:eb:eb:25:37:20:8a:2b:74:9a:be:14:5e:87:5a:
                    1f:e3:30:3e:1a:ba:8d:a1:51:36:13:db:8e:36:61:
                    3f:1c:f3:38:16:e8:20:59:a7:4c:a0:78:88:cd:03:
                    75:68:25:2d:ad:ef:16:39:06:d9:ec:06:64:d2:99:
                    2c:1d:4c:75:3a:b8:d8:0e:4f:4b:17:9f:b4:d1:19:
                    10:5c:69:f0:13:61:c9:12:10:ed:b4:74:c3:21:c1:
                    d2:e6:7d:12:0d:a8:25:5b:2f:b0:28:16:c1:52:c3:
                    3c:e7:a9:54:c6:ad:e9:2a:5d:15:ab:b8:87:fc:2d:
                    0b:e9:28:e1:b7:04:75:5e:d8:86:15:4d:5c:9d:98:
                    6c:e2:14:e2:02:ca:8d:2c:86:ad:1d:4f:8d:c6:fb:
                    51:02:21:c1:a5:75:02:91:b5:9f:e1:de:57:7f:34:
                    b1:70:07:b2:19:15:ef:e9:87:4b:34:d3:f8:b6:01:
                    a3:bf:f7:ff:08:4b:f4:85:f2:05:12:bd:dc:ec:74:
                    0f:a2:3f:16:56:5c:4d:49:8d:a4:d9:01:75:c5:54:
                    07:c0:4b:a1:65:ff:7c:6e:e2:20:9d:20:3d:28:c5:
                    c6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:E4:9F:BF:A0:8B:8E:F1:94:F7:B0:23:C5:25:21:D1:17:0F:B6:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce1fb8ae-b11f-4d53-9264-87bf8f24c78a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.202.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         04:8e:76:47:3e:6c:4b:91:26:d1:0d:c7:c8:5b:15:ad:bc:65:
         2e:35:76:6f:00:03:00:d1:27:27:47:3f:56:0e:cd:c0:d1:1b:
         31:59:f4:a9:84:87:38:d9:2a:81:ca:7c:e5:2c:84:96:05:ab:
         25:d0:f2:fa:09:69:77:54:d3:d7:46:84:d4:25:4c:16:53:1e:
         3d:a9:49:51:e0:82:cd:d9:00:e4:40:84:94:e0:ff:58:2a:1d:
         2e:5f:f7:ec:18:f9:04:61:72:a7:92:22:63:f4:ed:4f:46:42:
         ea:4c:16:48:dc:cd:11:90:0b:60:02:ba:6a:e0:21:56:43:4f:
         6c:d8:8c:4b:c6:56:4c:e0:a6:cc:f2:0d:c4:bd:49:7a:84:69:
         15:4b:59:b1:11:bc:e5:55:a3:53:3a:93:6c:9b:1c:d7:90:fe:
         70:c9:21:c2:a8:28:07:d6:bf:33:f0:ab:e7:71:55:9a:a8:ff:
         3b:c7:be:5a:5e:a3:33:ad:89:03:83:58:fa:02:0a:19:92:26:
         02:fc:da:df:e6:18:f6:d5:53:b3:59:6c:c5:85:e6:7e:c1:9a:
         d6:e2:08:c5:ee:35:57:18:29:a8:7b:73:c9:65:4c:63:65:ab:
         da:a1:49:43:83:46:6d:3c:58:55:e5:08:6b:f1:a2:6b:c4:ea:
         5f:b5:b0:7b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITQJaID1M6UWGOtH0L4/VgFHi5RzANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNDEyMDMwMDAwMDBaFw0yNTAxMDcyMzU5NTla
MHoxSTBHBgNVBAUTQGMxYTYyNjk1ZWIwMDRkZTk5NDljNGEwMDBiZWU5NWU0NTVl
NWM5YWJjZDVjMDk2M2U1NjBmZDg1ZDljZjdiNWYxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALtE4uZc1b8WM73O2GvRsmk+CKLijZwep4ntYFtEb+vrJTcg
iit0mr4UXodaH+MwPhq6jaFRNhPbjjZhPxzzOBboIFmnTKB4iM0DdWglLa3vFjkG
2ewGZNKZLB1MdTq42A5PSxeftNEZEFxp8BNhyRIQ7bR0wyHB0uZ9Eg2oJVsvsCgW
wVLDPOepVMat6SpdFau4h/wtC+ko4bcEdV7YhhVNXJ2YbOIU4gLKjSyGrR1Pjcb7
UQIhwaV1ApG1n+HeV380sXAHshkV7+mHSzTT+LYBo7/3/whL9IXyBRK93Ox0D6I/
FlZcTUmNpNkBdcVUB8BLoWX/fG7iIJ0gPSjFxoECAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBQn5J+/oIuO8ZT3sCPFJSHRFw+2ujAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvY2UxZmI4YWUtYjExZi00ZDUzLTkyNjQtODdiZjhmMjRjNzhhLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBkPKADANBgkqhkiG9w0BAQsFAAOCAQEABI52Rz5sS5Em0Q3HyFsVrbxlLjV2
bwADANEnJ0c/Vg7NwNEbMVn0qYSHONkqgcp85SyElgWrJdDy+glpd1TT10aE1CVM
FlMePalJUeCCzdkA5ECElOD/WCodLl/37Bj5BGFyp5IiY/TtT0ZC6kwWSNzNEZAL
YAK6auAhVkNPbNiMS8ZWTOCmzPINxL1JeoRpFUtZsRG85VWjUzqTbJsc15D+cMkh
wqgoB9a/M/Cr53FVmqj/O8e+Wl6jM62JA4NY+gIKGZImAvza3+YY9tVTs1lsxYXm
fsGa1uIIxe41VxgpqHtzyWVMY2Wr2qFJQ4NGbTxYVeUIa/Gia8TqX7Wwew==
-----END CERTIFICATE-----