Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0b85701-54b9-4918-946e-5f317c046f21.roa
File:                     d0b85701-54b9-4918-946e-5f317c046f21.roa (raw, json)
Hash identifier:          EiSH85Ek/ob8wOu83djeWmb4ed0RPapHWlsZFAkDt/Y=
Subject key identifier:   A3:AB:94:86:25:81:2F:86:AA:29:DB:BA:30:D1:4C:3B:BB:A4:B2:EF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6FF697B5C39E7DF94C2810A3A2AEEF1B88C148F6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0b85701-54b9-4918-946e-5f317c046f21.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        160.209.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:f6:97:b5:c3:9e:7d:f9:4c:28:10:a3:a2:ae:ef:1b:88:c1:48:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=3fac5a10213514d909bf8bcf3e53612626b01649b03694ef866d09f6894f36d5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:35:1a:29:02:19:5a:4a:87:c2:ec:c3:73:69:
                    54:5a:bc:e4:46:fa:d7:94:8e:b7:ad:4f:55:2f:6a:
                    3f:fa:d8:15:c3:65:1c:85:24:31:46:0d:2d:a9:bb:
                    2e:76:b7:ad:3a:83:09:64:6d:88:42:a0:ee:85:0b:
                    a5:98:0e:eb:13:e8:40:c0:c5:a0:fe:51:6d:26:65:
                    94:15:e1:99:7a:4e:8a:ba:59:7c:a8:01:af:68:fb:
                    e5:4b:72:63:b7:b3:a8:a7:b1:ad:7c:0d:8b:c1:65:
                    12:71:7c:70:d8:28:82:f9:d3:22:71:10:30:74:21:
                    54:81:ef:4d:1c:cf:72:b4:b1:92:e8:b0:b0:ee:09:
                    e7:e4:2d:59:79:7d:23:bb:2d:51:31:b6:c7:7f:bb:
                    db:95:11:9a:4b:64:12:4a:9d:3b:40:ea:0c:0a:e6:
                    a0:a0:66:0b:1d:73:37:8a:72:fa:5d:9c:2f:8c:16:
                    1d:5a:a4:fc:f6:83:f4:91:39:ea:25:48:17:16:16:
                    49:4e:a7:83:7c:ea:72:26:41:25:a8:dd:9a:f1:13:
                    51:c0:43:a2:02:6d:ba:4f:33:78:37:55:fc:8e:67:
                    d6:91:3b:84:8e:4d:a5:19:4e:4c:da:02:66:16:2f:
                    4f:93:9d:52:de:be:b4:0d:66:20:f1:1c:c6:18:2e:
                    e2:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:AB:94:86:25:81:2F:86:AA:29:DB:BA:30:D1:4C:3B:BB:A4:B2:EF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0b85701-54b9-4918-946e-5f317c046f21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.209.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:ca:69:c9:b6:e6:95:9d:84:52:62:40:7e:05:4b:7c:c3:f9:
         a8:05:72:27:a1:37:48:03:6d:97:5c:30:6c:5b:c2:8e:51:7c:
         94:c4:50:dd:10:b0:48:ef:85:34:ed:7f:2b:b2:ee:54:c3:24:
         c6:fa:b5:23:a2:da:70:90:93:2a:a5:bd:d1:41:4b:e0:ac:de:
         b8:95:c7:3e:5d:bd:38:04:dc:f8:e6:5f:fb:8b:cd:aa:fd:23:
         8d:de:b3:79:47:e8:fe:98:31:62:c3:60:7a:4e:0b:72:fd:e9:
         cc:a6:fa:72:ce:1f:45:c5:66:40:4a:3a:3d:24:ec:14:b6:5b:
         fb:ef:82:ce:1c:b0:5a:af:35:d4:b2:7b:b8:0b:75:b8:1d:17:
         bf:a4:45:04:04:02:40:53:e7:59:e0:24:4a:d1:a8:ea:0d:35:
         ea:e2:de:54:ff:99:22:35:dc:d4:1e:6f:05:c8:80:15:97:e8:
         c6:2b:e2:e8:84:41:67:db:47:58:67:5a:d2:7b:ba:ac:81:f4:
         c0:10:d6:c3:51:3d:6c:da:20:4b:2f:b0:c2:55:5c:e0:7d:cd:
         5f:28:f0:07:8f:80:06:b8:c7:ec:bf:29:01:22:c0:75:01:46:
         a7:14:e9:26:bf:ff:85:27:fe:4d:7b:0e:ca:63:72:0b:8c:15:
         f4:55:67:35
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUb/aXtcOefflMKBCjoq7vG4jBSPYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmFjNWExMDIxMzUxNGQ5MDliZjhiY2YzZTUzNjEyNjI2
YjAxNjQ5YjAzNjk0ZWY4NjZkMDlmNjg5NGYzNmQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPNRopAhlaSofC7MNzaVRavORG+teUjretT1Uvaj/62BXD
ZRyFJDFGDS2puy52t606gwlkbYhCoO6FC6WYDusT6EDAxaD+UW0mZZQV4Zl6Toq6
WXyoAa9o++VLcmO3s6insa18DYvBZRJxfHDYKIL50yJxEDB0IVSB700cz3K0sZLo
sLDuCefkLVl5fSO7LVExtsd/u9uVEZpLZBJKnTtA6gwK5qCgZgsdczeKcvpdnC+M
Fh1apPz2g/SROeolSBcWFklOp4N86nImQSWo3ZrxE1HAQ6ICbbpPM3g3VfyOZ9aR
O4SOTaUZTkzaAmYWL0+TnVLevrQNZiDxHMYYLuK9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUo6uUhiWBL4aqKdu6MNFMO7uksu8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwYjg1NzAxLTU0YjktNDkxOC05NDZlLTVmMzE3YzA0NmYyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCg0TANBgkqhkiG9w0BAQsFAAOCAQEAUcppybbmlZ2EUmJAfgVLfMP5qAVy
J6E3SANtl1wwbFvCjlF8lMRQ3RCwSO+FNO1/K7LuVMMkxvq1I6LacJCTKqW90UFL
4KzeuJXHPl29OATc+OZf+4vNqv0jjd6zeUfo/pgxYsNgek4Lcv3pzKb6cs4fRcVm
QEo6PSTsFLZb+++CzhywWq811LJ7uAt1uB0Xv6RFBAQCQFPnWeAkStGo6g016uLe
VP+ZIjXc1B5vBciAFZfoxivi6IRBZ9tHWGda0nu6rIH0wBDWw1E9bNogSy+wwlVc
4H3NXyjwB4+ABrjH7L8pASLAdQFGpxTpJr//hSf+TXsOymNyC4wV9FVnNQ==
-----END CERTIFICATE-----