Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d24fc220-d780-4293-997d-460cda9fe020.roa
File:                     d24fc220-d780-4293-997d-460cda9fe020.roa (raw, json)
Hash identifier:          Ozgy2/dT8ow5UEmxIYR+jwAxlzEcS5/qP8Cmb8/0j7U=
Subject key identifier:   5A:96:CF:D7:E1:1B:7E:E1:BA:62:C1:3A:0D:2F:D1:CF:12:A8:6D:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       401D058A59B9B5D6E52E681321C20B55E70404CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d24fc220-d780-4293-997d-460cda9fe020.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.60.224.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:1d:05:8a:59:b9:b5:d6:e5:2e:68:13:21:c2:0b:55:e7:04:04:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=474d1e5d0a07194841cb37f045ec91828898d08c6182eb0cedd824bab7125823, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:67:5a:f7:e6:5c:f9:6b:85:8e:25:49:94:aa:
                    03:16:8b:89:57:46:2b:a0:69:7c:43:01:5f:99:29:
                    44:05:c1:84:53:2c:f6:3b:4c:43:8e:aa:be:b7:da:
                    43:2f:82:28:8b:9f:61:68:90:a6:b6:5e:f6:a7:38:
                    fe:01:9c:07:5c:63:bd:92:22:d3:ae:37:59:76:89:
                    b3:26:bb:8f:76:ca:f3:ef:30:f6:1f:ef:3e:42:a1:
                    4e:e4:cb:26:59:e9:80:92:65:6e:97:bb:af:05:21:
                    d2:52:65:22:a9:f0:6f:dc:15:39:5c:1a:f4:c2:d0:
                    ba:9c:27:fa:69:3b:e7:11:d9:51:bf:58:76:de:97:
                    eb:2f:91:bb:04:1a:dc:e4:db:89:93:70:bd:17:05:
                    3d:44:4f:1a:f1:5c:b8:43:0c:c5:8c:70:35:52:a9:
                    6c:ca:e7:98:5e:29:05:e5:fb:45:21:06:84:64:c3:
                    c0:85:04:23:ec:73:d2:4e:27:fc:ef:14:d9:58:1c:
                    64:cd:e7:e4:9b:61:81:96:db:e5:30:82:ca:15:80:
                    d5:f4:b1:70:7b:58:b2:d6:7b:34:2b:e7:fc:51:86:
                    3a:f0:1d:e8:12:a0:b1:eb:7d:94:d4:b7:20:32:31:
                    13:36:59:31:51:26:c6:0b:8f:58:53:91:54:6b:06:
                    55:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:96:CF:D7:E1:1B:7E:E1:BA:62:C1:3A:0D:2F:D1:CF:12:A8:6D:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d24fc220-d780-4293-997d-460cda9fe020.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:78:96:5f:46:16:98:5f:40:d2:83:d9:c1:7d:34:88:a6:37:
         e7:92:11:27:f4:db:b4:d0:f7:7a:55:62:28:70:93:c1:cf:f1:
         68:38:72:58:ab:7a:5f:ce:0a:ec:64:37:4c:b3:86:d2:7b:f9:
         1f:f6:79:75:01:f0:09:f7:04:41:b4:ff:32:93:8e:51:e3:97:
         c7:6d:09:24:ad:b5:6c:bb:6a:64:de:65:b1:43:e3:36:37:ce:
         d5:5c:3d:3f:c2:e2:0a:64:75:ae:24:36:ed:99:f1:7a:f2:b2:
         06:6b:20:8c:a1:bb:be:99:09:0e:2c:b5:f7:2d:46:f2:ac:db:
         8c:b2:52:64:ab:3c:5d:b4:ac:e5:f5:a9:7e:c3:93:47:c4:c3:
         0e:f3:38:e2:97:41:ed:77:ae:c8:cc:fb:c5:62:27:22:79:25:
         e6:6d:2c:13:1f:84:81:73:03:c1:49:af:8f:cd:eb:93:77:be:
         71:e4:41:82:1f:d9:5f:30:87:f7:42:3b:55:9e:e8:68:c6:d0:
         38:a5:f2:62:bb:60:51:c5:3f:93:ed:18:42:35:6c:51:04:72:
         8a:c9:e9:9d:d0:02:25:d6:ed:99:13:52:4a:05:20:7a:35:f4:
         64:c6:0a:fd:60:6c:55:4a:0e:f0:2d:1b:ab:29:0d:f6:27:e9:
         ea:b7:6f:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQB0Film5tdblLmgTIcILVecEBMowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzRkMWU1ZDBhMDcxOTQ4NDFjYjM3ZjA0NWVjOTE4Mjg4
OThkMDhjNjE4MmViMGNlZGQ4MjRiYWI3MTI1ODIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGZ1r35lz5a4WOJUmUqgMWi4lXRiugaXxDAV+ZKUQFwYRT
LPY7TEOOqr632kMvgiiLn2FokKa2XvanOP4BnAdcY72SItOuN1l2ibMmu492yvPv
MPYf7z5CoU7kyyZZ6YCSZW6Xu68FIdJSZSKp8G/cFTlcGvTC0LqcJ/ppO+cR2VG/
WHbel+svkbsEGtzk24mTcL0XBT1ETxrxXLhDDMWMcDVSqWzK55heKQXl+0UhBoRk
w8CFBCPsc9JOJ/zvFNlYHGTN5+SbYYGW2+UwgsoVgNX0sXB7WLLWezQr5/xRhjrw
HegSoLHrfZTUtyAyMRM2WTFRJsYLj1hTkVRrBlU9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWpbP1+EbfuG6YsE6DS/RzxKobWEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QyNGZjMjIwLWQ3ODAtNDI5My05OTdkLTQ2MGNkYTlmZTAyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPOAwDQYJKoZIhvcNAQELBQADggEBAAN4ll9GFphfQNKD2cF9NIimN+eS
ESf027TQ93pVYihwk8HP8Wg4clirel/OCuxkN0yzhtJ7+R/2eXUB8An3BEG0/zKT
jlHjl8dtCSSttWy7amTeZbFD4zY3ztVcPT/C4gpkda4kNu2Z8XrysgZrIIyhu76Z
CQ4stfctRvKs24yyUmSrPF20rOX1qX7Dk0fEww7zOOKXQe13rsjM+8ViJyJ5JeZt
LBMfhIFzA8FJr4/N65N3vnHkQYIf2V8wh/dCO1We6GjG0Dil8mK7YFHFP5PtGEI1
bFEEcorJ6Z3QAiXW7ZkTUkoFIHo19GTGCv1gbFVKDvAtG6spDfYn6eq3bzk=
-----END CERTIFICATE-----