Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d74dc542-b9a0-429d-8c3f-776d1a80f5f7.roa
File:                     d74dc542-b9a0-429d-8c3f-776d1a80f5f7.roa (raw, json)
Hash identifier:          t3zdwiQ5K7BtsWqvVioWRYE1G/iSRRvv9ti6Gh0dx/E=
Subject key identifier:   20:11:29:F2:F9:9E:65:B4:82:AC:E5:51:8A:4A:9C:71:B7:0A:FC:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       523B53C25C02A70C37E4EFE312FCEAAF8103CDB1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d74dc542-b9a0-429d-8c3f-776d1a80f5f7.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        66.165.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:3b:53:c2:5c:02:a7:0c:37:e4:ef:e3:12:fc:ea:af:81:03:cd:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=27e3154e6be92daf6384e9ad7ce402a76d9f2e54e3d8c1a5d0566fb1c0df02ce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ba:0b:71:3c:98:ed:14:ae:06:3b:cd:19:72:
                    58:de:91:a9:cb:80:5a:24:55:bf:1d:4e:78:0b:87:
                    ad:18:f7:0c:e8:d3:ee:82:ab:80:a3:12:d4:97:05:
                    2a:2e:59:4c:67:19:9f:13:4e:8f:69:87:26:02:a4:
                    28:e4:93:b2:80:73:af:0d:82:e8:91:42:19:5f:89:
                    81:06:e9:14:d2:d9:da:43:83:b6:49:b0:97:3c:6e:
                    48:89:b6:b2:96:6a:30:32:41:2c:be:6f:89:30:fa:
                    08:cc:2d:77:73:42:2d:0c:36:31:51:87:39:8b:d4:
                    c7:c1:04:8f:d8:92:09:0d:42:45:da:99:ed:91:1f:
                    85:78:f5:2b:0d:f3:16:ff:46:23:ed:ee:2f:ea:9e:
                    bc:e3:c4:ab:c7:f7:32:0e:58:43:80:81:e2:28:92:
                    15:0d:d2:41:a5:99:f1:4e:c9:49:73:9f:aa:99:89:
                    ef:79:38:01:58:fb:ee:41:fd:43:51:68:01:21:ba:
                    ff:d1:74:81:95:87:dc:ec:d2:5c:dd:34:76:2f:ae:
                    85:fa:d8:04:81:88:13:8f:c3:01:c6:b5:c9:a6:ab:
                    81:8f:5b:04:6b:2a:df:4d:01:39:50:dd:9b:06:9a:
                    27:ca:c5:58:e6:38:75:2c:c5:d4:a2:89:2e:ed:10:
                    81:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:11:29:F2:F9:9E:65:B4:82:AC:E5:51:8A:4A:9C:71:B7:0A:FC:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d74dc542-b9a0-429d-8c3f-776d1a80f5f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.165.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c8:d6:55:f3:49:56:2d:5e:fc:4b:b2:51:9c:d2:0a:d7:ca:d2:
         f7:d4:e3:aa:39:a2:66:6f:96:60:10:a8:e6:85:aa:e0:89:c3:
         15:78:75:a8:c0:a0:60:9b:fd:c6:7e:fe:ef:48:c0:94:11:a6:
         54:6f:64:a1:43:80:9d:ef:ff:0a:ae:b1:bd:e5:44:04:38:09:
         31:09:bc:18:3f:0a:67:ed:da:10:26:f9:f5:31:e6:cd:fd:e5:
         54:64:14:71:8c:93:89:6e:7b:d9:5a:c8:09:4d:5e:e6:b5:14:
         c5:f0:f1:6f:b7:f1:2a:10:f4:2d:ed:3a:d9:0f:fe:c3:67:15:
         f5:b0:4e:cd:78:ee:d9:14:1e:f3:d9:21:98:2c:a3:3c:a3:be:
         b2:9a:1d:53:a8:ed:f7:14:43:3c:78:32:00:17:8c:f7:85:33:
         07:a0:48:f6:2f:c9:c6:5e:db:d9:80:c5:da:a4:a3:6e:29:dd:
         a4:2c:a0:1f:b8:34:9e:d6:94:fc:04:68:5d:c6:7d:c7:fc:d7:
         dc:75:14:3c:2d:fc:20:c6:04:46:29:6f:bc:4f:f4:f7:52:4d:
         93:68:ea:21:70:49:16:c2:3f:ff:02:e1:8a:8b:74:f0:16:89:
         77:72:9a:b5:19:07:89:12:54:7d:a4:6e:37:03:be:ae:bb:3f:
         65:a8:8e:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUjtTwlwCpww35O/jEvzqr4EDzbEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyN2UzMTU0ZTZiZTkyZGFmNjM4NGU5YWQ3Y2U0MDJhNzZk
OWYyZTU0ZTNkOGMxYTVkMDU2NmZiMWMwZGYwMmNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5ugtxPJjtFK4GO80ZcljekanLgFokVb8dTngLh60Y9wzo
0+6Cq4CjEtSXBSouWUxnGZ8TTo9phyYCpCjkk7KAc68NguiRQhlfiYEG6RTS2dpD
g7ZJsJc8bkiJtrKWajAyQSy+b4kw+gjMLXdzQi0MNjFRhzmL1MfBBI/YkgkNQkXa
me2RH4V49SsN8xb/RiPt7i/qnrzjxKvH9zIOWEOAgeIokhUN0kGlmfFOyUlzn6qZ
ie95OAFY++5B/UNRaAEhuv/RdIGVh9zs0lzdNHYvroX62ASBiBOPwwHGtcmmq4GP
WwRrKt9NATlQ3ZsGmifKxVjmOHUsxdSiiS7tEIEfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIBEp8vmeZbSCrOVRikqccbcK/M4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3NGRjNTQyLWI5YTAtNDI5ZC04YzNmLTc3NmQxYTgwZjVmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZCpUAwDQYJKoZIhvcNAQELBQADggEBAMjWVfNJVi1e/EuyUZzSCtfK0vfU
46o5omZvlmAQqOaFquCJwxV4dajAoGCb/cZ+/u9IwJQRplRvZKFDgJ3v/wqusb3l
RAQ4CTEJvBg/Cmft2hAm+fUx5s395VRkFHGMk4lue9layAlNXua1FMXw8W+38SoQ
9C3tOtkP/sNnFfWwTs147tkUHvPZIZgsozyjvrKaHVOo7fcUQzx4MgAXjPeFMweg
SPYvycZe29mAxdqko24p3aQsoB+4NJ7WlPwEaF3Gfcf819x1FDwt/CDGBEYpb7xP
9PdSTZNo6iFwSRbCP/8C4YqLdPAWiXdymrUZB4kSVH2kbjcDvq67P2Wojpc=
-----END CERTIFICATE-----