Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da065979-0c39-452a-877d-d25bf11c401c.roa
File:                     da065979-0c39-452a-877d-d25bf11c401c.roa (raw, json)
Hash identifier:          CL/MD7K6BMXdt7yZTglZWmXKDyXOl0jPEbL9ZLSE4P0=
Subject key identifier:   85:4D:87:47:8F:2A:5B:AA:F1:F8:92:FF:C6:63:B7:4C:9D:BA:44:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       109A53A4DDAE7632CC8711CCE9B908FE819606EF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da065979-0c39-452a-877d-d25bf11c401c.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        69.2.64.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9a:53:a4:dd:ae:76:32:cc:87:11:cc:e9:b9:08:fe:81:96:06:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=ecd295370dc9ac6053f293b4ce83d388750711ff6f9f070dc34a8181e1a7c763, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:47:08:e4:a8:05:b2:5e:4d:9f:41:6c:e6:71:
                    2f:25:9f:8d:e3:f1:64:07:90:91:2e:b2:8f:83:40:
                    bb:21:cc:31:eb:28:a5:2c:13:81:73:41:b4:c5:31:
                    8d:bc:aa:7b:1b:60:a8:bf:27:08:a3:2c:5d:28:15:
                    f4:85:f1:9b:f1:e3:e7:94:13:81:ec:5e:ad:c1:38:
                    c4:8c:0f:ef:fb:e1:1d:9c:5d:0a:78:53:5f:f2:2a:
                    ef:37:51:bd:a2:8d:33:32:b3:e3:6f:12:da:6c:26:
                    f9:f7:f6:e2:95:d2:c9:d1:f6:52:fd:cd:a0:ac:21:
                    84:b6:65:47:66:81:b9:c3:3e:dc:7b:0f:f7:f4:84:
                    34:eb:dd:fd:3c:eb:5e:20:c2:6f:c5:3f:c1:97:9e:
                    d4:9f:da:2f:79:de:5e:08:5d:47:ec:e1:a2:7e:2e:
                    a7:54:0f:59:2a:0f:7a:f7:10:a5:74:64:71:93:6c:
                    1e:5f:90:99:da:90:15:97:52:99:2a:b4:af:17:ba:
                    78:48:84:e6:c8:18:75:06:b6:69:87:08:23:73:4b:
                    8f:56:42:8b:92:9d:6e:3c:94:7e:2c:ae:8e:42:c8:
                    68:c3:2e:d2:58:fd:9f:1d:98:76:fa:70:fb:ef:de:
                    82:1f:83:be:ff:ab:24:fb:c1:4b:cc:a6:c7:3e:ce:
                    16:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:4D:87:47:8F:2A:5B:AA:F1:F8:92:FF:C6:63:B7:4C:9D:BA:44:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da065979-0c39-452a-877d-d25bf11c401c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.2.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         36:62:c8:e4:94:01:b1:35:0a:98:a1:62:2f:6b:f0:7d:7c:0d:
         65:1c:4e:1b:ad:a4:c2:84:f9:96:0e:b6:21:bc:00:ae:3f:d1:
         f4:07:36:6a:bf:aa:3a:85:b5:e1:62:50:15:ad:e5:7f:2a:ff:
         8c:a7:87:8d:c8:5c:73:f9:5c:fe:be:32:b1:e4:7c:43:e3:90:
         9f:e8:9a:71:f8:4f:c7:5d:69:ef:b7:17:d3:e0:27:d3:7f:b6:
         d0:79:88:da:c0:da:6a:a4:fd:f4:24:9c:f2:b2:a2:dd:c9:2a:
         80:e4:c4:e7:39:32:4a:78:4b:86:87:a2:c6:1e:70:4a:dd:b1:
         8d:51:73:ce:b6:22:39:40:de:f9:40:34:63:f4:65:28:03:a6:
         6f:ea:79:11:1f:6b:af:df:c9:97:1c:90:8a:f5:f4:7c:0d:51:
         98:be:fe:fe:35:60:1e:3a:6c:e3:a7:f8:da:dd:74:a0:80:07:
         b6:4a:32:cd:8f:c2:a4:5b:cc:b9:f9:a3:00:e2:67:d8:7a:a5:
         80:da:56:ea:a6:de:fb:b0:5b:22:5f:15:4c:46:a3:eb:46:8c:
         b8:68:38:b4:1f:68:0e:d0:22:04:2a:91:0e:7c:ff:5d:a0:51:
         9a:e3:da:97:df:a6:21:c5:7f:1e:69:0e:3f:97:9e:66:52:0c:
         f6:99:2e:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEJpTpN2udjLMhxHM6bkI/oGWBu8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlY2QyOTUzNzBkYzlhYzYwNTNmMjkzYjRjZTgzZDM4ODc1
MDcxMWZmNmY5ZjA3MGRjMzRhODE4MWUxYTdjNzYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0RwjkqAWyXk2fQWzmcS8ln43j8WQHkJEuso+DQLshzDHr
KKUsE4FzQbTFMY28qnsbYKi/JwijLF0oFfSF8Zvx4+eUE4HsXq3BOMSMD+/74R2c
XQp4U1/yKu83Ub2ijTMys+NvEtpsJvn39uKV0snR9lL9zaCsIYS2ZUdmgbnDPtx7
D/f0hDTr3f08614gwm/FP8GXntSf2i953l4IXUfs4aJ+LqdUD1kqD3r3EKV0ZHGT
bB5fkJnakBWXUpkqtK8XunhIhObIGHUGtmmHCCNzS49WQouSnW48lH4sro5CyGjD
LtJY/Z8dmHb6cPvv3oIfg77/qyT7wUvMpsc+zhahAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhU2HR48qW6rx+JL/xmO3TJ26RH8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhMDY1OTc5LTBjMzktNDUyYS04NzdkLWQyNWJmMTFjNDAxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVFAkAwDQYJKoZIhvcNAQELBQADggEBADZiyOSUAbE1CpihYi9r8H18DWUc
ThutpMKE+ZYOtiG8AK4/0fQHNmq/qjqFteFiUBWt5X8q/4ynh43IXHP5XP6+MrHk
fEPjkJ/omnH4T8ddae+3F9PgJ9N/ttB5iNrA2mqk/fQknPKyot3JKoDkxOc5Mkp4
S4aHosYecErdsY1Rc862IjlA3vlANGP0ZSgDpm/qeREfa6/fyZcckIr19HwNUZi+
/v41YB46bOOn+NrddKCAB7ZKMs2PwqRbzLn5owDiZ9h6pYDaVuqm3vuwWyJfFUxG
o+tGjLhoOLQfaA7QIgQqkQ58/12gUZrj2pffpiHFfx5pDj+XnmZSDPaZLns=
-----END CERTIFICATE-----