Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da0f8372-94c3-46dc-84b1-7be408de4df2.roa
File:                     da0f8372-94c3-46dc-84b1-7be408de4df2.roa (raw, json)
Hash identifier:          wd3wJhUjwC/arcZVCyNuAwKZTbjCo09lHA7b+QAI5Yw=
Subject key identifier:   05:A5:71:7E:A9:0D:16:AC:1A:82:EF:87:52:76:E2:36:C8:7D:25:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31ABF6426815F96CF3C165C3004C71F56B5321A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da0f8372-94c3-46dc-84b1-7be408de4df2.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        64.73.192.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:ab:f6:42:68:15:f9:6c:f3:c1:65:c3:00:4c:71:f5:6b:53:21:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=c2cd209c356bb36b1154cfe52a1311cf07ba1f648474e1d3d355c9acb9542dc9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:be:2f:f9:8e:77:86:f8:36:e9:7c:c1:2b:6e:
                    9b:b8:7a:39:d1:4e:1a:fa:d3:c8:51:62:1c:25:ee:
                    63:26:c4:79:d9:32:f4:39:63:78:e3:92:b5:3a:62:
                    5f:eb:56:f5:69:a7:7f:4d:32:ad:a2:3e:d5:e4:4e:
                    aa:4e:9e:a8:51:4c:de:69:9d:35:18:a6:34:d2:65:
                    18:6f:04:e2:06:ce:66:0b:f5:31:9b:0b:e6:a9:0b:
                    17:f3:83:72:7b:10:1e:d4:48:81:52:95:81:c2:b6:
                    e7:12:e7:64:47:0d:10:13:16:8b:5e:2e:1c:6b:b9:
                    a7:8b:1f:67:1f:fd:1e:5f:9c:4f:b8:e7:96:27:d2:
                    59:f6:95:37:75:ec:9c:51:99:1b:3d:8c:51:c0:db:
                    35:07:0c:37:02:5f:45:5b:38:81:c4:34:3b:09:dd:
                    43:f4:6d:b8:da:11:c3:63:41:8a:94:fd:aa:60:76:
                    43:00:5a:de:04:42:37:19:e7:36:9b:e7:cd:63:6b:
                    6f:ca:48:44:40:5b:e0:98:98:07:6d:11:01:db:68:
                    86:fd:28:b9:1b:67:a5:74:c4:3c:bb:0c:43:c1:98:
                    a7:82:a6:3a:ec:9b:78:1f:13:56:ac:c2:05:20:16:
                    fe:77:8d:8f:97:05:ce:e8:52:ef:85:15:cd:0e:24:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A5:71:7E:A9:0D:16:AC:1A:82:EF:87:52:76:E2:36:C8:7D:25:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da0f8372-94c3-46dc-84b1-7be408de4df2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.73.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         27:f3:c6:97:41:97:52:9b:6d:bb:a3:9d:8e:5b:7d:8d:b4:d9:
         89:1e:0b:ff:b5:ce:c7:6f:6e:15:e3:cd:bb:a4:54:97:07:b3:
         04:48:1e:39:32:7d:46:ba:3c:1a:b0:fd:52:83:f4:3f:ec:8c:
         a9:eb:c6:de:f4:d4:d9:57:93:2b:19:18:4e:fd:0d:ea:1a:eb:
         64:80:c7:9e:d7:aa:57:bb:fe:9b:ed:d7:92:28:0e:b1:92:bd:
         6c:1d:d6:b7:46:b3:90:b4:54:e4:da:25:e6:44:49:0a:12:d7:
         bc:da:0b:c0:d5:2f:0b:99:0f:86:93:48:81:9a:00:8d:3e:61:
         d2:6c:c3:26:8e:c2:66:24:38:e0:a6:dd:3a:41:2d:89:f2:75:
         ad:d5:a2:b3:1c:f0:6e:c4:ea:8e:30:8c:f8:4f:0c:36:8e:a3:
         d3:94:e6:f0:99:3a:6c:40:d4:0c:00:90:e0:14:a6:e7:80:38:
         49:a6:11:8b:81:eb:9e:14:f4:50:d8:be:42:3b:4e:8f:a8:0b:
         f4:f1:89:3d:7b:d6:33:14:d4:81:70:71:39:6e:f4:a3:c5:3e:
         60:9b:89:46:74:41:eb:d0:f6:77:00:d6:2d:74:27:80:43:cf:
         1c:17:86:54:67:74:0b:ad:19:9c:15:b7:8d:e9:0a:8f:6c:b5:
         97:cb:92:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMav2QmgV+WzzwWXDAExx9WtTIaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMmNkMjA5YzM1NmJiMzZiMTE1NGNmZTUyYTEzMTFjZjA3
YmExZjY0ODQ3NGUxZDNkMzU1YzlhY2I5NTQyZGM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3vi/5jneG+DbpfMErbpu4ejnRThr608hRYhwl7mMmxHnZ
MvQ5Y3jjkrU6Yl/rVvVpp39NMq2iPtXkTqpOnqhRTN5pnTUYpjTSZRhvBOIGzmYL
9TGbC+apCxfzg3J7EB7USIFSlYHCtucS52RHDRATFoteLhxruaeLH2cf/R5fnE+4
55Yn0ln2lTd17JxRmRs9jFHA2zUHDDcCX0VbOIHENDsJ3UP0bbjaEcNjQYqU/apg
dkMAWt4EQjcZ5zab581ja2/KSERAW+CYmAdtEQHbaIb9KLkbZ6V0xDy7DEPBmKeC
pjrsm3gfE1aswgUgFv53jY+XBc7oUu+FFc0OJPZxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBaVxfqkNFqwagu+HUnbiNsh9JbgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhMGY4MzcyLTk0YzMtNDZkYy04NGIxLTdiZTQwOGRlNGRmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVAScAwDQYJKoZIhvcNAQELBQADggEBACfzxpdBl1KbbbujnY5bfY202Yke
C/+1zsdvbhXjzbukVJcHswRIHjkyfUa6PBqw/VKD9D/sjKnrxt701NlXkysZGE79
Deoa62SAx57Xqle7/pvt15IoDrGSvWwd1rdGs5C0VOTaJeZESQoS17zaC8DVLwuZ
D4aTSIGaAI0+YdJswyaOwmYkOOCm3TpBLYnyda3VorMc8G7E6o4wjPhPDDaOo9OU
5vCZOmxA1AwAkOAUpueAOEmmEYuB654U9FDYvkI7To+oC/TxiT171jMU1IFwcTlu
9KPFPmCbiUZ0QevQ9ncA1i10J4BDzxwXhlRndAutGZwVt43pCo9stZfLkn8=
-----END CERTIFICATE-----