Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2bebc06-e8cf-4886-867e-e176aed5eef7.roa
File:                     e2bebc06-e8cf-4886-867e-e176aed5eef7.roa (raw, json)
Hash identifier:          LBkj66cLzEnvEtatiZGCMaH15zI97pxpQ2OrKN8dXSc=
Subject key identifier:   81:22:C1:B1:83:4A:2B:E1:21:E8:D4:06:C5:67:FD:A9:DB:2E:11:30
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09C488321FBE7C5EB290C1D2B1FAA0CAAAC30637
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2bebc06-e8cf-4886-867e-e176aed5eef7.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        64.91.192.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c4:88:32:1f:be:7c:5e:b2:90:c1:d2:b1:fa:a0:ca:aa:c3:06:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=8cdc28f0021473d4e05e62aa7fedd41c6e9a1d55e7ce4e1db3a7ccd1e8db218d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:4e:7d:03:7c:d6:4c:1f:6e:08:58:53:81:3f:
                    45:1c:a7:69:17:65:ae:d1:eb:c6:1e:c6:8a:3c:fd:
                    84:92:f3:59:c7:15:9e:74:20:52:85:57:56:d8:d3:
                    22:39:78:0e:11:e8:83:4d:29:b8:4e:57:1b:96:b0:
                    b0:95:85:a5:89:19:68:cf:2f:8e:3c:3e:2f:c9:5d:
                    28:27:53:e4:d2:21:0a:db:cc:9b:90:b6:89:53:7f:
                    be:69:54:a2:fa:43:d3:4a:f1:54:2f:ed:49:b2:06:
                    6d:e5:50:4e:c8:6d:27:a7:56:75:fb:0a:59:24:10:
                    92:13:79:b4:87:7c:f1:9a:8c:01:e4:54:06:3e:5d:
                    c9:14:75:60:ba:8b:94:e1:d7:ba:35:1b:ee:a2:90:
                    53:52:97:38:00:55:bc:fc:f2:b7:03:97:06:41:92:
                    ee:64:6f:84:ae:19:5b:49:65:5b:dd:f7:c2:56:5c:
                    b2:ba:aa:61:f7:c1:2e:36:0b:75:ca:71:56:3a:78:
                    c0:7c:8e:a0:2f:77:3a:e5:10:7d:29:8b:2e:d2:40:
                    f2:65:a2:20:2d:e1:da:17:f6:52:54:ff:1c:14:c0:
                    a6:39:67:fc:ea:68:39:89:10:f5:33:af:78:c9:26:
                    27:17:1a:76:e3:fd:85:bf:0c:79:1a:86:2e:ea:92:
                    80:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:22:C1:B1:83:4A:2B:E1:21:E8:D4:06:C5:67:FD:A9:DB:2E:11:30
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e2bebc06-e8cf-4886-867e-e176aed5eef7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.91.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0a:49:3c:93:8b:b7:0b:8f:15:e2:90:d1:83:f9:5c:a8:e2:d9:
         3e:64:bb:ac:d3:88:82:9f:f2:c7:34:98:ee:ef:41:85:10:98:
         03:90:e8:51:66:ab:70:ea:4e:96:a6:b8:6d:32:b2:f0:f2:96:
         6f:17:11:34:69:77:c9:cf:e2:fb:01:6a:78:ea:1f:bb:82:93:
         68:1c:aa:57:e3:bb:8f:e0:0e:a0:6e:b4:b8:9d:94:23:04:ea:
         32:2e:ce:a1:be:77:53:58:5a:e0:f7:15:26:9d:6c:1f:89:03:
         7b:d8:36:65:30:54:75:63:8c:70:de:f4:e5:88:46:f7:3f:c3:
         56:23:17:88:ee:94:86:5f:03:46:52:f3:e3:e9:23:ef:69:0a:
         1e:63:48:7f:1d:bb:46:39:8b:f1:d8:bb:68:6f:99:ce:95:1d:
         49:90:65:cf:72:8b:2a:dc:03:37:3f:e4:64:f5:52:7b:fe:a6:
         e4:09:b2:af:cf:5d:4d:02:86:7e:54:3c:86:c5:dd:7f:70:09:
         78:0c:c8:45:81:b8:e2:83:db:66:4d:07:bc:63:12:ea:ef:fe:
         53:85:7e:9a:b4:4f:ce:29:e8:07:7f:b7:60:45:d9:cd:49:04:
         0a:d0:42:2e:6f:eb:27:e3:23:9e:2b:bf:42:4e:c6:9d:d4:34:
         58:64:fd:2a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCcSIMh++fF6ykMHSsfqgyqrDBjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2RjMjhmMDAyMTQ3M2Q0ZTA1ZTYyYWE3ZmVkZDQxYzZl
OWExZDU1ZTdjZTRlMWRiM2E3Y2NkMWU4ZGIyMThkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5Tn0DfNZMH24IWFOBP0Ucp2kXZa7R68Yexoo8/YSS81nH
FZ50IFKFV1bY0yI5eA4R6INNKbhOVxuWsLCVhaWJGWjPL448Pi/JXSgnU+TSIQrb
zJuQtolTf75pVKL6Q9NK8VQv7UmyBm3lUE7IbSenVnX7ClkkEJITebSHfPGajAHk
VAY+XckUdWC6i5Th17o1G+6ikFNSlzgAVbz88rcDlwZBku5kb4SuGVtJZVvd98JW
XLK6qmH3wS42C3XKcVY6eMB8jqAvdzrlEH0piy7SQPJloiAt4doX9lJU/xwUwKY5
Z/zqaDmJEPUzr3jJJicXGnbj/YW/DHkahi7qkoCnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgSLBsYNKK+Eh6NQGxWf9qdsuETAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UyYmViYzA2LWU4Y2YtNDg4Ni04NjdlLWUxNzZhZWQ1ZWVmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVAW8AwDQYJKoZIhvcNAQELBQADggEBAApJPJOLtwuPFeKQ0YP5XKji2T5k
u6zTiIKf8sc0mO7vQYUQmAOQ6FFmq3DqTpamuG0ysvDylm8XETRpd8nP4vsBanjq
H7uCk2gcqlfju4/gDqButLidlCME6jIuzqG+d1NYWuD3FSadbB+JA3vYNmUwVHVj
jHDe9OWIRvc/w1YjF4julIZfA0ZS8+PpI+9pCh5jSH8du0Y5i/HYu2hvmc6VHUmQ
Zc9yiyrcAzc/5GT1Unv+puQJsq/PXU0Chn5UPIbF3X9wCXgMyEWBuOKD22ZNB7xj
Eurv/lOFfpq0T84p6Ad/t2BF2c1JBArQQi5v6yfjI54rv0JOxp3UNFhk/So=
-----END CERTIFICATE-----