Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb49774f-902f-4ee3-908c-01333b37acc3.roa
File:                     fb49774f-902f-4ee3-908c-01333b37acc3.roa (raw, json)
Hash identifier:          IWs5zyNNOAxNw7M3zDzl04k37h/lce+1l+D4lDaCBBc=
Subject key identifier:   64:74:B7:3B:C8:36:89:6A:33:E5:56:1C:26:55:39:D2:7C:42:84:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       761BA8F674018ED923E0D2BB724C6B983B4D81D1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb49774f-902f-4ee3-908c-01333b37acc3.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        64.187.128.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:1b:a8:f6:74:01:8e:d9:23:e0:d2:bb:72:4c:6b:98:3b:4d:81:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=323e7f0fdc729c937a2cfd2a4a2226525c82851d6ee97534adbc04c31f083efa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:1f:77:f1:a2:85:f1:ce:3e:45:6d:87:84:6a:
                    2b:6c:bf:fe:0e:00:7c:1c:8e:66:93:b6:f4:38:fc:
                    a1:fd:e5:dd:ef:5a:41:0c:b0:a7:17:95:76:db:00:
                    95:f9:07:9a:79:e4:b9:d4:5f:fc:75:a1:0e:f4:e6:
                    e0:f9:fd:9e:ec:df:5f:16:0f:ef:4d:60:3d:e7:0a:
                    88:04:70:1f:cd:ae:1d:ec:99:91:13:fc:5a:7f:35:
                    49:02:c7:78:ec:00:fd:ce:35:9f:66:71:a7:e7:c1:
                    64:00:aa:64:8e:0d:f5:5e:db:4f:d5:05:ac:da:d5:
                    ca:20:3e:e3:76:b2:97:a4:c1:e1:2d:b6:cf:1a:6e:
                    7c:25:6f:48:18:05:bd:75:8a:d2:f3:ee:2e:52:a0:
                    fb:72:a3:54:c1:09:61:1c:8f:75:2a:05:cc:16:0a:
                    ff:81:a1:d4:a2:e6:6c:74:43:82:ac:d5:a4:bd:1c:
                    de:9a:59:71:4f:f1:58:b4:c6:f3:8d:9b:29:0d:5d:
                    09:2c:93:f7:75:ef:ce:cf:a7:ae:01:ea:3e:a4:f1:
                    15:df:8e:49:1d:ad:3b:20:d7:7e:db:c6:29:b2:4e:
                    81:1a:ab:89:94:94:af:ac:04:26:cc:53:28:5a:8c:
                    00:9f:25:c1:d0:5e:a5:b3:3a:b7:12:22:01:d7:34:
                    d6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:74:B7:3B:C8:36:89:6A:33:E5:56:1C:26:55:39:D2:7C:42:84:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fb49774f-902f-4ee3-908c-01333b37acc3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.187.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6e:fc:f6:48:35:73:79:9a:a0:da:da:a5:99:1e:25:05:11:a7:
         1b:a1:32:9f:d3:ff:22:29:eb:1f:3e:6c:b9:ff:9a:55:f9:91:
         8f:fe:02:bb:7b:88:58:f3:c8:cf:ac:ca:2c:db:8d:f8:71:54:
         11:c4:a9:cb:49:72:f2:2e:e2:5b:a5:92:23:cc:ce:81:5b:3e:
         69:50:55:17:d5:ee:78:11:50:f0:b0:fa:59:fa:43:40:36:d7:
         ea:6c:1b:19:b2:b3:8d:8b:e9:b4:6e:3c:91:91:97:ea:74:68:
         bd:39:6d:ef:7e:af:2e:fd:98:70:39:ba:39:20:3f:76:14:20:
         29:92:76:71:49:b6:ef:5c:61:dc:12:24:9e:9f:1f:12:90:0d:
         2a:73:b1:77:7a:7f:41:c2:d4:bc:58:fc:ea:cb:27:5f:4b:3d:
         6b:ec:a5:6a:e4:da:58:15:86:b1:38:62:47:b2:3e:f9:06:33:
         d0:15:74:e8:84:b1:5a:63:80:4d:64:bb:4c:73:c8:ee:63:16:
         6e:69:90:67:c8:0d:3d:91:08:f2:d5:30:9d:1a:e0:58:60:ab:
         08:42:25:f5:53:44:06:2d:24:d9:1d:22:33:0f:09:66:fb:19:
         28:c9:74:75:16:36:19:c6:a0:b0:2d:20:36:c7:53:5e:64:83:
         04:e0:e5:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdhuo9nQBjtkj4NK7ckxrmDtNgdEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjNlN2YwZmRjNzI5YzkzN2EyY2ZkMmE0YTIyMjY1MjVj
ODI4NTFkNmVlOTc1MzRhZGJjMDRjMzFmMDgzZWZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJH3fxooXxzj5FbYeEaitsv/4OAHwcjmaTtvQ4/KH95d3v
WkEMsKcXlXbbAJX5B5p55LnUX/x1oQ705uD5/Z7s318WD+9NYD3nCogEcB/Nrh3s
mZET/Fp/NUkCx3jsAP3ONZ9mcafnwWQAqmSODfVe20/VBaza1cogPuN2spekweEt
ts8abnwlb0gYBb11itLz7i5SoPtyo1TBCWEcj3UqBcwWCv+BodSi5mx0Q4Ks1aS9
HN6aWXFP8Vi0xvONmykNXQksk/d1787Pp64B6j6k8RXfjkkdrTsg137bximyToEa
q4mUlK+sBCbMUyhajACfJcHQXqWzOrcSIgHXNNa7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZHS3O8g2iWoz5VYcJlU50nxChPEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiNDk3NzRmLTkwMmYtNGVlMy05MDhjLTAxMzMzYjM3YWNjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARAu4AwDQYJKoZIhvcNAQELBQADggEBAG789kg1c3maoNrapZkeJQURpxuh
Mp/T/yIp6x8+bLn/mlX5kY/+Art7iFjzyM+syizbjfhxVBHEqctJcvIu4lulkiPM
zoFbPmlQVRfV7ngRUPCw+ln6Q0A21+psGxmys42L6bRuPJGRl+p0aL05be9+ry79
mHA5ujkgP3YUICmSdnFJtu9cYdwSJJ6fHxKQDSpzsXd6f0HC1LxY/OrLJ19LPWvs
pWrk2lgVhrE4YkeyPvkGM9AVdOiEsVpjgE1ku0xzyO5jFm5pkGfIDT2RCPLVMJ0a
4FhgqwhCJfVTRAYtJNkdIjMPCWb7GSjJdHUWNhnGoLAtIDbHU15kgwTg5TM=
-----END CERTIFICATE-----