Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbcd05ef-6828-4df8-aaab-6e15494581e6.roa
File:                     fbcd05ef-6828-4df8-aaab-6e15494581e6.roa (raw, json)
Hash identifier:          8Sz6geKH7CQHV4KXa92oY7r8xmwOCyyBXcN7fv4bJ1k=
Subject key identifier:   14:8D:A5:23:B4:AC:1F:4D:0D:A2:DC:5E:25:FE:3B:31:10:9A:E3:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       773428616A0F755BC13D1732C90C690AE7E8E5BC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbcd05ef-6828-4df8-aaab-6e15494581e6.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        57.91.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:34:28:61:6a:0f:75:5b:c1:3d:17:32:c9:0c:69:0a:e7:e8:e5:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=15cde23c8769dfdabc5efd5c2c04ff93bb279b083de16a628965a905f4442f87, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a2:a0:1a:3b:23:73:9e:66:84:52:8e:ce:36:
                    0c:72:13:09:4f:36:f0:50:31:3a:4a:50:a0:87:fa:
                    c9:8c:65:8b:9a:33:ed:63:a0:87:3f:bc:bf:f2:3b:
                    7b:a7:f1:37:14:60:84:2f:01:9e:e0:31:31:38:8c:
                    5c:2c:5b:4f:ab:90:5e:8e:9d:0c:9d:c8:60:e2:f1:
                    df:f4:83:87:b7:cc:01:25:bd:b1:39:0b:93:f9:79:
                    69:2b:88:3d:d2:b0:ff:99:a7:61:39:d0:c0:78:20:
                    67:85:51:e1:f4:61:9f:c1:26:c3:d9:a2:23:33:db:
                    57:50:7b:76:62:f6:3c:bc:84:4e:61:a2:0f:bc:13:
                    42:33:d8:31:7b:76:e4:04:b7:3a:49:67:54:ee:83:
                    07:cf:8f:48:f3:e8:68:e4:e3:a8:d7:6e:2f:1c:68:
                    8d:41:42:9c:9a:64:fb:f1:54:1a:91:fa:43:12:cf:
                    45:c5:5f:09:56:bd:4c:10:3c:6e:fc:6c:b3:2d:14:
                    55:41:05:51:22:bb:c6:d0:7c:02:b1:59:5b:c1:b1:
                    1e:c3:a5:e2:d0:96:a6:0c:3a:7d:13:91:2b:fb:bf:
                    8e:f4:17:35:cd:34:54:be:23:62:11:8c:52:da:55:
                    94:d5:10:09:5a:f4:67:2a:60:a2:85:25:66:d4:21:
                    2f:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8D:A5:23:B4:AC:1F:4D:0D:A2:DC:5E:25:FE:3B:31:10:9A:E3:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbcd05ef-6828-4df8-aaab-6e15494581e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.91.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         85:d9:e4:28:58:92:96:6e:7d:33:47:20:53:f6:c1:71:e1:52:
         77:3b:48:26:d5:6b:05:ea:87:74:b4:a8:8d:28:68:c2:37:ea:
         d8:13:a8:6a:35:cb:a3:38:67:bf:f8:ad:39:20:bd:d8:03:0c:
         b5:59:25:67:1b:41:2a:f2:90:ce:59:13:62:16:03:1c:e1:1c:
         7a:93:c1:9b:ea:6f:09:a7:0c:f1:7d:06:5d:7e:df:72:3a:b2:
         88:c9:ac:54:53:41:60:f3:f5:cc:32:19:a5:c1:99:50:b7:54:
         dd:f9:d3:42:8c:80:ff:aa:75:be:cd:69:38:2b:50:21:64:44:
         63:41:fe:b5:94:2b:6d:11:aa:37:8f:0c:43:28:5a:19:c8:6b:
         39:3a:cf:16:22:00:9c:84:50:b1:95:28:3c:ac:fb:7b:d6:97:
         3f:83:9d:4e:e5:24:b3:68:89:04:ab:46:27:6f:d6:a0:10:9f:
         0a:c7:1a:22:31:11:b7:4f:84:b7:2a:cd:65:36:1f:09:20:13:
         b7:0d:c2:d3:1e:6f:8f:b2:0a:14:3f:7a:c1:ee:f6:ec:fb:83:
         7b:cb:cc:1c:af:7f:c5:22:52:95:92:e9:af:e0:de:48:f2:0c:
         1c:32:bf:39:ae:82:65:15:1a:16:92:12:d5:2b:f2:69:29:38:
         7b:d7:c1:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdzQoYWoPdVvBPRcyyQxpCufo5bwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNWNkZTIzYzg3NjlkZmRhYmM1ZWZkNWMyYzA0ZmY5M2Ji
Mjc5YjA4M2RlMTZhNjI4OTY1YTkwNWY0NDQyZjg3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPoqAaOyNznmaEUo7ONgxyEwlPNvBQMTpKUKCH+smMZYua
M+1joIc/vL/yO3un8TcUYIQvAZ7gMTE4jFwsW0+rkF6OnQydyGDi8d/0g4e3zAEl
vbE5C5P5eWkriD3SsP+Zp2E50MB4IGeFUeH0YZ/BJsPZoiMz21dQe3Zi9jy8hE5h
og+8E0Iz2DF7duQEtzpJZ1TugwfPj0jz6Gjk46jXbi8caI1BQpyaZPvxVBqR+kMS
z0XFXwlWvUwQPG78bLMtFFVBBVEiu8bQfAKxWVvBsR7DpeLQlqYMOn0TkSv7v470
FzXNNFS+I2IRjFLaVZTVEAla9GcqYKKFJWbUIS/lAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFI2lI7SsH00NotxeJf47MRCa4yMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiY2QwNWVmLTY4MjgtNGRmOC1hYWFiLTZlMTU0OTQ1ODFlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5WzANBgkqhkiG9w0BAQsFAAOCAQEAhdnkKFiSlm59M0cgU/bBceFSdztI
JtVrBeqHdLSojShowjfq2BOoajXLozhnv/itOSC92AMMtVklZxtBKvKQzlkTYhYD
HOEcepPBm+pvCacM8X0GXX7fcjqyiMmsVFNBYPP1zDIZpcGZULdU3fnTQoyA/6p1
vs1pOCtQIWREY0H+tZQrbRGqN48MQyhaGchrOTrPFiIAnIRQsZUoPKz7e9aXP4Od
TuUks2iJBKtGJ2/WoBCfCscaIjERt0+EtyrNZTYfCSATtw3C0x5vj7IKFD96we72
7PuDe8vMHK9/xSJSlZLpr+DeSPIMHDK/Oa6CZRUaFpIS1SvyaSk4e9fBbg==
-----END CERTIFICATE-----