Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc0b1545-3d15-488d-94f5-d68d40e3f602.roa
File:                     fc0b1545-3d15-488d-94f5-d68d40e3f602.roa (raw, json)
Hash identifier:          teOHrH3zo7NDCY9/VMlKXd+TNkW9JaCz58BYwV8p0Ow=
Subject key identifier:   B8:D9:FF:3F:50:04:4E:99:93:BD:F7:15:A4:F6:53:3D:14:1C:E8:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A928CFF9BC7A5C7A1A6FE20FD5074AACD0F077D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc0b1545-3d15-488d-94f5-d68d40e3f602.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        64.91.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:92:8c:ff:9b:c7:a5:c7:a1:a6:fe:20:fd:50:74:aa:cd:0f:07:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=502431fb996a5f11185ddcf901b6b14e91955c98307505a30365898739f02251, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:c9:2f:ff:b5:8c:32:58:7c:7f:67:7f:e3:
                    6e:64:5d:d9:6d:db:47:0e:c0:fb:14:ae:36:b9:96:
                    46:db:7d:ab:61:92:55:43:39:00:a8:6d:7d:2a:ed:
                    61:89:86:35:c2:77:94:28:14:18:51:3d:65:2a:c5:
                    57:39:53:87:9f:19:fc:0a:a1:21:8e:96:31:45:c8:
                    77:8f:af:e8:16:86:58:a7:35:c5:80:83:35:29:27:
                    a2:11:28:2a:9c:e2:18:b6:93:2f:a9:dc:c6:02:5d:
                    b5:7c:41:c5:67:01:7a:39:24:65:f8:15:dd:f8:71:
                    ac:73:12:94:79:c6:cb:d3:d6:f2:0c:04:c1:ea:88:
                    d9:0c:30:86:9a:44:06:33:6f:1d:f2:f7:fd:71:9e:
                    1d:c4:89:15:d0:2c:89:e9:61:14:1e:96:c7:6f:74:
                    22:4d:da:02:38:6a:85:d0:e7:44:7f:d5:14:49:e5:
                    c2:21:be:73:b7:2a:09:62:32:ab:6e:00:b0:75:2b:
                    20:8f:52:96:30:0e:e4:ca:77:42:19:0e:13:bd:a9:
                    a8:7e:18:a7:90:87:05:8d:58:a0:53:a2:7f:3b:42:
                    6d:f0:6e:60:b9:14:8b:9b:0d:9b:05:92:c6:42:5d:
                    a9:c6:71:fe:7d:89:16:82:26:ca:5c:c2:cd:b9:d6:
                    c3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:D9:FF:3F:50:04:4E:99:93:BD:F7:15:A4:F6:53:3D:14:1C:E8:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc0b1545-3d15-488d-94f5-d68d40e3f602.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.91.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         09:c4:e0:05:bf:f3:95:d1:0b:ce:9e:30:a8:3a:53:ff:7a:d4:
         60:91:a3:18:e6:90:24:4e:cc:d0:58:37:dc:6f:51:c4:b4:58:
         33:ec:c3:13:d0:da:b4:a3:54:50:91:46:e7:43:77:43:68:87:
         cf:24:da:f1:cb:68:38:a9:ba:93:f4:aa:42:d6:7c:aa:6a:29:
         a0:49:d1:47:b3:4e:2f:57:57:ed:b9:99:6a:58:06:56:58:61:
         5d:b9:02:09:d3:6d:d6:53:e0:2a:2c:0a:73:ba:cb:72:78:3a:
         87:d6:94:20:2b:05:fe:ca:a7:49:c7:0d:21:b9:7c:b0:9e:40:
         b1:1b:85:41:cd:8f:ca:a1:c6:d2:d2:f1:a8:74:04:cf:bb:59:
         0d:88:30:7a:c3:cf:cd:88:31:4c:dc:57:7f:e6:0c:90:51:21:
         f2:d8:97:95:a8:d0:f6:86:00:63:f3:b6:78:12:0a:32:53:1f:
         a8:5c:5b:f6:14:61:11:a3:01:55:d9:34:9e:09:f6:7c:22:14:
         fc:16:c9:7b:52:66:94:af:4d:48:b6:9b:e2:19:17:e5:c3:f7:
         1b:cb:c3:3b:ed:e6:c0:31:63:f7:3f:8f:00:20:1f:e1:40:47:
         eb:a4:8a:74:37:a0:f5:bd:79:89:79:67:b8:03:3b:c3:4d:65:
         13:e3:3c:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGpKM/5vHpcehpv4g/VB0qs0PB30wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDI0MzFmYjk5NmE1ZjExMTg1ZGRjZjkwMWI2YjE0ZTkx
OTU1Yzk4MzA3NTA1YTMwMzY1ODk4NzM5ZjAyMjUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs3skv/7WMMlh8f2d/425kXdlt20cOwPsUrja5lkbbfath
klVDOQCobX0q7WGJhjXCd5QoFBhRPWUqxVc5U4efGfwKoSGOljFFyHePr+gWhlin
NcWAgzUpJ6IRKCqc4hi2ky+p3MYCXbV8QcVnAXo5JGX4Fd34caxzEpR5xsvT1vIM
BMHqiNkMMIaaRAYzbx3y9/1xnh3EiRXQLInpYRQelsdvdCJN2gI4aoXQ50R/1RRJ
5cIhvnO3KgliMqtuALB1KyCPUpYwDuTKd0IZDhO9qah+GKeQhwWNWKBTon87Qm3w
bmC5FIubDZsFksZCXanGcf59iRaCJspcws251sMBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuNn/P1AETpmTvfcVpPZTPRQc6NcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjMGIxNTQ1LTNkMTUtNDg4ZC05NGY1LWQ2OGQ0MGUzZjYwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZAW4AwDQYJKoZIhvcNAQELBQADggEBAAnE4AW/85XRC86eMKg6U/961GCR
oxjmkCROzNBYN9xvUcS0WDPswxPQ2rSjVFCRRudDd0Noh88k2vHLaDipupP0qkLW
fKpqKaBJ0UezTi9XV+25mWpYBlZYYV25AgnTbdZT4CosCnO6y3J4OofWlCArBf7K
p0nHDSG5fLCeQLEbhUHNj8qhxtLS8ah0BM+7WQ2IMHrDz82IMUzcV3/mDJBRIfLY
l5Wo0PaGAGPztngSCjJTH6hcW/YUYRGjAVXZNJ4J9nwiFPwWyXtSZpSvTUi2m+IZ
F+XD9xvLwzvt5sAxY/c/jwAgH+FAR+ukinQ3oPW9eYl5Z7gDO8NNZRPjPN0=
-----END CERTIFICATE-----