Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc8ac674-f789-44ae-ab29-ca7b6b740da7.roa
File:                     fc8ac674-f789-44ae-ab29-ca7b6b740da7.roa (raw, json)
Hash identifier:          vN+XKdP2oXiqVZE15OwGXE7Ir9hpZGvnKc90qm9oCCA=
Subject key identifier:   16:D3:D6:73:1E:51:31:58:CA:67:1A:70:56:DF:E6:0E:3B:29:B6:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       541EAA90759AEDBAC0AE8F81753293A6367C295E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc8ac674-f789-44ae-ab29-ca7b6b740da7.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        71.141.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:1e:aa:90:75:9a:ed:ba:c0:ae:8f:81:75:32:93:a6:36:7c:29:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=c40b7baad8f7b2eed9109766aef66732e4c49f9bd6d68d0810b23cfef6208e19, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e0:85:a0:eb:11:ef:f4:c7:ea:37:d9:d8:3b:
                    28:8a:87:2c:87:29:55:c8:87:b3:71:3e:68:df:a3:
                    78:0b:51:88:eb:36:9d:eb:8b:83:36:31:6d:f8:62:
                    0d:a7:f4:70:16:87:93:6b:5f:3a:7e:b7:82:0b:54:
                    61:1b:87:df:fe:54:6f:5a:b3:f2:05:c5:9d:51:96:
                    65:2d:ef:f7:ae:12:17:e6:b4:fe:e5:4a:16:01:f6:
                    55:bd:fd:0e:40:06:ed:65:29:97:60:7b:ea:ec:95:
                    5b:23:31:d3:c6:08:fd:98:c0:23:13:6f:95:6f:e2:
                    22:53:0b:ee:3c:df:0b:90:3d:8c:9e:c3:32:30:a1:
                    58:fc:55:47:d4:80:68:12:59:9a:45:98:27:7a:0d:
                    65:8d:0b:c3:b9:1d:10:d6:89:d2:37:7c:9d:15:1a:
                    d3:ee:b0:53:b8:7c:13:71:f8:c3:70:30:1b:71:62:
                    4c:3c:bb:16:31:dd:ee:fe:f2:e7:a3:99:33:7f:5e:
                    50:7d:59:17:cc:28:0b:da:16:61:f5:fb:70:68:1a:
                    08:bd:a4:16:94:e4:9f:34:84:2d:f2:45:b3:c4:81:
                    64:16:fc:15:c0:9a:35:7e:de:38:24:f9:8d:10:79:
                    8b:a3:28:60:e0:19:9f:02:84:36:bd:b2:af:4e:1f:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D3:D6:73:1E:51:31:58:CA:67:1A:70:56:DF:E6:0E:3B:29:B6:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fc8ac674-f789-44ae-ab29-ca7b6b740da7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.141.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b7:cd:9a:a7:be:1b:ec:97:13:9a:26:b5:a3:ea:83:08:5b:cc:
         7e:04:f2:28:4e:2c:5e:44:cc:01:75:34:64:a1:49:38:f0:ef:
         37:3d:a1:e2:4d:6a:a4:51:08:f8:15:b2:73:e9:0a:54:f9:36:
         76:4c:ea:af:95:bf:4e:14:21:84:b2:48:5a:4c:11:1a:93:8a:
         d7:b1:2f:e7:6c:de:80:49:a6:13:63:5c:cd:c9:99:28:eb:3e:
         8b:1a:16:90:1f:19:a2:d4:bc:43:ea:2f:85:e8:2d:43:91:15:
         02:f8:bd:9c:63:4f:9b:7e:14:24:3a:76:64:9b:59:c9:4c:82:
         23:d9:20:15:41:d7:74:40:02:0f:e2:5b:5a:bd:e4:03:8a:9f:
         3b:4a:b2:1e:41:bf:9e:70:43:0a:e5:c6:a9:d8:19:33:43:90:
         d2:bc:7e:9a:15:87:95:f5:05:c5:9a:25:6d:7f:87:b0:f2:a1:
         9f:d6:8a:80:7c:1f:14:fc:71:67:d8:9e:eb:ad:79:c6:14:55:
         03:2c:c4:58:d5:af:94:0e:a1:31:79:f8:0a:fe:20:74:4f:8d:
         c0:f4:47:86:6f:b7:42:8f:32:8c:59:47:c9:e6:fd:78:e7:f2:
         0a:d6:a8:6a:11:62:5e:01:e8:2f:d2:18:b1:24:b8:03:98:1c:
         bd:c8:76:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVB6qkHWa7brAro+BdTKTpjZ8KV4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDBiN2JhYWQ4ZjdiMmVlZDkxMDk3NjZhZWY2NjczMmU0
YzQ5ZjliZDZkNjhkMDgxMGIyM2NmZWY2MjA4ZTE5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO4IWg6xHv9MfqN9nYOyiKhyyHKVXIh7NxPmjfo3gLUYjr
Np3ri4M2MW34Yg2n9HAWh5NrXzp+t4ILVGEbh9/+VG9as/IFxZ1RlmUt7/euEhfm
tP7lShYB9lW9/Q5ABu1lKZdge+rslVsjMdPGCP2YwCMTb5Vv4iJTC+483wuQPYye
wzIwoVj8VUfUgGgSWZpFmCd6DWWNC8O5HRDWidI3fJ0VGtPusFO4fBNx+MNwMBtx
Ykw8uxYx3e7+8uejmTN/XlB9WRfMKAvaFmH1+3BoGgi9pBaU5J80hC3yRbPEgWQW
/BXAmjV+3jgk+Y0QeYujKGDgGZ8ChDa9sq9OHwENAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFtPWcx5RMVjKZxpwVt/mDjsptpEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZjOGFjNjc0LWY3ODktNDRhZS1hYjI5LWNhN2I2Yjc0MGRhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZHjYAwDQYJKoZIhvcNAQELBQADggEBALfNmqe+G+yXE5omtaPqgwhbzH4E
8ihOLF5EzAF1NGShSTjw7zc9oeJNaqRRCPgVsnPpClT5NnZM6q+Vv04UIYSySFpM
ERqTitexL+ds3oBJphNjXM3JmSjrPosaFpAfGaLUvEPqL4XoLUORFQL4vZxjT5t+
FCQ6dmSbWclMgiPZIBVB13RAAg/iW1q95AOKnztKsh5Bv55wQwrlxqnYGTNDkNK8
fpoVh5X1BcWaJW1/h7DyoZ/WioB8HxT8cWfYnuutecYUVQMsxFjVr5QOoTF5+Ar+
IHRPjcD0R4Zvt0KPMoxZR8nm/Xjn8grWqGoRYl4B6C/SGLEkuAOYHL3Idr4=
-----END CERTIFICATE-----