Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0a3ec8c4-ff84-484f-aa5c-8ab61c876ab2.roa
File:                     0a3ec8c4-ff84-484f-aa5c-8ab61c876ab2.roa (raw, json)
Hash identifier:          OFDKYXZH/juP5QaR0wKsBOGNotX9RH1xrc7W4g3ZEh0=
Subject key identifier:   B4:D2:1E:81:FE:6C:A8:CD:5C:38:23:9F:60:71:12:D9:E6:BC:EF:49
Certificate issuer:       /CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
Certificate serial:       3503D74C1D576F6BF7E4B3B76F529D51CC7FF720
Authority key identifier: 53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0a3ec8c4-ff84-484f-aa5c-8ab61c876ab2.roa
Signing time:             Sat 27 May 2023 00:00:00 +0000
ROA not before:           Sat 27 May 2023 00:00:00 +0000
ROA not after:            Sat 01 Jul 2023 23:59:59 +0000
asID:                     16509
IP address blocks:        159.248.128.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:03:d7:4c:1d:57:6f:6b:f7:e4:b3:b7:6f:52:9d:51:cc:7f:f7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000/serialNumber=53DC22125FA34F3986CBF12422E34F9B9C661BE7
        Validity
            Not Before: May 27 00:00:00 2023 GMT
            Not After : Jul  1 23:59:59 2023 GMT
        Subject: serialNumber=1c14457c374f75a8c6202a54bc4136731a8203a1f20584948efd2cd2900f841d, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:25:4d:fd:fb:52:ad:09:ae:91:f9:96:20:f0:
                    73:50:2c:05:29:b8:d8:0c:b0:97:a4:ef:90:82:9c:
                    d9:76:8b:2b:4d:a7:e3:c6:7d:f5:76:87:22:ec:78:
                    42:37:36:77:70:1b:a6:fd:38:81:1a:5b:58:a2:65:
                    70:c6:d2:a6:4f:73:be:a6:64:3f:e6:d2:fd:28:6a:
                    ad:ef:24:9e:ce:4e:d6:16:3b:75:bc:7e:b8:24:ee:
                    52:ab:02:5b:f3:d6:28:2b:69:05:8c:5c:c1:a7:7e:
                    d0:92:ea:9a:66:1f:9c:91:27:35:9e:7c:2a:c6:d3:
                    72:50:a6:9a:83:53:50:cf:0c:65:8d:e5:dd:71:05:
                    1a:50:91:86:5d:78:03:8a:d8:70:07:5f:c7:e7:e7:
                    b2:e1:24:95:f9:70:81:15:bb:31:12:c7:70:2f:d5:
                    90:60:1f:21:95:60:aa:b5:a4:04:1e:36:f0:67:48:
                    34:f6:d1:f7:3b:9a:2d:c1:61:cd:a7:78:ba:a7:91:
                    b3:ab:2d:56:f9:80:fd:3e:e3:74:b1:7b:08:7d:49:
                    9d:fe:d4:d9:d3:36:ca:ec:91:9d:90:f1:4f:a3:33:
                    8b:49:d6:2c:22:88:42:8c:a3:b1:1b:83:02:97:02:
                    88:5a:f7:81:06:fc:f8:38:78:5a:98:88:db:28:b6:
                    f6:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D2:1E:81:FE:6C:A8:CD:5C:38:23:9F:60:71:12:D9:E6:BC:EF:49
            X509v3 Authority Key Identifier:
                keyid:53:DC:22:12:5F:A3:4F:39:86:CB:F1:24:22:E3:4F:9B:9C:66:1B:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/U9wiEl-jTzmGy_EkIuNPm5xmG-c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/0a3ec8c4-ff84-484f-aa5c-8ab61c876ab2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a5b01bdd-cdeb-4cfc-8c93-7e70c5e09306.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.248.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:de:ff:02:6f:8e:eb:4e:0e:3d:df:ef:42:aa:9d:cd:0d:bf:
         38:64:b9:b8:1a:86:f1:26:e0:2e:56:c2:4f:3e:cc:5f:f2:e7:
         81:8e:d3:7c:ee:4e:a4:00:ac:a3:71:4c:2c:56:d4:c3:6e:61:
         74:e9:ed:8f:14:10:3d:55:9f:47:c4:72:70:58:d2:a8:dd:e4:
         9b:c1:7b:1f:46:11:02:c0:f2:78:43:c6:55:ae:ee:d7:c9:41:
         a0:e8:e1:b0:ed:f2:6f:83:02:d4:37:16:5b:4f:fb:87:09:c1:
         cf:db:d9:0f:e9:fe:f2:04:ad:a1:28:51:cc:c9:29:0c:b0:74:
         53:05:29:7f:f5:61:ca:14:3f:7f:1b:b6:67:a7:3c:5d:bf:79:
         b2:b3:cb:a9:a9:3a:30:df:6b:3e:b6:34:c9:f3:69:b8:d1:4a:
         b4:f2:12:f7:36:9b:19:f4:cd:a6:11:96:84:a4:de:67:c3:70:
         cd:f3:51:74:14:f3:83:54:3e:23:7a:a6:87:7d:fb:70:f9:9d:
         c8:9e:f5:6d:f5:52:80:7f:ff:1c:9e:ac:d4:c9:01:28:85:20:
         aa:3c:cc:fa:cd:a3:71:3f:01:d9:41:61:59:b7:f6:4c:a7:2f:
         21:29:fc:c6:a7:75:84:96:88:f9:91:cc:fa:1d:89:60:f5:d6:
         e6:29:0e:46
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgIUNQPXTB1Xb2v35LO3b1KdUcx/9yAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg1M0RDMjIxMjVG
QTM0RjM5ODZDQkYxMjQyMkUzNEY5QjlDNjYxQkU3MB4XDTIzMDUyNzAwMDAwMFoX
DTIzMDcwMTIzNTk1OVowgaUxSTBHBgNVBAUTQDFjMTQ0NTdjMzc0Zjc1YThjNjIw
MmE1NGJjNDEzNjczMWE4MjAzYTFmMjA1ODQ5NDhlZmQyY2QyOTAwZjg0MWQxLTAr
BgNVBAMTJGMwYmYwZmU4LTcxN2MtNGY3Mi05YjQ1LWM5YzUxOTEzMmE4MTEUMBIG
A1UECxMLQW1hem9uIFJQS0kxEzARBgNVBAoTCkFtYXpvbi5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8JU39+1KtCa6R+ZYg8HNQLAUpuNgMsJek
75CCnNl2iytNp+PGffV2hyLseEI3NndwG6b9OIEaW1iiZXDG0qZPc76mZD/m0v0o
aq3vJJ7OTtYWO3W8frgk7lKrAlvz1igraQWMXMGnftCS6ppmH5yRJzWefCrG03JQ
ppqDU1DPDGWN5d1xBRpQkYZdeAOK2HAHX8fn57LhJJX5cIEVuzESx3Av1ZBgHyGV
YKq1pAQeNvBnSDT20fc7mi3BYc2neLqnkbOrLVb5gP0+43Sxewh9SZ3+1NnTNsrs
kZ2Q8U+jM4tJ1iwiiEKMo7EbgwKXAoha94EG/Pg4eFqYiNsotvbXAgMBAAGjggJI
MIICRDAdBgNVHQ4EFgQUtNIegf5sqM1cOCOfYHES2ea870kwHwYDVR0jBBgwFoAU
U9wiEl+jTzmGy/EkIuNPm5xmG+cwDgYDVR0PAQH/BAQDAgeAMH4GCCsGAQUFBwEB
BHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9yZXBvc2l0
b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3QzcyRkQxRkYyL1U5d2lFbC1qVHpt
R3lfRWtJdU5QbTV4bUctYy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggrBgEF
BQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3MuY29t
L3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1MGJlYzkyNjEvMGEz
ZWM4YzQtZmY4NC00ODRmLWFhNWMtOGFiNjFjODc2YWIyLnJvYTCBlQYDVR0fBIGN
MIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpv
bmF3cy5jb20vdm9sdW1lLzA4YzJmMjY0LTIzZjktNDlmYi05ZDQzLWY4YjUwYmVj
OTI2MS9hNWIwMWJkZC1jZGViLTRjZmMtOGM5My03ZTcwYzVlMDkzMDYuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKf+IAwDQYJKoZIhvcNAQELBQADggEBAFre/wJvjutODj3f70Kqnc0Nvzhk
ubgahvEm4C5Wwk8+zF/y54GO03zuTqQArKNxTCxW1MNuYXTp7Y8UED1Vn0fEcnBY
0qjd5JvBex9GEQLA8nhDxlWu7tfJQaDo4bDt8m+DAtQ3FltP+4cJwc/b2Q/p/vIE
raEoUczJKQywdFMFKX/1YcoUP38btmenPF2/ebKzy6mpOjDfaz62NMnzabjRSrTy
Evc2mxn0zaYRloSk3mfDcM3zUXQU84NUPiN6pod9+3D5ncie9W31UoB//xyerNTJ
ASiFIKo8zPrNo3E/AdlBYVm39kynLyEp/MandYSWiPmRzPodiWD11uYpDkY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:21:27 2023 by rpki-client on console-ams.rpki-client.org