Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03ddfb6c-d1e0-4519-8bb8-da52440eac4d.roa
File:                     03ddfb6c-d1e0-4519-8bb8-da52440eac4d.roa (raw, json)
Hash identifier:          mhty26SZ+sF+TZNyKLW9TDvcjksEmgJZC9cLU9U6yPY=
Subject key identifier:   20:C2:36:07:DC:F4:C2:CC:87:BA:5E:5D:C9:E0:EF:41:1A:A4:81:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47D94FFFDD658C4C57AFE7C3EC2F30FFF0245060
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03ddfb6c-d1e0-4519-8bb8-da52440eac4d.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.102.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d9:4f:ff:dd:65:8c:4c:57:af:e7:c3:ec:2f:30:ff:f0:24:50:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=334323fca1b400b324ec5521b0ba652402a97d401ecac10a2f92a1dc1f33dd90, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:79:88:16:b4:bb:f3:67:16:80:de:60:2d:38:
                    be:71:07:56:8c:26:0b:e9:72:41:66:24:66:d1:a8:
                    9e:28:e3:9c:d3:c2:50:3c:a5:74:05:9a:3f:d4:fb:
                    06:1f:87:9d:a1:8c:98:5e:79:7d:98:a8:24:59:2f:
                    39:da:80:67:5b:85:38:06:56:5e:a4:1f:68:3f:6e:
                    3e:7f:62:2c:a5:c4:1e:a1:42:86:7a:a0:e1:f0:5b:
                    7f:c8:56:72:e2:61:f1:56:b5:c0:cf:69:a8:26:5e:
                    ab:35:39:69:b4:33:22:22:e6:f4:cf:74:77:b2:42:
                    a3:c6:a8:56:7e:03:ef:1b:d9:0a:e3:93:f5:66:ea:
                    a0:9a:10:40:20:cb:af:40:6c:c1:8f:d9:6c:8f:bf:
                    c3:fb:82:a7:7e:98:1a:4f:79:ff:ea:5b:c2:24:0d:
                    4c:25:9a:e9:8b:72:a0:2d:0a:ff:ec:bd:e0:2d:98:
                    5b:aa:86:02:43:0b:e1:96:f7:83:36:6f:e1:95:a9:
                    47:f1:2d:ea:f3:bc:0e:60:cf:32:75:a0:dd:71:25:
                    4d:b7:18:6c:ea:e6:32:f7:e8:21:35:fe:94:f5:32:
                    3a:d0:db:9b:91:05:c7:6f:de:98:8b:e9:64:f7:15:
                    e7:d7:d7:16:8a:f8:87:17:cb:2e:12:89:21:45:0b:
                    5b:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:C2:36:07:DC:F4:C2:CC:87:BA:5E:5D:C9:E0:EF:41:1A:A4:81:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/03ddfb6c-d1e0-4519-8bb8-da52440eac4d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.102.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:5d:4a:f8:d1:e3:18:4b:e4:b3:8c:47:f5:28:62:cb:6d:d1:
         7c:f8:1a:f3:9e:a9:6d:b5:a2:2c:0a:84:fc:8a:6e:a3:f7:5e:
         29:b2:9a:2c:bb:6f:e1:5c:64:b6:e6:4f:f7:e2:2c:5a:6e:f3:
         56:89:6f:8b:56:df:6a:c7:d9:bc:03:04:9d:f5:b2:3d:20:0f:
         6a:89:4c:20:c1:0a:ab:51:6f:61:28:08:bd:6c:e1:5b:e6:6d:
         ab:69:d7:c5:a4:97:f8:96:cd:af:ed:ab:43:cf:03:db:6a:a0:
         dc:5c:79:94:a9:36:1c:52:1d:d6:c0:28:d2:82:60:16:9a:b8:
         4a:6f:71:11:c1:69:4d:48:ca:12:8c:a9:34:cd:50:fd:2d:0d:
         95:70:77:61:c5:d0:a8:2f:bc:7d:dd:bc:af:3c:44:7a:ff:d5:
         a8:7a:dc:ac:01:11:8b:c8:fa:9c:f0:79:46:3a:16:51:7d:60:
         ee:a3:bf:16:37:69:e5:06:5f:24:6e:60:2c:5c:15:a6:04:fa:
         b3:dd:fd:29:46:a6:0b:b9:0f:df:96:56:76:83:95:53:08:c3:
         77:c4:4e:c2:53:46:57:0c:fc:f3:f1:6b:19:f3:b1:88:9a:90:
         d1:b2:9e:64:b5:f1:60:19:92:98:e9:db:b6:d2:e2:ca:2c:8c:
         04:8c:e1:54
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR9lP/91ljExXr+fD7C8w//AkUGAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzQzMjNmY2ExYjQwMGIzMjRlYzU1MjFiMGJhNjUyNDAy
YTk3ZDQwMWVjYWMxMGEyZjkyYTFkYzFmMzNkZDkwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTeYgWtLvzZxaA3mAtOL5xB1aMJgvpckFmJGbRqJ4o45zT
wlA8pXQFmj/U+wYfh52hjJheeX2YqCRZLznagGdbhTgGVl6kH2g/bj5/YiylxB6h
QoZ6oOHwW3/IVnLiYfFWtcDPaagmXqs1OWm0MyIi5vTPdHeyQqPGqFZ+A+8b2Qrj
k/Vm6qCaEEAgy69AbMGP2WyPv8P7gqd+mBpPef/qW8IkDUwlmumLcqAtCv/sveAt
mFuqhgJDC+GW94M2b+GVqUfxLerzvA5gzzJ1oN1xJU23GGzq5jL36CE1/pT1MjrQ
25uRBcdv3piL6WT3FefX1xaK+IcXyy4SiSFFC1sZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIMI2B9z0wsyHul5dyeDvQRqkgZQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzZGRmYjZjLWQxZTAtNDUxOS04YmI4LWRhNTI0NDBlYWM0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2ZjANBgkqhkiG9w0BAQsFAAOCAQEAAl1K+NHjGEvks4xH9Shiy23RfPga
856pbbWiLAqE/Ipuo/deKbKaLLtv4VxktuZP9+IsWm7zVolvi1bfasfZvAMEnfWy
PSAPaolMIMEKq1FvYSgIvWzhW+Ztq2nXxaSX+JbNr+2rQ88D22qg3Fx5lKk2HFId
1sAo0oJgFpq4Sm9xEcFpTUjKEoypNM1Q/S0NlXB3YcXQqC+8fd28rzxEev/VqHrc
rAERi8j6nPB5RjoWUX1g7qO/Fjdp5QZfJG5gLFwVpgT6s939KUamC7kP35ZWdoOV
UwjDd8ROwlNGVwz88/FrGfOxiJqQ0bKeZLXxYBmSmOnbttLiyiyMBIzhVA==
-----END CERTIFICATE-----