Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0574c371-7eae-41e9-9572-6280d493ffff.roa
File:                     0574c371-7eae-41e9-9572-6280d493ffff.roa (raw, json)
Hash identifier:          LlALMxnm6C0t6moYX+tCSt0Zr77xUAaabnLH6sNPbVA=
Subject key identifier:   47:5C:61:6E:2B:E3:88:A5:8B:ED:CF:E5:E8:71:F8:B2:DF:40:6D:92
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70014AB90E28CA274814FDAE807A0A3DE624D96D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0574c371-7eae-41e9-9572-6280d493ffff.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        161.14.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:01:4a:b9:0e:28:ca:27:48:14:fd:ae:80:7a:0a:3d:e6:24:d9:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=ed72daa8f1196f43dfee8a4a00878ab7a0767b035531f418afa4de2d7207b91a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:fe:1f:8f:af:93:11:30:05:5a:0e:39:62:cf:
                    eb:2e:3c:77:af:91:43:31:62:a8:04:3b:b3:e0:e8:
                    e4:8d:e2:c6:c7:94:8a:2b:46:08:96:32:ff:9f:97:
                    7a:ad:c2:b3:2e:a1:53:1a:23:ea:54:1e:ef:46:aa:
                    75:e1:e9:a1:fd:4e:60:59:f7:b5:16:c4:d6:32:be:
                    12:b7:fc:87:44:3f:d4:cb:8d:81:ce:4e:5a:1d:45:
                    e2:80:0b:26:32:de:e0:05:93:e9:f5:4d:25:25:68:
                    f5:c6:31:a6:2d:f9:5f:be:ca:51:dc:fb:d2:6a:db:
                    24:86:90:82:d2:de:cf:96:89:14:2f:94:f7:20:f7:
                    02:e3:bd:7b:33:35:7f:2d:ec:22:24:6d:3a:35:47:
                    d0:30:92:98:2e:d9:a7:c9:91:d4:45:ad:bd:7e:8b:
                    cb:a9:bd:fe:c3:78:b9:68:6b:3c:08:7d:62:55:59:
                    70:5c:e5:99:bc:3c:c4:bd:15:10:14:f0:69:25:b3:
                    bc:9d:fe:26:9a:ac:3e:64:15:99:f5:59:c5:c3:a6:
                    3c:de:d2:5f:60:0c:2d:0b:fe:7f:b1:3d:c0:3e:cb:
                    60:24:04:fb:f9:c4:fe:35:5f:c0:5a:49:ce:52:80:
                    88:7d:4f:fa:07:7e:09:b9:64:91:bd:57:5d:6d:91:
                    a6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5C:61:6E:2B:E3:88:A5:8B:ED:CF:E5:E8:71:F8:B2:DF:40:6D:92
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0574c371-7eae-41e9-9572-6280d493ffff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.14.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:6b:3b:84:da:e2:37:48:33:27:d6:3f:d4:ce:6f:3e:03:25:
         70:5c:e6:43:bc:19:a6:96:6a:8d:8c:e7:d0:0c:e3:a0:20:e3:
         52:64:99:aa:ed:08:27:bf:81:f6:98:ca:a8:a0:91:9d:9f:50:
         e8:de:99:7c:02:11:e3:04:b2:72:f3:82:0b:6b:61:cb:3e:01:
         46:33:94:04:10:10:65:9f:0a:6a:7c:34:35:66:a7:93:77:75:
         3e:f1:a2:90:1c:8a:1d:f6:f4:d6:d4:7c:e4:33:5c:47:7d:b2:
         d6:44:2d:4b:1d:a0:45:65:e1:32:23:40:98:27:6a:76:de:1b:
         eb:d3:c2:ad:93:66:cc:2c:87:50:96:53:3e:8a:e2:58:23:4c:
         13:31:54:96:d9:dd:bf:c4:17:fc:04:20:7b:fb:aa:d6:00:bb:
         6e:87:d2:e7:ef:78:84:a4:83:7b:f1:f3:47:fc:f5:f2:8d:37:
         8d:7c:02:55:24:08:49:7b:d2:7b:45:69:79:b4:2f:3e:61:57:
         37:f8:cb:fe:18:e8:e1:8c:43:8a:4c:c3:62:f9:ad:15:54:b1:
         fb:1d:30:c7:18:9f:f7:3b:62:a2:05:08:e5:01:36:95:0f:c1:
         96:88:7e:8e:8a:90:e7:a6:e6:82:77:41:87:55:75:f9:f7:37:
         45:50:ec:26
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcAFKuQ4oyidIFP2ugHoKPeYk2W0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDcyZGFhOGYxMTk2ZjQzZGZlZThhNGEwMDg3OGFiN2Ew
NzY3YjAzNTUzMWY0MThhZmE0ZGUyZDcyMDdiOTFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz/h+Pr5MRMAVaDjliz+suPHevkUMxYqgEO7Pg6OSN4sbH
lIorRgiWMv+fl3qtwrMuoVMaI+pUHu9GqnXh6aH9TmBZ97UWxNYyvhK3/IdEP9TL
jYHOTlodReKACyYy3uAFk+n1TSUlaPXGMaYt+V++ylHc+9Jq2ySGkILS3s+WiRQv
lPcg9wLjvXszNX8t7CIkbTo1R9Awkpgu2afJkdRFrb1+i8upvf7DeLloazwIfWJV
WXBc5Zm8PMS9FRAU8Gkls7yd/iaarD5kFZn1WcXDpjze0l9gDC0L/n+xPcA+y2Ak
BPv5xP41X8BaSc5SgIh9T/oHfgm5ZJG9V11tkabRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUR1xhbivjiKWL7c/l6HH4st9AbZIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA1NzRjMzcxLTdlYWUtNDFlOS05NTcyLTYyODBkNDkzZmZmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwChDjANBgkqhkiG9w0BAQsFAAOCAQEAcms7hNriN0gzJ9Y/1M5vPgMlcFzm
Q7wZppZqjYzn0AzjoCDjUmSZqu0IJ7+B9pjKqKCRnZ9Q6N6ZfAIR4wSycvOCC2th
yz4BRjOUBBAQZZ8Kanw0NWank3d1PvGikByKHfb01tR85DNcR32y1kQtSx2gRWXh
MiNAmCdqdt4b69PCrZNmzCyHUJZTPoriWCNMEzFUltndv8QX/AQge/uq1gC7bofS
5+94hKSDe/HzR/z18o03jXwCVSQISXvSe0VpebQvPmFXN/jL/hjo4YxDikzDYvmt
FVSx+x0wxxif9ztiogUI5QE2lQ/Bloh+joqQ56bmgndBh1V1+fc3RVDsJg==
-----END CERTIFICATE-----