Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05e8dffb-7ab4-459c-aa2a-15ebf67554e0.roa
File:                     05e8dffb-7ab4-459c-aa2a-15ebf67554e0.roa (raw, json)
Hash identifier:          oWDZsRo25RZFvY8dtLcqxyFP791ab12b9pnZJIaVX5k=
Subject key identifier:   B2:89:2C:6C:8D:E4:32:7D:AB:2C:C5:26:46:52:0E:17:8C:6E:71:40
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       371D474F401960D07DD9F6DBB5060BB433513463
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05e8dffb-7ab4-459c-aa2a-15ebf67554e0.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        204.32.128.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:1d:47:4f:40:19:60:d0:7d:d9:f6:db:b5:06:0b:b4:33:51:34:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d2:8a:ff:61:e4:41:76:56:b0:25:77:32:0f:
                    9e:b8:9d:08:83:d3:75:76:7c:c1:82:52:2c:e6:c3:
                    6e:6a:d5:9d:64:e0:1d:7a:5a:d1:27:1d:8d:14:e1:
                    2a:c7:2f:0b:8a:02:6a:2a:41:16:82:26:68:19:e6:
                    ca:10:35:5c:a4:b7:4d:a8:59:83:62:22:13:bd:94:
                    13:ac:a4:df:90:70:97:cf:2c:00:e2:1a:7f:b2:85:
                    bc:70:dc:2d:6d:8d:ec:67:84:f0:94:35:9e:00:fa:
                    1e:61:40:6a:9c:c2:3b:7a:c0:ec:d5:6c:c3:05:eb:
                    b4:d6:bd:3b:16:69:a6:40:48:42:96:b0:c9:7f:4c:
                    3d:31:d4:50:76:dc:8d:0d:e2:bd:11:65:14:c1:91:
                    69:0a:bd:da:99:0a:13:a3:b5:7e:a0:b2:a4:47:6f:
                    7b:8a:77:5d:8f:26:13:75:d4:0f:d9:51:80:aa:4b:
                    df:36:1d:6d:b5:03:6d:84:17:68:3b:1b:8c:bc:83:
                    a2:42:78:db:c2:04:0b:8e:b5:fe:1a:88:d0:d4:c4:
                    eb:c1:aa:be:ce:0d:f3:79:bb:89:66:39:6c:fc:7f:
                    9b:4a:a1:18:ca:11:7d:58:68:a8:6a:5d:cd:2d:5e:
                    1d:2a:84:44:2e:97:85:54:2a:27:52:61:27:30:da:
                    44:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:89:2C:6C:8D:E4:32:7D:AB:2C:C5:26:46:52:0E:17:8C:6E:71:40
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/05e8dffb-7ab4-459c-aa2a-15ebf67554e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.32.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         be:70:31:4e:3f:b8:95:ab:85:69:44:8c:41:3d:55:6f:b3:65:
         17:e5:ab:bf:db:d2:c5:eb:c3:22:11:f2:a1:df:11:a2:71:4e:
         29:d6:a3:51:73:5d:49:d3:85:ac:42:60:36:a5:e8:5a:4c:6c:
         e6:28:4e:98:ef:60:8f:06:20:80:24:38:71:d0:f9:14:4d:4c:
         b1:f8:b1:d0:03:a5:65:7e:7a:b4:08:ce:c9:35:30:0a:73:37:
         e3:20:c8:fe:78:f9:8b:45:86:ce:1c:09:f7:b8:59:97:56:f4:
         1f:70:cf:73:99:4c:6e:b4:48:aa:6d:b8:cd:fc:4d:22:2b:ab:
         de:58:02:b8:f3:51:1b:3f:c0:41:35:c5:a0:31:04:7a:1d:a9:
         ce:98:40:0b:91:18:ab:39:fc:24:9f:bf:0f:f9:70:68:f7:98:
         e2:51:32:8c:05:3b:b0:01:a9:ca:0a:6f:fe:4b:ce:84:93:51:
         56:d5:ae:b6:36:de:bc:59:47:90:aa:36:16:32:86:8f:6c:57:
         cd:d2:30:a0:11:5b:f7:ca:dc:a6:73:e9:b0:10:a7:03:15:cf:
         10:87:e0:a0:eb:a1:da:b3:85:fe:1b:1c:e7:49:d1:ba:f3:7f:
         a2:0f:53:a1:a6:b2:9a:bd:cf:b3:ff:5d:47:42:87:43:1e:a1:
         fe:8d:15:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNx1HT0AZYNB92fbbtQYLtDNRNGMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzQ5MmE2YjhkNzg2MDM4ZWY4OGEzZTA1YzZhMDkzMTE5
NmVhOTAwM2NiN2VjMTcwYTQzYjQ1ZTc2ZjA0ODQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDU0or/YeRBdlawJXcyD564nQiD03V2fMGCUizmw25q1Z1k
4B16WtEnHY0U4SrHLwuKAmoqQRaCJmgZ5soQNVykt02oWYNiIhO9lBOspN+QcJfP
LADiGn+yhbxw3C1tjexnhPCUNZ4A+h5hQGqcwjt6wOzVbMMF67TWvTsWaaZASEKW
sMl/TD0x1FB23I0N4r0RZRTBkWkKvdqZChOjtX6gsqRHb3uKd12PJhN11A/ZUYCq
S982HW21A22EF2g7G4y8g6JCeNvCBAuOtf4aiNDUxOvBqr7ODfN5u4lmOWz8f5tK
oRjKEX1YaKhqXc0tXh0qhEQul4VUKidSYScw2kR1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsoksbI3kMn2rLMUmRlIOF4xucUAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA1ZThkZmZiLTdhYjQtNDU5Yy1hYTJhLTE1ZWJmNjc1NTRlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATMIIAwDQYJKoZIhvcNAQELBQADggEBAL5wMU4/uJWrhWlEjEE9VW+zZRfl
q7/b0sXrwyIR8qHfEaJxTinWo1FzXUnThaxCYDal6FpMbOYoTpjvYI8GIIAkOHHQ
+RRNTLH4sdADpWV+erQIzsk1MApzN+MgyP54+YtFhs4cCfe4WZdW9B9wz3OZTG60
SKptuM38TSIrq95YArjzURs/wEE1xaAxBHodqc6YQAuRGKs5/CSfvw/5cGj3mOJR
MowFO7ABqcoKb/5LzoSTUVbVrrY23rxZR5CqNhYyho9sV83SMKARW/fK3KZz6bAQ
pwMVzxCH4KDrodqzhf4bHOdJ0brzf6IPU6Gmspq9z7P/XUdCh0Meof6NFYk=
-----END CERTIFICATE-----