Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/090e2347-c6c8-448a-8e62-30b37f4ff1b0.roa
File:                     090e2347-c6c8-448a-8e62-30b37f4ff1b0.roa (raw, json)
Hash identifier:          5z3BzsjEqjt8SV3UcKwQQ3FD7CVM8w93EZtmlVvQQc0=
Subject key identifier:   99:DA:91:8C:CD:85:0C:C7:EA:4F:E8:70:71:0B:C2:E1:CD:64:CE:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D52B8DD09EB08400589ED18CC0229F32947E4ED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/090e2347-c6c8-448a-8e62-30b37f4ff1b0.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        44.224.0.0/11 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:52:b8:dd:09:eb:08:40:05:89:ed:18:cc:02:29:f3:29:47:e4:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=e47002ffaeb6096390c29e5cc5e23c4693be66c772d254801d1b178bba7e8bdd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:32:98:34:74:bc:62:e8:99:81:f6:f9:9c:82:
                    81:5a:91:24:9d:7b:74:49:16:8b:e4:2d:68:7a:ce:
                    01:cf:35:8c:47:5c:b5:7c:07:da:51:d0:7d:5d:74:
                    9f:61:6d:fa:89:d7:88:40:c0:6f:1f:b5:77:76:58:
                    82:e7:67:d7:8a:01:36:ed:e9:b3:32:47:04:81:75:
                    2e:25:c0:e4:fa:3c:7f:be:98:06:f4:ab:30:c5:a7:
                    ea:12:5e:20:98:3f:6b:02:de:9a:e2:6e:e9:83:45:
                    e2:9c:d6:3a:67:3f:47:b0:8f:0e:8b:03:f7:3f:73:
                    e5:9b:e1:11:44:0e:dc:3c:e4:19:39:16:77:27:fc:
                    b1:ea:7e:af:a9:d9:bf:20:d1:00:4e:36:4e:c2:db:
                    59:e3:f7:22:f6:02:24:36:29:85:2b:cc:ea:d4:25:
                    22:a3:36:c1:1b:f7:48:d7:ab:2e:af:dc:03:f0:d2:
                    9b:c7:0c:54:44:d6:d2:be:53:35:6c:57:9a:cc:9f:
                    bb:ba:19:46:e3:24:b4:d6:79:01:19:f3:29:fc:4f:
                    11:f6:f3:40:e7:0a:2e:b1:24:88:c9:e9:f2:76:5e:
                    25:3e:37:0e:cb:86:f0:c3:c6:f5:31:64:e1:df:f9:
                    cb:a3:d4:58:77:0e:9b:3d:31:13:bb:cd:3b:6e:42:
                    62:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:DA:91:8C:CD:85:0C:C7:EA:4F:E8:70:71:0B:C2:E1:CD:64:CE:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/090e2347-c6c8-448a-8e62-30b37f4ff1b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  44.224.0.0/11

    Signature Algorithm: sha256WithRSAEncryption
         d1:b4:93:cd:13:d2:a3:e1:75:f1:14:8f:28:2f:91:07:aa:95:
         c5:ed:2d:44:a0:a5:30:e6:7f:0b:77:5e:3d:ec:82:26:57:84:
         a7:ca:b3:90:55:fb:60:64:8b:50:c9:11:7f:34:26:06:f6:29:
         d8:d5:8c:d3:7d:dd:47:3e:2f:dc:49:2f:1f:c8:bd:18:6f:ac:
         70:8f:e8:6f:5f:c7:cc:b9:47:91:5e:3b:ef:14:f3:d8:ba:1d:
         10:e9:2f:c4:fa:f1:9a:a3:46:03:a5:b3:b1:96:8f:b8:2f:e7:
         62:44:13:52:bc:4a:5b:26:1d:73:7b:95:3e:91:20:2a:75:da:
         b0:54:7e:14:3b:44:96:04:9c:25:4f:e0:a2:6e:94:8b:ba:18:
         4b:28:6f:b6:85:35:4f:aa:08:c9:f2:19:6a:69:88:fd:3a:49:
         09:f8:fe:d6:0f:82:b3:7c:6d:9d:33:8d:48:48:a9:dd:ae:84:
         e9:78:27:6f:41:48:cf:2a:90:58:76:dd:a2:07:b8:96:57:79:
         40:50:9b:24:65:10:37:4a:38:da:e5:63:a3:ed:2c:c6:76:74:
         f5:47:de:d5:fa:1d:39:be:d0:98:fd:ec:5b:4d:ca:85:c2:cf:
         a6:a1:c7:8d:80:9f:90:13:48:cf:53:5a:fc:28:44:cb:80:3c:
         6d:5e:ae:11
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHVK43QnrCEAFie0YzAIp8ylH5O0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNDcwMDJmZmFlYjYwOTYzOTBjMjllNWNjNWUyM2M0Njkz
YmU2NmM3NzJkMjU0ODAxZDFiMTc4YmJhN2U4YmRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoMpg0dLxi6JmB9vmcgoFakSSde3RJFovkLWh6zgHPNYxH
XLV8B9pR0H1ddJ9hbfqJ14hAwG8ftXd2WILnZ9eKATbt6bMyRwSBdS4lwOT6PH++
mAb0qzDFp+oSXiCYP2sC3pribumDReKc1jpnP0ewjw6LA/c/c+Wb4RFEDtw85Bk5
Fncn/LHqfq+p2b8g0QBONk7C21nj9yL2AiQ2KYUrzOrUJSKjNsEb90jXqy6v3APw
0pvHDFRE1tK+UzVsV5rMn7u6GUbjJLTWeQEZ8yn8TxH280DnCi6xJIjJ6fJ2XiU+
Nw7LhvDDxvUxZOHf+cuj1Fh3Dps9MRO7zTtuQmL5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmdqRjM2FDMfqT+hwcQvC4c1kzgEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5MGUyMzQ3LWM2YzgtNDQ4YS04ZTYyLTMwYjM3ZjRmZjFiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwUs4DANBgkqhkiG9w0BAQsFAAOCAQEA0bSTzRPSo+F18RSPKC+RB6qVxe0t
RKClMOZ/C3dePeyCJleEp8qzkFX7YGSLUMkRfzQmBvYp2NWM033dRz4v3EkvH8i9
GG+scI/ob1/HzLlHkV477xTz2LodEOkvxPrxmqNGA6WzsZaPuC/nYkQTUrxKWyYd
c3uVPpEgKnXasFR+FDtElgScJU/gom6Ui7oYSyhvtoU1T6oIyfIZammI/TpJCfj+
1g+Cs3xtnTONSEip3a6E6Xgnb0FIzyqQWHbdoge4lld5QFCbJGUQN0o42uVjo+0s
xnZ09Ufe1fodOb7QmP3sW03KhcLPpqHHjYCfkBNIz1Na/ChEy4A8bV6uEQ==
-----END CERTIFICATE-----