Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a6c871c-d068-41bd-bc97-d16b24f27195.roa
File:                     0a6c871c-d068-41bd-bc97-d16b24f27195.roa (raw, json)
Hash identifier:          usNPuDDElR23kAzAd6sE0WvvM14XOsq6NrsMvndU+N8=
Subject key identifier:   9C:5F:45:01:62:72:3C:30:DD:AC:48:D0:ED:78:B6:8E:3E:4D:59:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5AE8F87763DF076844CE1C80663EFDA92C544AF6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a6c871c-d068-41bd-bc97-d16b24f27195.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        15.175.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:e8:f8:77:63:df:07:68:44:ce:1c:80:66:3e:fd:a9:2c:54:4a:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=f3a3ae443b60cd8dce2226508767e0ab8128a4dca535600bdde8a37c15310fb0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:de:ea:22:f6:e4:52:62:99:d6:ea:ba:13:ce:
                    3d:9c:ca:52:76:35:dd:90:91:32:2f:f4:f9:a9:2b:
                    08:b6:e9:11:fd:8e:50:33:cf:7c:e4:49:0b:c6:1f:
                    33:a5:7f:94:ea:36:59:31:76:f8:60:22:7e:34:33:
                    1c:ca:73:0f:38:48:98:53:02:12:ec:d3:ae:a5:93:
                    a4:0f:2e:e1:14:bb:25:59:09:60:51:b6:5f:96:da:
                    df:bc:7b:ba:17:51:35:67:de:6d:8c:d7:d2:a5:27:
                    4e:3d:7f:0a:0d:fc:3c:bc:8c:ce:9c:d4:a9:d2:99:
                    4d:68:d0:7a:b5:04:01:cd:94:16:35:c8:5c:12:f9:
                    7c:7d:1b:29:bc:33:31:dc:c9:f1:a7:c6:49:cb:0a:
                    75:1d:c8:94:f8:da:96:44:24:9e:46:70:c6:22:9b:
                    26:5b:6e:67:f6:e0:8b:60:43:d3:b9:5e:c6:0d:ff:
                    4b:4c:a7:e5:de:a9:68:53:30:cc:7e:64:1b:8b:5f:
                    6f:77:20:99:73:0a:e3:a6:d4:d1:7b:46:6c:55:d6:
                    b6:89:7f:f8:36:08:73:04:66:89:b6:95:ec:d6:04:
                    c0:0f:af:25:ff:00:a5:c6:e5:4b:2e:0f:d1:12:65:
                    37:e2:64:23:9e:9f:bf:33:e2:74:d0:53:95:e4:58:
                    92:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:5F:45:01:62:72:3C:30:DD:AC:48:D0:ED:78:B6:8E:3E:4D:59:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a6c871c-d068-41bd-bc97-d16b24f27195.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.175.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:d1:00:51:de:58:28:76:a8:61:95:19:64:06:9f:44:45:4d:
         f9:38:c9:c3:11:f2:d1:22:17:b1:35:aa:25:bb:e3:43:b2:66:
         3f:ac:68:02:d6:66:1c:53:cf:a8:a4:0f:27:0d:f2:a7:91:b9:
         26:32:fa:27:d1:98:7a:46:ee:a1:e5:fd:63:1a:58:ce:8c:81:
         d5:aa:42:e9:b7:ef:cd:30:82:0b:5e:58:ca:66:20:70:f4:ea:
         bb:72:eb:b1:69:04:c5:38:92:bf:67:7e:88:be:74:68:01:0e:
         0f:54:28:c8:b3:01:fb:af:0d:5e:27:9c:b7:a2:22:06:1f:01:
         fc:33:54:07:93:21:ca:73:bf:94:92:1d:6b:0d:6b:0a:6b:8a:
         c0:5b:0e:56:e6:0f:99:5d:68:fc:82:df:1d:c0:19:3a:83:d0:
         c2:ac:f0:42:86:ce:03:58:8d:d3:7e:b6:08:7d:6a:95:6d:26:
         32:7f:44:47:43:b7:80:86:24:a1:62:c3:9a:df:f2:f7:b3:3d:
         c2:5c:cd:bc:0f:7d:73:bd:05:3a:bd:60:0b:fa:90:db:dc:44:
         8f:c2:2b:cf:60:b1:bf:aa:4d:2c:5b:f1:3e:ec:b7:3d:56:7e:
         06:39:53:f9:bc:e2:a2:8f:83:42:4f:36:d3:df:41:40:d5:76:
         e4:3a:11:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWuj4d2PfB2hEzhyAZj79qSxUSvYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2EzYWU0NDNiNjBjZDhkY2UyMjI2NTA4NzY3ZTBhYjgx
MjhhNGRjYTUzNTYwMGJkZGU4YTM3YzE1MzEwZmIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDc3uoi9uRSYpnW6roTzj2cylJ2Nd2QkTIv9PmpKwi26RH9
jlAzz3zkSQvGHzOlf5TqNlkxdvhgIn40MxzKcw84SJhTAhLs066lk6QPLuEUuyVZ
CWBRtl+W2t+8e7oXUTVn3m2M19KlJ049fwoN/Dy8jM6c1KnSmU1o0Hq1BAHNlBY1
yFwS+Xx9Gym8MzHcyfGnxknLCnUdyJT42pZEJJ5GcMYimyZbbmf24ItgQ9O5XsYN
/0tMp+XeqWhTMMx+ZBuLX293IJlzCuOm1NF7RmxV1raJf/g2CHMEZom2lezWBMAP
ryX/AKXG5UsuD9ESZTfiZCOen78z4nTQU5XkWJI5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnF9FAWJyPDDdrEjQ7Xi2jj5NWbowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhNmM4NzFjLWQwNjgtNDFiZC1iYzk3LWQxNmIyNGYyNzE5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPrzANBgkqhkiG9w0BAQsFAAOCAQEAodEAUd5YKHaoYZUZZAafREVN+TjJ
wxHy0SIXsTWqJbvjQ7JmP6xoAtZmHFPPqKQPJw3yp5G5JjL6J9GYekbuoeX9YxpY
zoyB1apC6bfvzTCCC15YymYgcPTqu3LrsWkExTiSv2d+iL50aAEOD1QoyLMB+68N
Xiect6IiBh8B/DNUB5MhynO/lJIdaw1rCmuKwFsOVuYPmV1o/ILfHcAZOoPQwqzw
QobOA1iN0362CH1qlW0mMn9ER0O3gIYkoWLDmt/y97M9wlzNvA99c70FOr1gC/qQ
29xEj8Irz2Cxv6pNLFvxPuy3PVZ+BjlT+bzioo+DQk82099BQNV25DoRYQ==
-----END CERTIFICATE-----