Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bb1cf1a-1243-4da5-96ab-3e26791ca09f.roa
File:                     0bb1cf1a-1243-4da5-96ab-3e26791ca09f.roa (raw, json)
Hash identifier:          h3esDcx3XrxhjXeZtWiz20cHygjkCQqP1R7SzSET0og=
Subject key identifier:   88:69:30:6C:41:45:B4:5A:54:0E:EF:D0:5D:02:D3:79:14:23:50:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4BAC53E8946B06B77083B4759178E209498550F0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bb1cf1a-1243-4da5-96ab-3e26791ca09f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        65.37.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:ac:53:e8:94:6b:06:b7:70:83:b4:75:91:78:e2:09:49:85:50:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=a275f6f4ddf920f093fa4bfa7a0dd478c68f65aa97d3e7eb232822a213589f14, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:25:51:26:74:25:bf:8a:a5:9a:0a:27:ac:d1:
                    f2:87:0a:f7:98:84:8c:2f:a2:fa:85:41:3d:a9:57:
                    f7:12:4e:61:f7:f6:64:ac:50:1e:47:c3:31:6c:a7:
                    d8:9c:a5:ec:a3:0e:16:e5:39:24:3e:85:95:3c:27:
                    32:00:1b:09:b9:20:b4:3b:ba:6a:8b:09:15:b4:1a:
                    a4:61:39:cc:29:ba:5b:bf:b2:e6:fe:3f:b7:ab:a8:
                    64:ec:92:04:74:9b:7b:e8:fa:2d:52:8f:23:15:ad:
                    f8:b8:13:71:50:b5:55:54:01:64:bd:62:a7:cb:9c:
                    30:8e:c0:f7:c9:43:7e:0b:f7:49:fd:59:f5:92:b9:
                    22:69:d2:97:48:31:05:eb:ea:82:19:6b:26:7a:e7:
                    2f:aa:39:c9:f8:db:b8:0a:24:3a:81:ac:2f:ce:f8:
                    c7:b0:73:0e:47:1d:6c:56:39:01:ce:1f:96:3f:84:
                    d2:c9:af:82:e8:19:e4:77:19:9b:37:5a:35:e8:83:
                    93:9b:e8:fb:2b:99:6f:b6:8c:ae:b9:9e:0b:af:af:
                    18:25:ee:fe:f2:9a:f8:66:99:b6:2c:e6:07:87:9f:
                    fe:37:43:e2:5e:ee:45:91:c3:00:3e:c8:1a:63:ed:
                    0c:84:ab:84:17:e9:3a:67:97:d3:3e:a4:cc:07:aa:
                    4d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:69:30:6C:41:45:B4:5A:54:0E:EF:D0:5D:02:D3:79:14:23:50:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0bb1cf1a-1243-4da5-96ab-3e26791ca09f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.37.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         06:44:46:59:d6:bf:83:03:4c:50:87:47:92:b2:ff:7e:8f:da:
         4f:10:34:ee:86:fa:cf:a2:ad:57:42:c9:a1:23:55:9f:f9:36:
         73:dd:20:ad:b3:33:2d:20:ca:9d:6c:00:7b:42:f5:b8:62:40:
         39:dc:cb:a0:a1:34:9c:5b:90:72:3a:11:77:a1:32:44:fa:63:
         bf:f2:76:ce:3e:c6:fb:9f:8b:32:cf:6e:6d:af:2c:9d:10:47:
         35:7c:74:9a:e1:6a:2f:cb:c1:be:a0:c2:e7:da:89:3f:b4:85:
         7f:05:d8:c3:56:31:ab:09:88:ba:e0:96:40:b5:6b:e5:8f:9d:
         96:e7:25:58:1d:a9:ef:58:bb:5d:b2:0d:ce:e5:34:f5:c8:ee:
         b4:3c:91:83:d7:9a:09:d7:05:e7:65:47:8e:b7:a9:d9:dc:37:
         8b:49:cb:2a:1e:cc:70:2b:46:b0:0c:d3:c1:35:e1:40:a6:f9:
         11:d0:25:06:f7:0c:39:3f:2e:6d:c0:a6:b6:56:7e:31:3b:69:
         8e:a8:75:3b:2b:52:75:d1:b3:f0:d3:2e:e1:0a:54:eb:f0:19:
         8b:ff:7f:62:75:f5:9e:10:a4:ff:57:d9:8b:aa:f8:c1:3d:da:
         17:f4:f5:1a:70:b7:50:45:7e:6e:7c:94:67:9b:52:1d:5d:72:
         b0:a7:d2:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUS6xT6JRrBrdwg7R1kXjiCUmFUPAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjc1ZjZmNGRkZjkyMGYwOTNmYTRiZmE3YTBkZDQ3OGM2
OGY2NWFhOTdkM2U3ZWIyMzI4MjJhMjEzNTg5ZjE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4JVEmdCW/iqWaCies0fKHCveYhIwvovqFQT2pV/cSTmH3
9mSsUB5HwzFsp9icpeyjDhblOSQ+hZU8JzIAGwm5ILQ7umqLCRW0GqRhOcwpulu/
sub+P7erqGTskgR0m3vo+i1SjyMVrfi4E3FQtVVUAWS9YqfLnDCOwPfJQ34L90n9
WfWSuSJp0pdIMQXr6oIZayZ65y+qOcn427gKJDqBrC/O+Mewcw5HHWxWOQHOH5Y/
hNLJr4LoGeR3GZs3WjXog5Ob6PsrmW+2jK65nguvrxgl7v7ymvhmmbYs5geHn/43
Q+Je7kWRwwA+yBpj7QyEq4QX6Tpnl9M+pMwHqk15AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiGkwbEFFtFpUDu/QXQLTeRQjUGowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiYjFjZjFhLTEyNDMtNGRhNS05NmFiLTNlMjY3OTFjYTA5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZBJYAwDQYJKoZIhvcNAQELBQADggEBAAZERlnWv4MDTFCHR5Ky/36P2k8Q
NO6G+s+irVdCyaEjVZ/5NnPdIK2zMy0gyp1sAHtC9bhiQDncy6ChNJxbkHI6EXeh
MkT6Y7/yds4+xvufizLPbm2vLJ0QRzV8dJrhai/Lwb6gwufaiT+0hX8F2MNWMasJ
iLrglkC1a+WPnZbnJVgdqe9Yu12yDc7lNPXI7rQ8kYPXmgnXBedlR463qdncN4tJ
yyoezHArRrAM08E14UCm+RHQJQb3DDk/Lm3AprZWfjE7aY6odTsrUnXRs/DTLuEK
VOvwGYv/f2J19Z4QpP9X2Yuq+ME92hf09Rpwt1BFfm58lGebUh1dcrCn0gM=
-----END CERTIFICATE-----