Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c31298c-0b2d-458a-922e-c4e9622b2525.roa
File:                     0c31298c-0b2d-458a-922e-c4e9622b2525.roa (raw, json)
Hash identifier:          ZdKL1cLmULjqysT5Kgyyh/yw+WRtaLWPcoaY36kzsVo=
Subject key identifier:   29:B3:C0:72:27:2E:E3:27:AD:18:92:0F:CA:C9:90:1F:33:48:44:FB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DA789F90E3EFBACCE242CAAA80E44611848253D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c31298c-0b2d-458a-922e-c4e9622b2525.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        70.232.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:a7:89:f9:0e:3e:fb:ac:ce:24:2c:aa:a8:0e:44:61:18:48:25:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=bfa070979c4dbc76eb2f24f194a4847caab94fea027c454740140d68f1b05d98, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:89:1e:45:37:d0:d2:1f:d1:ad:73:24:62:f5:
                    d1:2a:eb:68:50:03:02:99:aa:45:87:e3:36:ca:67:
                    f4:c7:00:a1:c2:c3:30:ab:c4:a9:0c:80:cf:77:ca:
                    a1:26:df:6c:bd:29:69:27:d2:9f:01:bf:a7:28:2d:
                    b6:5d:e2:56:8a:bc:0f:3e:27:d2:a7:d2:d3:31:46:
                    a3:f1:89:fb:43:d6:b9:80:e9:7e:ac:db:f8:60:34:
                    8f:46:ae:ea:6d:50:98:63:d2:f4:69:42:64:94:6d:
                    b5:cb:73:d9:e0:fa:20:42:b3:18:d2:6a:28:12:29:
                    10:cb:fb:1e:fc:6d:43:bf:2b:37:3c:b9:7b:8f:b6:
                    da:2f:7d:0b:26:19:71:2f:cd:eb:d5:47:d1:e5:03:
                    2e:fc:02:c4:9c:a2:45:57:73:a7:90:ab:3a:08:3b:
                    70:de:e4:e7:10:7d:03:6b:00:ae:90:68:8b:ce:43:
                    a4:5e:6b:27:bf:df:e8:71:48:35:26:71:be:c4:f9:
                    a6:0a:00:2c:9e:f0:ed:21:96:1c:10:b2:6c:a2:51:
                    76:2d:b9:ab:28:58:d0:b2:43:4c:72:ff:12:45:ed:
                    56:c7:24:53:70:df:d6:09:02:13:b0:18:97:bf:9f:
                    10:57:d5:11:84:0c:e8:af:75:15:55:fe:e0:9f:fb:
                    f9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B3:C0:72:27:2E:E3:27:AD:18:92:0F:CA:C9:90:1F:33:48:44:FB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0c31298c-0b2d-458a-922e-c4e9622b2525.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.232.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         1c:b7:10:15:3a:c6:90:d8:53:cf:c8:8a:24:ef:42:eb:d5:c4:
         52:84:40:6b:ed:a5:49:fb:97:73:29:31:50:e9:d4:30:cb:1d:
         52:91:a0:a7:4a:5b:ee:07:91:7e:ca:39:e6:8e:09:88:14:b5:
         57:f6:d7:98:34:be:c5:2e:53:5e:66:db:ad:0b:de:3d:d8:ac:
         ba:21:00:7a:75:b4:c4:84:b6:1d:fd:d8:6b:fb:d3:ef:35:21:
         a9:e1:d0:59:8c:fb:db:a8:23:a4:5e:cb:e5:fe:53:ca:0a:ce:
         47:83:7d:00:bf:11:bd:d1:8c:cb:49:0d:5d:08:6e:50:40:ee:
         6c:1c:21:fc:d7:04:fc:28:8a:c9:a7:c7:3e:c4:d3:44:0a:d8:
         fd:6b:d9:97:09:6f:0e:12:9b:9c:4c:f7:c4:d8:bb:af:34:4b:
         ac:20:1e:90:81:37:fc:ae:e1:19:3c:c1:18:27:25:3e:83:15:
         02:e4:f0:9c:80:87:bd:76:16:55:b0:a6:34:28:bd:ad:e9:f7:
         13:b2:dd:fb:ac:38:52:66:7b:ba:7d:f2:db:0e:1d:8e:59:69:
         bd:a4:ee:18:17:07:3d:1f:e6:ec:9d:4f:60:d8:1d:6f:a6:62:
         02:e0:50:b1:41:8c:a3:82:bd:c1:90:1d:61:cb:57:ad:fb:61:
         f4:9f:61:04
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfaeJ+Q4++6zOJCyqqA5EYRhIJT0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmEwNzA5NzljNGRiYzc2ZWIyZjI0ZjE5NGE0ODQ3Y2Fh
Yjk0ZmVhMDI3YzQ1NDc0MDE0MGQ2OGYxYjA1ZDk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDiR5FN9DSH9GtcyRi9dEq62hQAwKZqkWH4zbKZ/THAKHC
wzCrxKkMgM93yqEm32y9KWkn0p8Bv6coLbZd4laKvA8+J9Kn0tMxRqPxiftD1rmA
6X6s2/hgNI9GruptUJhj0vRpQmSUbbXLc9ng+iBCsxjSaigSKRDL+x78bUO/Kzc8
uXuPttovfQsmGXEvzevVR9HlAy78AsScokVXc6eQqzoIO3De5OcQfQNrAK6QaIvO
Q6Reaye/3+hxSDUmcb7E+aYKACye8O0hlhwQsmyiUXYtuasoWNCyQ0xy/xJF7VbH
JFNw39YJAhOwGJe/nxBX1RGEDOivdRVV/uCf+/kHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKbPAcicu4yetGJIPysmQHzNIRPswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjMzEyOThjLTBiMmQtNDU4YS05MjJlLWM0ZTk2MjJiMjUyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZG6EAwDQYJKoZIhvcNAQELBQADggEBABy3EBU6xpDYU8/IiiTvQuvVxFKE
QGvtpUn7l3MpMVDp1DDLHVKRoKdKW+4HkX7KOeaOCYgUtVf215g0vsUuU15m260L
3j3YrLohAHp1tMSEth392Gv70+81Ianh0FmM+9uoI6Rey+X+U8oKzkeDfQC/Eb3R
jMtJDV0IblBA7mwcIfzXBPwoismnxz7E00QK2P1r2ZcJbw4Sm5xM98TYu680S6wg
HpCBN/yu4Rk8wRgnJT6DFQLk8JyAh712FlWwpjQova3p9xOy3fusOFJme7p98tsO
HY5Zab2k7hgXBz0f5uydT2DYHW+mYgLgULFBjKOCvcGQHWHLV637YfSfYQQ=
-----END CERTIFICATE-----