Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0cf06feb-5302-4d0b-b594-4d338c334d3f.roa
File:                     0cf06feb-5302-4d0b-b594-4d338c334d3f.roa (raw, json)
Hash identifier:          xDrxdAdUP9/XylipIF/cRoX2taC5YIiKSFeIH6dwRBA=
Subject key identifier:   73:DD:C3:D0:40:1E:C7:41:DB:3E:85:36:62:26:23:D9:2B:5E:5F:9F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A3912ADD67458367EED1338A31F940D20F8E825
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0cf06feb-5302-4d0b-b594-4d338c334d3f.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        13.60.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:39:12:ad:d6:74:58:36:7e:ed:13:38:a3:1f:94:0d:20:f8:e8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=70c9545c75f51fb141bdc7868673e3c8aa8f3df17afbeb0c92a41f6e394164a4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:56:cb:29:f2:aa:db:79:3d:74:4d:3d:04:
                    df:bc:74:b9:0e:ea:a8:1c:56:f2:4c:66:75:b8:ba:
                    0b:68:a6:9e:fc:99:ac:59:ad:06:99:0d:74:f7:91:
                    50:6b:35:1f:1a:da:34:7b:8f:d9:4c:23:aa:24:72:
                    da:5c:60:0e:84:00:e2:b4:c1:1b:7b:68:cc:d8:47:
                    ec:42:83:00:1b:92:a4:80:be:90:78:38:e6:2e:e6:
                    63:74:e2:53:80:eb:28:e2:00:03:67:a9:cb:3c:2a:
                    c4:7c:6e:40:38:0a:c2:b0:9d:2b:24:81:00:7a:47:
                    23:d1:71:26:a1:88:08:93:97:c3:82:24:a9:e7:95:
                    09:6b:2a:4c:08:5f:a0:36:29:e7:91:8b:74:91:aa:
                    ea:d6:84:1c:26:33:ce:76:61:13:8b:b7:bc:14:75:
                    99:a5:4b:69:d6:fc:a8:23:40:5b:5f:3e:38:e3:54:
                    2d:55:72:28:fe:f7:9c:15:96:94:70:2e:70:96:e6:
                    ae:73:ff:0f:af:83:5e:c5:a3:f8:f8:26:e9:93:71:
                    35:42:66:fc:27:3c:fa:51:6a:fc:da:40:ed:39:57:
                    6f:71:72:3f:5a:17:b6:37:52:18:7e:0a:23:09:65:
                    0b:6d:e6:d2:e2:9f:83:48:be:87:78:64:44:c7:0b:
                    92:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:DD:C3:D0:40:1E:C7:41:DB:3E:85:36:62:26:23:D9:2B:5E:5F:9F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0cf06feb-5302-4d0b-b594-4d338c334d3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.60.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         7a:45:9a:e5:85:6f:44:86:40:5d:b5:fc:81:46:54:5c:f7:b9:
         03:2c:f2:b0:2e:47:2a:94:c5:6f:14:0a:1b:ef:8b:e2:1b:0c:
         8a:9d:c1:fa:f5:0f:e4:0c:47:ca:ae:8e:d7:31:42:1e:b9:e8:
         aa:f6:11:e0:37:26:d8:54:7e:cb:b5:b7:17:58:39:bc:20:f6:
         d6:5e:c1:53:c3:98:c1:ca:77:a3:ed:2f:cf:eb:0b:80:90:b2:
         35:8b:d6:77:b9:fc:5a:f7:01:8b:07:07:6d:4d:e5:40:1e:58:
         9f:a1:c5:e0:db:21:eb:3e:92:20:67:8c:2f:fd:2d:20:e0:62:
         15:6c:d8:bb:4a:03:4a:63:07:34:a5:c8:db:dc:72:aa:64:48:
         f1:53:ea:f2:5f:5b:db:fc:95:60:31:1b:88:e6:11:5e:da:9d:
         9e:41:58:c1:67:33:1a:a5:75:4f:85:75:8b:24:0a:b8:87:26:
         e7:83:54:49:52:de:8a:88:71:19:e9:cc:4f:c2:b6:27:68:13:
         33:31:f4:26:7e:3e:fc:c9:6f:be:61:3a:84:fe:17:8b:05:b0:
         7b:a5:f0:f9:e5:06:d8:37:b9:01:03:2f:df:6c:03:91:ae:14:
         6b:ff:e8:6c:53:3a:5f:30:76:d7:3f:35:78:b9:c1:d5:d6:05:
         58:89:c0:ab
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCjkSrdZ0WDZ+7RM4ox+UDSD46CUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MGM5NTQ1Yzc1ZjUxZmIxNDFiZGM3ODY4NjczZTNjOGFh
OGYzZGYxN2FmYmViMGM5MmE0MWY2ZTM5NDE2NGE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCelbLKfKq23k9dE09BN+8dLkO6qgcVvJMZnW4ugtopp78
maxZrQaZDXT3kVBrNR8a2jR7j9lMI6okctpcYA6EAOK0wRt7aMzYR+xCgwAbkqSA
vpB4OOYu5mN04lOA6yjiAANnqcs8KsR8bkA4CsKwnSskgQB6RyPRcSahiAiTl8OC
JKnnlQlrKkwIX6A2KeeRi3SRqurWhBwmM852YROLt7wUdZmlS2nW/KgjQFtfPjjj
VC1Vcij+95wVlpRwLnCW5q5z/w+vg17Fo/j4JumTcTVCZvwnPPpRavzaQO05V29x
cj9aF7Y3Uhh+CiMJZQtt5tLin4NIvod4ZETHC5KXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUc93D0EAex0HbPoU2YiYj2SteX58wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBjZjA2ZmViLTUzMDItNGQwYi1iNTk0LTRkMzM4YzMzNGQzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwINPDANBgkqhkiG9w0BAQsFAAOCAQEAekWa5YVvRIZAXbX8gUZUXPe5Ayzy
sC5HKpTFbxQKG++L4hsMip3B+vUP5AxHyq6O1zFCHrnoqvYR4Dcm2FR+y7W3F1g5
vCD21l7BU8OYwcp3o+0vz+sLgJCyNYvWd7n8WvcBiwcHbU3lQB5Yn6HF4Nsh6z6S
IGeML/0tIOBiFWzYu0oDSmMHNKXI29xyqmRI8VPq8l9b2/yVYDEbiOYRXtqdnkFY
wWczGqV1T4V1iyQKuIcm54NUSVLeiohxGenMT8K2J2gTMzH0Jn4+/MlvvmE6hP4X
iwWwe6Xw+eUG2De5AQMv32wDka4Ua//obFM6XzB21z81eLnB1dYFWInAqw==
-----END CERTIFICATE-----