Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a96e783-85df-484d-816d-2ccb7abace21.roa
File:                     1a96e783-85df-484d-816d-2ccb7abace21.roa (raw, json)
Hash identifier:          16PHDRZZRgX5pMlkKVt8uyHLTf/JJ4GjlQf+fwhRRVU=
Subject key identifier:   67:BD:04:CA:CF:BA:8D:7C:F7:2E:D3:88:09:C6:B1:72:13:62:FC:A5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       233AB65B331591759A1E80906FC20547BCEAA942
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a96e783-85df-484d-816d-2ccb7abace21.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.60.156.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:3a:b6:5b:33:15:91:75:9a:1e:80:90:6f:c2:05:47:bc:ea:a9:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=286f0f871fa8e79adbeb0064e6c25e0551978bf6477535f5d8fa902d9fb617d2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e9:ba:19:eb:24:1d:3c:59:82:32:08:4b:06:
                    52:27:7b:20:3d:8e:31:92:79:d0:1e:9e:a4:99:fd:
                    71:73:7d:4e:5d:24:6a:c7:74:f6:a9:91:8a:86:2a:
                    34:a9:fe:bd:d0:67:01:38:66:b7:91:7f:a7:b5:2f:
                    89:bc:6c:5b:97:62:58:90:97:0c:90:cb:80:7e:cd:
                    34:fb:23:1e:5c:cd:13:04:af:0a:28:28:51:d1:42:
                    c7:08:53:ee:41:9f:a6:45:08:9d:55:5e:f6:60:7e:
                    64:3d:ff:a1:e7:a3:20:a0:cf:39:cf:ee:2c:9c:14:
                    1a:11:7f:dc:f2:7f:16:ed:ed:c7:2f:25:b7:15:19:
                    b6:1a:54:29:fa:96:05:95:29:05:9e:76:f7:ea:14:
                    f1:e8:39:73:d8:bb:d0:2d:a0:27:6f:de:c2:f7:a2:
                    08:bf:92:47:0b:e8:5b:c4:77:03:72:c4:2b:78:a9:
                    e4:98:69:6a:96:d8:e3:82:b3:16:c7:8e:0f:e8:7d:
                    a7:94:09:b5:d2:2d:1e:97:8a:58:06:e8:b7:6e:d3:
                    ed:25:9e:0d:c7:8a:ba:da:b2:82:9f:85:01:2d:9a:
                    a0:fc:51:43:b8:2c:aa:e6:9b:f4:c0:6d:74:e1:6e:
                    d4:6c:22:88:f3:ef:32:c4:87:ea:ca:cb:f7:5d:fb:
                    39:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:BD:04:CA:CF:BA:8D:7C:F7:2E:D3:88:09:C6:B1:72:13:62:FC:A5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1a96e783-85df-484d-816d-2ccb7abace21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:d6:1b:97:22:2a:b3:16:37:6e:4a:84:7f:d1:89:44:40:bf:
         14:b0:8e:ac:f4:c8:19:54:b4:22:b3:30:b2:3a:a5:21:e3:73:
         77:84:aa:b4:c5:eb:49:c6:2d:b0:cf:2d:2b:3d:22:1a:d3:d6:
         b8:bc:c3:13:e3:6d:22:8d:e9:57:c0:0b:a5:8a:de:40:89:3d:
         a7:9a:87:05:f1:89:7e:84:e2:85:c7:22:5a:34:64:69:cf:08:
         04:52:91:35:f8:39:1f:34:a4:87:83:a1:45:7e:fb:a1:94:49:
         81:0e:1e:7d:cc:18:3c:53:8b:15:9b:c2:58:02:a4:47:32:20:
         10:1e:2c:ca:f9:2c:34:5e:90:d2:96:73:58:b9:01:a1:6d:2d:
         9e:25:e8:89:8a:2b:10:3c:6a:db:8d:a8:87:13:9f:17:3f:98:
         32:0f:2a:64:df:8b:dc:4d:a0:34:c8:d7:1b:3a:37:41:0c:2f:
         f2:fe:a1:18:a6:db:45:f6:62:d0:9b:1a:85:ec:f8:ae:7e:d0:
         ac:75:8f:fe:d2:1b:3c:7e:8b:74:4c:73:85:49:b5:eb:1a:2c:
         4a:dc:5f:58:74:97:67:97:90:54:67:c5:89:43:49:1d:34:bd:
         99:21:8c:e0:5a:9c:46:bc:d8:ab:4a:41:87:bb:b2:64:1d:23:
         5c:69:2c:4a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIzq2WzMVkXWaHoCQb8IFR7zqqUIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyODZmMGY4NzFmYThlNzlhZGJlYjAwNjRlNmMyNWUwNTUx
OTc4YmY2NDc3NTM1ZjVkOGZhOTAyZDlmYjYxN2QyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDL6boZ6yQdPFmCMghLBlIneyA9jjGSedAenqSZ/XFzfU5d
JGrHdPapkYqGKjSp/r3QZwE4ZreRf6e1L4m8bFuXYliQlwyQy4B+zTT7Ix5czRME
rwooKFHRQscIU+5Bn6ZFCJ1VXvZgfmQ9/6HnoyCgzznP7iycFBoRf9zyfxbt7ccv
JbcVGbYaVCn6lgWVKQWedvfqFPHoOXPYu9AtoCdv3sL3ogi/kkcL6FvEdwNyxCt4
qeSYaWqW2OOCsxbHjg/ofaeUCbXSLR6XilgG6Ldu0+0lng3HirrasoKfhQEtmqD8
UUO4LKrmm/TAbXThbtRsIojz7zLEh+rKy/dd+znXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ70Eys+6jXz3LtOICcaxchNi/KUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFhOTZlNzgzLTg1ZGYtNDg0ZC04MTZkLTJjY2I3YWJhY2UyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPJwwDQYJKoZIhvcNAQELBQADggEBALfWG5ciKrMWN25KhH/RiURAvxSw
jqz0yBlUtCKzMLI6pSHjc3eEqrTF60nGLbDPLSs9IhrT1ri8wxPjbSKN6VfAC6WK
3kCJPaeahwXxiX6E4oXHIlo0ZGnPCARSkTX4OR80pIeDoUV++6GUSYEOHn3MGDxT
ixWbwlgCpEcyIBAeLMr5LDRekNKWc1i5AaFtLZ4l6ImKKxA8atuNqIcTnxc/mDIP
KmTfi9xNoDTI1xs6N0EML/L+oRim20X2YtCbGoXs+K5+0Kx1j/7SGzx+i3RMc4VJ
tesaLErcX1h0l2eXkFRnxYlDSR00vZkhjOBanEa82KtKQYe7smQdI1xpLEo=
-----END CERTIFICATE-----