Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b9faa0b-c075-4c2e-b191-84934db86a66.roa
File:                     1b9faa0b-c075-4c2e-b191-84934db86a66.roa (raw, json)
Hash identifier:          xOUHWhSPCX6uSSHi2w4zoqlDgdn0KqwSqzhODdRVHDk=
Subject key identifier:   CF:8B:32:B2:C4:A2:59:EE:EF:09:8A:14:A8:ED:8F:5A:E2:22:AA:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       109E48DA27A926F8C38C11753E46C2E3C3A84E29
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b9faa0b-c075-4c2e-b191-84934db86a66.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        192.43.176.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:9e:48:da:27:a9:26:f8:c3:8c:11:75:3e:46:c2:e3:c3:a8:4e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:23:a2:df:c2:57:1c:df:33:a7:8c:de:38:3d:
                    5d:8b:a3:86:cb:2b:0a:6b:d3:1b:d9:22:4d:47:b8:
                    7f:3e:ec:b0:24:66:ee:ff:90:f1:02:e6:e1:65:c6:
                    0a:aa:33:f2:30:8e:df:e4:56:60:e4:f8:14:3a:25:
                    0d:6d:c5:ef:5b:44:dc:41:eb:fb:3f:69:25:d4:bc:
                    92:62:be:52:a6:04:3e:42:d9:1a:f6:33:24:30:a0:
                    a6:b6:82:19:8d:f5:1d:da:e6:f1:2b:bd:df:80:3d:
                    3e:be:59:68:fe:e8:4d:a0:42:70:ef:dc:14:ec:b5:
                    a9:f6:47:70:22:ed:c7:8a:b4:c7:0c:ac:f4:d6:24:
                    24:cd:4d:25:e5:6c:9b:c0:11:94:ed:fc:88:25:84:
                    16:f2:64:ee:8d:39:e7:6f:6a:a8:b8:ab:7b:07:db:
                    5a:b9:cd:db:d0:b8:68:fd:ac:64:67:77:21:32:ae:
                    93:09:75:7d:1c:a2:ac:c0:61:0a:53:92:5a:49:b7:
                    b4:ed:3c:f8:8d:31:c5:93:51:36:51:43:a0:d6:96:
                    be:e0:ef:84:33:cc:53:2b:69:9d:3a:6d:f6:be:93:
                    2a:fe:5b:d2:b6:ac:8d:f9:53:31:68:77:28:1c:08:
                    81:1c:2b:04:e7:61:80:a0:59:0c:f1:e6:d5:cf:09:
                    6e:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:8B:32:B2:C4:A2:59:EE:EF:09:8A:14:A8:ED:8F:5A:E2:22:AA:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b9faa0b-c075-4c2e-b191-84934db86a66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.43.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b5:02:6b:ec:c5:84:eb:27:3e:f2:c4:b6:3f:42:23:ab:dd:19:
         22:0c:fd:f7:ba:ff:26:f0:d3:04:d5:f1:28:9e:73:1b:81:bf:
         36:80:b4:e3:a0:31:69:2f:fb:ea:4e:9b:36:a7:37:9b:e5:99:
         84:22:25:2d:14:e6:c2:55:6f:e3:de:e2:2f:d4:09:60:9d:45:
         37:74:7a:f0:07:80:2f:76:30:5e:60:50:1d:91:9b:9f:05:26:
         43:32:21:fd:25:34:89:3d:ce:a5:1c:55:c6:75:73:e2:5d:14:
         4b:ba:b3:36:47:77:f0:62:af:24:19:91:2e:4d:12:8c:7f:9f:
         17:2c:69:96:a1:9e:b5:fa:0a:74:02:fc:e3:f1:11:2c:45:28:
         b7:7c:d0:86:d6:82:18:e1:37:0d:d6:b0:e3:8b:f5:b6:59:01:
         eb:7c:61:11:c6:4f:bb:b5:ef:6f:88:e5:e7:58:cf:08:47:b2:
         ed:84:68:ba:99:db:4a:7a:b7:2d:4e:44:c9:d7:2b:13:16:46:
         9a:2b:61:50:66:ba:b6:9a:4d:fa:78:14:75:58:77:67:35:ac:
         59:0d:ac:bf:e0:e1:ed:c9:bb:2b:e1:53:d4:69:79:f1:61:3a:
         37:29:8a:96:7a:fe:20:df:af:c7:88:fa:72:2d:b3:64:3d:bb:
         34:39:5f:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEJ5I2iepJvjDjBF1PkbC48OoTikwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NmNkZDliZDMyMGE2Nzc2MjZmYmFjOTdlZWY0NDY5NDEy
YjMwNDk2N2ZmNTQyYjk1MDdiNmVmMDI1ZWFmODhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzI6Lfwlcc3zOnjN44PV2Lo4bLKwpr0xvZIk1HuH8+7LAk
Zu7/kPEC5uFlxgqqM/Iwjt/kVmDk+BQ6JQ1txe9bRNxB6/s/aSXUvJJivlKmBD5C
2Rr2MyQwoKa2ghmN9R3a5vErvd+APT6+WWj+6E2gQnDv3BTstan2R3Ai7ceKtMcM
rPTWJCTNTSXlbJvAEZTt/IglhBbyZO6NOedvaqi4q3sH21q5zdvQuGj9rGRndyEy
rpMJdX0coqzAYQpTklpJt7TtPPiNMcWTUTZRQ6DWlr7g74QzzFMraZ06bfa+kyr+
W9K2rI35UzFodygcCIEcKwTnYYCgWQzx5tXPCW7jAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz4syssSiWe7vCYoUqO2PWuIiqkkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiOWZhYTBiLWMwNzUtNGMyZS1iMTkxLTg0OTM0ZGI4NmE2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPAK7AwDQYJKoZIhvcNAQELBQADggEBALUCa+zFhOsnPvLEtj9CI6vdGSIM
/fe6/ybw0wTV8SiecxuBvzaAtOOgMWkv++pOmzanN5vlmYQiJS0U5sJVb+Pe4i/U
CWCdRTd0evAHgC92MF5gUB2Rm58FJkMyIf0lNIk9zqUcVcZ1c+JdFEu6szZHd/Bi
ryQZkS5NEox/nxcsaZahnrX6CnQC/OPxESxFKLd80IbWghjhNw3WsOOL9bZZAet8
YRHGT7u172+I5edYzwhHsu2EaLqZ20p6ty1ORMnXKxMWRporYVBmuraaTfp4FHVY
d2c1rFkNrL/g4e3JuyvhU9RpefFhOjcpipZ6/iDfr8eI+nIts2Q9uzQ5X5E=
-----END CERTIFICATE-----