Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/211b1e52-4b6d-4415-92d4-b1788c65a486.roa
File:                     211b1e52-4b6d-4415-92d4-b1788c65a486.roa (raw, json)
Hash identifier:          BNcvNBQaFtgnCZSL1bNA070wTfJb8luNM7Vsuv0aqyM=
Subject key identifier:   B0:17:81:E4:C5:56:0B:A4:F0:48:FC:14:21:0D:01:F9:0C:A8:56:66
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A1DF5700437CA7DDBFDF5CEF24B3DDDF1D6B5F8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/211b1e52-4b6d-4415-92d4-b1788c65a486.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        207.9.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:1d:f5:70:04:37:ca:7d:db:fd:f5:ce:f2:4b:3d:dd:f1:d6:b5:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=322b171648e546d39935995074f36d4d2dcef4e1f5b4cb858047c462b2a9a26b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:4b:28:ee:e1:b9:8f:78:7a:5b:6d:9d:e0:57:
                    47:85:c9:0a:cc:9d:e2:5b:84:48:d1:11:74:05:da:
                    28:55:2f:c3:f7:35:6b:c9:fd:c4:37:06:18:ab:92:
                    36:c3:27:f9:54:18:3c:cd:bd:fc:4c:2c:3f:0f:ec:
                    ff:41:df:71:a8:32:41:97:2a:1f:ed:6a:83:53:53:
                    c2:a6:7c:3e:f3:98:7a:0c:95:64:c9:3e:b8:c0:52:
                    1c:b8:b8:d1:a1:68:32:b1:a8:73:2b:1a:b3:82:c9:
                    02:66:05:e0:27:7e:1d:f9:b4:34:c7:1d:c4:26:0c:
                    10:a0:f8:ad:ae:0b:ef:99:2b:5b:3f:a0:ba:09:98:
                    40:03:40:b8:20:a7:a2:59:4a:d5:24:3d:2d:ad:c3:
                    89:36:20:e0:e1:8d:2e:f3:c4:aa:ec:6d:82:c2:63:
                    2c:12:76:34:22:96:c5:51:a4:cb:d5:7c:a0:c7:d0:
                    4d:4d:b7:9e:bb:81:9b:34:cf:38:7f:dd:9a:76:dd:
                    41:b2:16:a3:9c:96:15:84:29:0f:d9:69:c2:d1:bd:
                    e8:36:6b:16:be:4f:b2:e5:15:88:d2:7e:39:2a:01:
                    49:83:6c:bd:8a:97:7a:3d:c1:99:5f:f1:c6:b0:13:
                    85:13:52:51:f0:01:9c:e5:fc:d0:29:53:f1:1a:7d:
                    28:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:17:81:E4:C5:56:0B:A4:F0:48:FC:14:21:0D:01:F9:0C:A8:56:66
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/211b1e52-4b6d-4415-92d4-b1788c65a486.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.9.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:59:dd:b0:0d:9d:d4:51:e2:3d:c5:69:e2:29:96:5e:3f:71:
         26:22:6f:2c:0d:6c:49:01:30:12:c8:e9:af:07:e2:d9:59:f4:
         01:ca:29:f9:5a:69:78:99:5b:c3:6b:3a:01:1f:63:3d:85:7f:
         6a:72:2a:bd:91:2d:40:cc:84:ea:1a:e3:75:8a:c0:76:c1:67:
         f0:2f:2c:60:78:fa:4a:12:55:70:3c:ce:b2:3d:45:56:4c:64:
         0a:9d:60:a8:35:9b:6a:ee:76:98:8b:96:ce:11:70:3a:d2:91:
         24:6a:84:7f:0f:8b:70:e3:3a:ce:83:ce:40:38:70:65:e4:e1:
         00:33:ff:b5:14:be:76:50:cd:2f:b4:ec:b6:db:1b:7c:c7:95:
         6f:dc:75:02:89:2f:0c:ba:d5:33:32:9e:2f:ea:c5:42:bc:90:
         16:57:99:5f:fe:f3:ae:2d:04:b0:1a:8c:3c:8f:c2:23:f0:a6:
         73:7d:76:c0:1f:de:1b:03:2b:36:14:f4:1c:87:ea:6b:47:8a:
         c7:50:b9:b1:24:1e:10:4f:7b:9e:d7:5e:cf:42:3d:e5:16:c8:
         2e:dc:04:c9:a3:d9:a8:78:cc:83:44:e0:bb:a1:01:30:68:4f:
         ee:75:43:46:42:e7:9c:3d:2c:07:20:1f:a7:b3:f1:ee:b6:a2:
         46:e1:da:1c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSh31cAQ3yn3b/fXO8ks93fHWtfgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjJiMTcxNjQ4ZTU0NmQzOTkzNTk5NTA3NGYzNmQ0ZDJk
Y2VmNGUxZjViNGNiODU4MDQ3YzQ2MmIyYTlhMjZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZSyju4bmPeHpbbZ3gV0eFyQrMneJbhEjREXQF2ihVL8P3
NWvJ/cQ3BhirkjbDJ/lUGDzNvfxMLD8P7P9B33GoMkGXKh/taoNTU8KmfD7zmHoM
lWTJPrjAUhy4uNGhaDKxqHMrGrOCyQJmBeAnfh35tDTHHcQmDBCg+K2uC++ZK1s/
oLoJmEADQLggp6JZStUkPS2tw4k2IODhjS7zxKrsbYLCYywSdjQilsVRpMvVfKDH
0E1Nt567gZs0zzh/3Zp23UGyFqOclhWEKQ/ZacLRveg2axa+T7LlFYjSfjkqAUmD
bL2Kl3o9wZlf8cawE4UTUlHwAZzl/NApU/EafSjBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsBeB5MVWC6TwSPwUIQ0B+QyoVmYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIxMWIxZTUyLTRiNmQtNDQxNS05MmQ0LWIxNzg4YzY1YTQ4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDPCTANBgkqhkiG9w0BAQsFAAOCAQEAalndsA2d1FHiPcVp4imWXj9xJiJv
LA1sSQEwEsjprwfi2Vn0Acop+VppeJlbw2s6AR9jPYV/anIqvZEtQMyE6hrjdYrA
dsFn8C8sYHj6ShJVcDzOsj1FVkxkCp1gqDWbau52mIuWzhFwOtKRJGqEfw+LcOM6
zoPOQDhwZeThADP/tRS+dlDNL7TsttsbfMeVb9x1AokvDLrVMzKeL+rFQryQFleZ
X/7zri0EsBqMPI/CI/Cmc312wB/eGwMrNhT0HIfqa0eKx1C5sSQeEE97ntdez0I9
5RbILtwEyaPZqHjMg0Tgu6EBMGhP7nVDRkLnnD0sByAfp7Px7raiRuHaHA==
-----END CERTIFICATE-----