Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e60377-93b1-4496-a57e-408c7ea238dd.roa
File:                     22e60377-93b1-4496-a57e-408c7ea238dd.roa (raw, json)
Hash identifier:          lgm8bSG0Pnooyeh/g8opeqF/SlCaRUzqPBbvS57L/EE=
Subject key identifier:   03:5A:A7:7B:D6:2E:F0:6F:51:B9:BF:BC:CE:18:19:A2:41:A0:AF:A1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60F1E13239F0FB391E6BB6789F580DB6C64F1A52
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e60377-93b1-4496-a57e-408c7ea238dd.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        57.88.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:f1:e1:32:39:f0:fb:39:1e:6b:b6:78:9f:58:0d:b6:c6:4f:1a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=325783ed1b925112ed68d6ea6ffa51a68b08902f96e0f3bc8d3f8a2c0675f562, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:11:49:05:a2:8c:d6:42:c4:65:a4:38:c1:e4:
                    25:d1:7b:11:21:ac:6a:a0:3a:ce:b6:ec:a0:8d:06:
                    2a:8f:1f:5a:28:bb:91:eb:66:db:23:9d:ab:ec:3f:
                    e7:9f:76:47:37:60:13:d2:0f:90:63:c7:91:76:95:
                    80:cf:de:d7:20:e6:d9:48:22:57:b2:f6:fa:5b:1d:
                    25:a3:78:83:62:36:00:31:84:a6:f4:37:93:d7:06:
                    c6:5b:07:6c:d1:c9:d7:24:75:68:fb:25:de:7f:17:
                    52:db:44:3b:55:bd:8f:a3:e7:41:91:51:44:e4:4e:
                    8d:43:55:fe:3b:3d:fe:c5:a9:dc:f5:fd:63:eb:26:
                    8c:73:aa:2b:95:a9:ca:6b:13:42:4e:a1:df:c1:b0:
                    97:4a:51:92:be:60:69:ed:0b:44:ab:08:17:39:91:
                    13:5f:6c:1d:4f:4f:d9:a2:a5:45:d1:6e:9b:b7:6c:
                    00:d7:06:58:5d:3d:43:47:82:f3:ec:e2:de:68:2e:
                    cd:61:cd:40:ff:ee:4c:45:3f:6d:9d:b3:91:06:b4:
                    49:41:83:bd:75:d9:ab:b8:7e:07:8c:16:50:d4:9f:
                    88:05:25:d6:0a:2a:78:11:87:c4:4a:5c:14:fe:8f:
                    4c:fa:68:f6:6a:ec:1e:d7:53:30:85:56:3e:1a:a7:
                    f7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5A:A7:7B:D6:2E:F0:6F:51:B9:BF:BC:CE:18:19:A2:41:A0:AF:A1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/22e60377-93b1-4496-a57e-408c7ea238dd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:00:90:6b:97:b6:02:a6:4c:cb:f6:bc:42:12:23:ba:79:a1:
         e2:f3:6a:33:37:63:b7:e1:57:b2:08:e0:ae:37:68:94:90:fc:
         a2:a2:10:c2:51:e0:9b:5a:4e:4d:e5:73:1f:7a:7b:4e:49:06:
         29:da:15:9c:4d:72:5b:2f:b9:2a:f1:db:93:43:f0:8d:7a:09:
         99:1b:01:a3:c3:18:96:7c:2a:60:27:78:81:1a:dc:2f:72:16:
         63:b1:ae:02:26:12:99:bc:7e:84:b1:20:dc:44:10:12:c6:12:
         03:fb:7b:37:28:96:58:07:1c:b5:16:ce:16:30:17:c4:1b:32:
         7b:a4:7b:4e:f4:96:b2:90:a5:2d:84:de:1f:68:27:27:88:c7:
         a3:14:81:8b:c6:18:82:bb:1d:8c:53:fe:4f:f4:c7:3f:ca:09:
         63:d9:ce:f2:77:ef:d0:16:10:a8:23:8e:08:5c:8b:11:30:67:
         5c:f7:64:41:ac:2d:1a:09:37:3d:89:8d:fa:c3:12:c5:ef:33:
         0d:b4:dc:06:c9:5e:62:7c:7c:89:7f:0c:f8:7c:ff:64:69:a1:
         5d:f9:1e:ce:d2:ec:27:98:48:72:cd:45:d9:4d:36:6e:66:a0:
         1a:07:db:45:16:0a:92:26:0e:0d:71:b0:87:df:65:c0:da:45:
         c9:ae:67:71
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYPHhMjnw+zkea7Z4n1gNtsZPGlIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjU3ODNlZDFiOTI1MTEyZWQ2OGQ2ZWE2ZmZhNTFhNjhi
MDg5MDJmOTZlMGYzYmM4ZDNmOGEyYzA2NzVmNTYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0EUkFoozWQsRlpDjB5CXRexEhrGqgOs627KCNBiqPH1oo
u5HrZtsjnavsP+efdkc3YBPSD5Bjx5F2lYDP3tcg5tlIIley9vpbHSWjeINiNgAx
hKb0N5PXBsZbB2zRydckdWj7Jd5/F1LbRDtVvY+j50GRUUTkTo1DVf47Pf7Fqdz1
/WPrJoxzqiuVqcprE0JOod/BsJdKUZK+YGntC0SrCBc5kRNfbB1PT9mipUXRbpu3
bADXBlhdPUNHgvPs4t5oLs1hzUD/7kxFP22ds5EGtElBg7112au4fgeMFlDUn4gF
JdYKKngRh8RKXBT+j0z6aPZq7B7XUzCFVj4ap/epAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUA1qne9Yu8G9Rub+8zhgZokGgr6EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIyZTYwMzc3LTkzYjEtNDQ5Ni1hNTdlLTQwOGM3ZWEyMzhkZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5WDANBgkqhkiG9w0BAQsFAAOCAQEARQCQa5e2AqZMy/a8QhIjunmh4vNq
Mzdjt+FXsgjgrjdolJD8oqIQwlHgm1pOTeVzH3p7TkkGKdoVnE1yWy+5KvHbk0Pw
jXoJmRsBo8MYlnwqYCd4gRrcL3IWY7GuAiYSmbx+hLEg3EQQEsYSA/t7NyiWWAcc
tRbOFjAXxBsye6R7TvSWspClLYTeH2gnJ4jHoxSBi8YYgrsdjFP+T/THP8oJY9nO
8nfv0BYQqCOOCFyLETBnXPdkQawtGgk3PYmN+sMSxe8zDbTcBsleYnx8iX8M+Hz/
ZGmhXfkeztLsJ5hIcs1F2U02bmagGgfbRRYKkiYODXGwh99lwNpFya5ncQ==
-----END CERTIFICATE-----