Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2913887f-1b92-4da2-8b74-668110b7223c.roa
File:                     2913887f-1b92-4da2-8b74-668110b7223c.roa (raw, json)
Hash identifier:          9U5Jy0f8k5ZUBzxtbyEgXe1lrrw4JIk1XfjbhjqsIIo=
Subject key identifier:   67:ED:7E:46:0B:7D:23:8C:D2:42:43:98:76:B3:B8:55:21:7F:31:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DAF586DDC73C508ED02D1581160E5E0292F9164
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2913887f-1b92-4da2-8b74-668110b7223c.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        134.38.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:af:58:6d:dc:73:c5:08:ed:02:d1:58:11:60:e5:e0:29:2f:91:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=dad1a803f87a005a95da33c0faf53ae72cd27def2ca7992672fbcb8862e7b0ff, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:69:c3:c5:69:fa:29:6a:4d:0a:be:08:d0:88:
                    0d:4f:ac:f6:2b:98:d0:d2:44:9c:df:4a:12:f0:15:
                    a7:39:21:fa:dd:b2:23:be:4b:ae:86:1e:70:b5:9f:
                    6e:85:44:eb:da:c7:8d:c8:8d:2a:7f:f6:72:81:d3:
                    03:fc:d5:80:81:12:ab:e6:0c:db:f3:3b:d2:a0:cb:
                    ec:66:f6:0c:c4:d3:fd:63:23:03:f5:7d:1a:10:c5:
                    bd:fb:77:64:1c:ee:c0:f3:e3:79:55:bf:40:3e:3e:
                    a7:17:0f:8f:c0:80:ab:74:0e:fb:33:12:42:37:a7:
                    e8:19:7e:35:13:e5:bc:d3:1a:ba:c8:f2:2e:97:48:
                    61:e3:9a:47:bd:97:64:f0:a0:0c:de:99:46:01:b1:
                    d2:e6:0e:27:ff:d8:61:00:25:72:f5:8c:7a:f9:ae:
                    2e:5b:9a:6e:a2:c3:75:bc:3f:72:54:c6:4c:91:6e:
                    4a:fd:a5:8a:9e:da:e6:c6:7b:23:7d:9f:96:61:38:
                    fa:1a:cc:d7:fd:61:0b:0b:e0:b2:a7:83:ad:54:59:
                    e1:5c:af:7e:14:89:f2:13:09:e8:91:18:03:cb:0f:
                    f9:15:bd:5d:69:30:e6:aa:8d:a4:8c:e3:29:c9:2d:
                    0a:fd:26:3a:b0:36:e2:5d:f8:35:47:02:ee:b2:82:
                    f6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:ED:7E:46:0B:7D:23:8C:D2:42:43:98:76:B3:B8:55:21:7F:31:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2913887f-1b92-4da2-8b74-668110b7223c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.38.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         91:5c:25:67:68:0d:37:a0:e4:69:c8:6b:79:cf:61:3b:82:e0:
         2a:24:03:ff:3e:7b:93:93:aa:6b:f8:31:fb:50:31:09:80:c3:
         87:2e:d5:29:f4:2c:72:eb:ab:f4:8d:90:80:3d:5f:f0:fa:85:
         66:92:3e:55:43:54:39:97:24:d2:43:11:ff:f4:97:67:f5:1e:
         44:ea:10:62:f6:f6:14:4a:02:48:32:fc:a3:4c:bf:3c:eb:b6:
         f4:3d:18:f9:c0:80:85:d2:da:67:65:d9:99:58:b3:eb:0f:84:
         df:71:20:77:1b:d6:56:85:ec:d5:7e:0f:a4:76:dc:92:dc:ae:
         85:7c:21:22:01:01:9c:8e:da:80:7a:cf:85:0b:a0:bc:95:d0:
         4d:13:01:54:a7:5d:1f:d2:98:09:37:e6:93:ca:7b:3b:5f:3d:
         ba:74:d0:e7:30:e8:6b:57:30:c1:32:7c:3d:38:e2:be:c1:a2:
         52:fe:6b:c9:dc:36:64:85:ac:37:a0:18:47:c2:c4:9a:48:d1:
         32:85:8a:20:ff:48:de:84:a6:b7:75:40:90:08:75:dd:a4:9d:
         cf:3f:7b:a1:0c:22:01:2c:57:ba:24:5c:8d:ec:1f:7c:74:cc:
         2d:57:51:3b:d3:7a:fc:df:b6:97:a1:32:55:8e:99:27:92:b1:
         8c:19:e3:f3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDa9YbdxzxQjtAtFYEWDl4CkvkWQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYWQxYTgwM2Y4N2EwMDVhOTVkYTMzYzBmYWY1M2FlNzJj
ZDI3ZGVmMmNhNzk5MjY3MmZiY2I4ODYyZTdiMGZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgacPFafopak0KvgjQiA1PrPYrmNDSRJzfShLwFac5Ifrd
siO+S66GHnC1n26FROvax43IjSp/9nKB0wP81YCBEqvmDNvzO9Kgy+xm9gzE0/1j
IwP1fRoQxb37d2Qc7sDz43lVv0A+PqcXD4/AgKt0DvszEkI3p+gZfjUT5bzTGrrI
8i6XSGHjmke9l2TwoAzemUYBsdLmDif/2GEAJXL1jHr5ri5bmm6iw3W8P3JUxkyR
bkr9pYqe2ubGeyN9n5ZhOPoazNf9YQsL4LKng61UWeFcr34UifITCeiRGAPLD/kV
vV1pMOaqjaSM4ynJLQr9JjqwNuJd+DVHAu6ygvbhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZ+1+Rgt9I4zSQkOYdrO4VSF/MX0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5MTM4ODdmLTFiOTItNGRhMi04Yjc0LTY2ODExMGI3MjIzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCGJjANBgkqhkiG9w0BAQsFAAOCAQEAkVwlZ2gNN6Dkachrec9hO4LgKiQD
/z57k5Oqa/gx+1AxCYDDhy7VKfQscuur9I2QgD1f8PqFZpI+VUNUOZck0kMR//SX
Z/UeROoQYvb2FEoCSDL8o0y/POu29D0Y+cCAhdLaZ2XZmViz6w+E33EgdxvWVoXs
1X4PpHbcktyuhXwhIgEBnI7agHrPhQugvJXQTRMBVKddH9KYCTfmk8p7O189unTQ
5zDoa1cwwTJ8PTjivsGiUv5rydw2ZIWsN6AYR8LEmkjRMoWKIP9I3oSmt3VAkAh1
3aSdzz97oQwiASxXuiRcjewffHTMLVdRO9N6/N+2l6EyVY6ZJ5KxjBnj8w==
-----END CERTIFICATE-----