Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bfae000-3517-4c21-a284-ea4fa37836ab.roa
File:                     2bfae000-3517-4c21-a284-ea4fa37836ab.roa (raw, json)
Hash identifier:          3wWwcKsHjuXBUBwN4ZEllIeN/K86THk2+c0KO+wFK+o=
Subject key identifier:   74:D0:A6:DD:3B:D6:6B:00:4B:2E:34:AC:C6:5E:F2:F0:3F:2F:38:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F6774CACD91C73BD4FED092556B45D8AA9C632B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bfae000-3517-4c21-a284-ea4fa37836ab.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        184.169.64.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:67:74:ca:cd:91:c7:3b:d4:fe:d0:92:55:6b:45:d8:aa:9c:63:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=e74ad9070a55c0eb1fe6ddee01135dd1d655c7e1eb26c5d920eabc8f6055aae3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d6:d0:44:e7:10:b7:0e:05:63:0e:14:ab:04:
                    4d:6a:7c:d4:9f:3c:42:33:5e:31:ce:fa:87:3d:96:
                    0a:ab:6f:3c:9f:42:18:4e:e6:74:dd:92:57:3d:f5:
                    4f:aa:e9:a4:62:2f:0a:bf:d4:9b:27:13:fd:2a:dd:
                    c8:68:5d:7f:ff:90:9e:99:c5:9c:53:c9:b3:b8:5a:
                    df:f0:db:e7:d9:94:6b:4f:b5:35:8a:17:c8:19:56:
                    5b:e6:f3:98:dd:1d:61:ec:a9:79:80:62:b4:0f:f8:
                    0e:b2:f8:b5:5f:02:d2:a8:3c:ff:af:f6:9d:68:9e:
                    ed:2f:fe:c8:af:84:01:cf:21:58:8e:91:e3:a9:6b:
                    76:f5:ef:1d:ec:7a:7b:50:81:73:17:3c:cd:8b:06:
                    c6:bf:d5:54:c4:e0:df:c9:9b:b4:27:23:72:54:af:
                    3b:eb:47:5b:75:84:84:94:e6:7a:1d:fd:80:dc:59:
                    ec:06:70:75:2b:7f:e0:59:10:df:26:f3:80:e7:e6:
                    cb:3a:9e:f2:5a:2d:96:83:ba:59:d2:82:00:43:10:
                    47:8c:3d:dd:b9:bd:a5:89:6a:5f:7f:35:84:76:f6:
                    e6:99:8c:fd:f1:f3:06:ec:03:a5:b2:5c:a1:c2:77:
                    f2:88:b2:e3:99:c0:39:a2:3c:9b:48:32:82:52:60:
                    8c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:D0:A6:DD:3B:D6:6B:00:4B:2E:34:AC:C6:5E:F2:F0:3F:2F:38:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bfae000-3517-4c21-a284-ea4fa37836ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  184.169.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         85:2c:5e:7e:f3:fc:83:7d:9f:9d:34:33:7b:6d:ae:d8:e0:36:
         9c:3d:e1:8e:e9:11:45:2f:09:bb:49:fa:16:fa:2a:62:b1:35:
         e1:b6:44:f9:d7:9c:67:de:d6:40:ac:bb:18:2e:db:a1:6b:00:
         90:4f:a9:48:07:b1:54:b1:b9:0f:77:08:28:de:5d:42:ee:cb:
         81:40:14:90:be:cd:0f:72:1d:43:a2:32:ee:e1:fa:e0:fb:ab:
         bb:da:16:69:6b:7e:12:19:99:99:15:0c:ae:dd:4a:fb:8e:9c:
         72:3f:11:cf:5f:af:68:81:77:25:93:16:4c:81:46:10:4c:f5:
         82:e1:ed:8f:23:de:ff:c6:2d:52:c2:2a:a7:48:3d:66:15:a9:
         df:cd:ca:c7:cb:d8:6b:83:c4:e6:56:a6:b1:f9:1b:50:9e:47:
         a3:d2:0e:95:41:78:01:31:50:77:b7:71:27:50:cf:c6:bf:c9:
         eb:50:80:e6:be:c2:1f:31:04:18:bb:5b:eb:35:08:9c:2a:fb:
         01:f4:00:41:38:a4:d5:35:d7:25:8b:86:ca:00:f2:59:8e:ed:
         d4:92:62:bf:1a:6b:6c:37:f3:0a:5b:b9:8f:77:da:d2:33:ee:
         1e:89:0d:e3:e2:b7:e3:81:9f:31:c4:68:a5:fb:06:75:94:aa:
         0e:77:4f:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD2d0ys2RxzvU/tCSVWtF2KqcYyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNzRhZDkwNzBhNTVjMGViMWZlNmRkZWUwMTEzNWRkMWQ2
NTVjN2UxZWIyNmM1ZDkyMGVhYmM4ZjYwNTVhYWUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC1tBE5xC3DgVjDhSrBE1qfNSfPEIzXjHO+oc9lgqrbzyf
QhhO5nTdklc99U+q6aRiLwq/1JsnE/0q3choXX//kJ6ZxZxTybO4Wt/w2+fZlGtP
tTWKF8gZVlvm85jdHWHsqXmAYrQP+A6y+LVfAtKoPP+v9p1onu0v/sivhAHPIViO
keOpa3b17x3sentQgXMXPM2LBsa/1VTE4N/Jm7QnI3JUrzvrR1t1hISU5nod/YDc
WewGcHUrf+BZEN8m84Dn5ss6nvJaLZaDulnSggBDEEeMPd25vaWJal9/NYR29uaZ
jP3x8wbsA6WyXKHCd/KIsuOZwDmiPJtIMoJSYIxpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdNCm3TvWawBLLjSsxl7y8D8vOGEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiZmFlMDAwLTM1MTctNGMyMS1hMjg0LWVhNGZhMzc4MzZhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAW4qUAwDQYJKoZIhvcNAQELBQADggEBAIUsXn7z/IN9n500M3ttrtjgNpw9
4Y7pEUUvCbtJ+hb6KmKxNeG2RPnXnGfe1kCsuxgu26FrAJBPqUgHsVSxuQ93CCje
XULuy4FAFJC+zQ9yHUOiMu7h+uD7q7vaFmlrfhIZmZkVDK7dSvuOnHI/Ec9fr2iB
dyWTFkyBRhBM9YLh7Y8j3v/GLVLCKqdIPWYVqd/NysfL2GuDxOZWprH5G1CeR6PS
DpVBeAExUHe3cSdQz8a/yetQgOa+wh8xBBi7W+s1CJwq+wH0AEE4pNU11yWLhsoA
8lmO7dSSYr8aa2w38wpbuY932tIz7h6JDePit+OBnzHEaKX7BnWUqg53TxA=
-----END CERTIFICATE-----