Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32c9bdce-2cab-44a4-aae4-90c7e18b0978.roa
File:                     32c9bdce-2cab-44a4-aae4-90c7e18b0978.roa (raw, json)
Hash identifier:          PLBsxnCTwp9n+gyURnaaciALb5QK0RKq3I0NPiQL5is=
Subject key identifier:   46:95:B4:95:31:7B:DA:65:CB:61:47:D7:C6:08:25:8C:92:B9:E5:2D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E7412CF666F61CD3CD0294D1BA91FCD9D46A395
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32c9bdce-2cab-44a4-aae4-90c7e18b0978.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        78.12.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:74:12:cf:66:6f:61:cd:3c:d0:29:4d:1b:a9:1f:cd:9d:46:a3:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:11:68:d9:c5:b3:1f:1e:a1:87:52:0b:33:43:
                    8c:6b:04:02:95:ea:2f:2c:7e:36:ee:5e:f5:d9:91:
                    51:8b:4a:ca:1e:46:8b:60:ec:1d:b7:72:46:be:63:
                    d7:92:ac:8d:6d:21:18:0d:68:5d:0d:15:c7:f8:7a:
                    43:ae:ae:14:db:14:e0:28:f4:24:bd:2c:ce:ff:47:
                    66:b7:13:86:f4:88:34:14:a0:f4:0a:b1:5b:53:67:
                    95:2f:7a:4b:e2:01:68:76:d9:b8:09:a8:7b:d8:97:
                    1f:d4:97:73:03:8b:4a:f8:09:e1:8d:fa:9a:27:c2:
                    27:cc:86:1c:51:1a:03:d2:72:05:6d:35:39:26:55:
                    3f:28:d2:2c:19:74:49:e8:31:2d:ed:e5:c7:8f:2b:
                    67:ea:6e:eb:c8:e8:b2:bc:a3:8b:f5:63:08:92:ef:
                    ec:ce:25:f4:b4:71:a7:f9:e2:93:e7:64:6e:7e:87:
                    44:4f:73:a9:32:be:06:4b:5a:42:a0:51:a3:6e:1c:
                    62:b6:b2:11:98:7d:77:80:0c:91:24:35:c0:85:9e:
                    e2:41:ac:18:81:c8:43:ad:55:00:03:97:36:2e:88:
                    33:5f:69:46:e1:e0:eb:10:5a:9f:28:9f:37:a7:da:
                    3c:56:30:c1:05:0e:df:38:aa:6d:d3:2a:38:72:1a:
                    75:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:95:B4:95:31:7B:DA:65:CB:61:47:D7:C6:08:25:8C:92:B9:E5:2D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32c9bdce-2cab-44a4-aae4-90c7e18b0978.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.12.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1c:e5:57:ea:1e:7c:a1:a0:1e:82:1c:53:3e:60:d8:d6:f2:6a:
         28:5c:45:1a:b5:fa:56:46:32:4e:a7:76:52:3f:48:2a:1f:c1:
         ac:c8:a8:fe:cc:fb:3d:52:4d:30:e7:0f:85:a1:00:1f:70:ca:
         b5:e0:cf:81:a7:77:ef:f1:e3:ab:55:a1:53:ca:f1:8a:64:58:
         7b:cf:1f:40:b3:7b:b4:c1:66:3d:63:9e:d5:de:af:5a:b7:42:
         46:d9:ea:0a:a2:2c:8b:56:d7:f0:7b:23:2e:88:29:2b:01:18:
         d5:d0:66:f2:73:ca:2b:1e:84:49:74:79:e1:4e:b0:53:aa:6c:
         02:4a:98:92:3e:1f:01:c7:92:d4:8d:52:8a:e2:d7:a3:41:cf:
         ae:75:a4:5a:de:7e:05:95:e2:21:75:6d:c8:f0:ad:94:51:3f:
         40:00:f2:72:52:a3:82:a0:0a:cf:17:41:87:bf:06:e3:3a:21:
         2b:39:ce:0a:d6:ea:b6:f1:4e:dd:1f:0c:e9:22:39:bf:f3:8b:
         5c:60:ab:f3:3b:ce:ca:9e:32:d8:6c:6b:e5:e4:66:51:b7:63:
         e6:4e:0b:d4:a4:f4:90:1f:05:48:19:d3:58:5e:ad:21:42:d0:
         ac:e5:9f:37:58:27:dd:9b:ba:71:e8:4b:92:ae:d6:70:3d:03:
         47:88:f6:89
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPnQSz2ZvYc080ClNG6kfzZ1Go5UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiM2E0MzAwNDM1MmQ1MTk3YzBiOGFmODkxOTY3NWZmOTU5
NWRlZDhmN2QwZTRhOWI5MjIzMzc4NjVhOWRkZWI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMEWjZxbMfHqGHUgszQ4xrBAKV6i8sfjbuXvXZkVGLSsoe
Rotg7B23cka+Y9eSrI1tIRgNaF0NFcf4ekOurhTbFOAo9CS9LM7/R2a3E4b0iDQU
oPQKsVtTZ5UvekviAWh22bgJqHvYlx/Ul3MDi0r4CeGN+ponwifMhhxRGgPScgVt
NTkmVT8o0iwZdEnoMS3t5cePK2fqbuvI6LK8o4v1YwiS7+zOJfS0caf54pPnZG5+
h0RPc6kyvgZLWkKgUaNuHGK2shGYfXeADJEkNcCFnuJBrBiByEOtVQADlzYuiDNf
aUbh4OsQWp8onzen2jxWMMEFDt84qm3TKjhyGnWxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURpW0lTF72mXLYUfXxggljJK55S0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMyYzliZGNlLTJjYWItNDRhNC1hYWU0LTkwYzdlMThiMDk3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFODDANBgkqhkiG9w0BAQsFAAOCAQEAHOVX6h58oaAeghxTPmDY1vJqKFxF
GrX6VkYyTqd2Uj9IKh/BrMio/sz7PVJNMOcPhaEAH3DKteDPgad37/Hjq1WhU8rx
imRYe88fQLN7tMFmPWOe1d6vWrdCRtnqCqIsi1bX8HsjLogpKwEY1dBm8nPKKx6E
SXR54U6wU6psAkqYkj4fAceS1I1SiuLXo0HPrnWkWt5+BZXiIXVtyPCtlFE/QADy
clKjgqAKzxdBh78G4zohKznOCtbqtvFO3R8M6SI5v/OLXGCr8zvOyp4y2Gxr5eRm
Ubdj5k4L1KT0kB8FSBnTWF6tIULQrOWfN1gn3Zu6cehLkq7WcD0DR4j2iQ==
-----END CERTIFICATE-----