Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/399b4f0e-8822-48d9-9c9e-c82f55e2d4ca.roa
File:                     399b4f0e-8822-48d9-9c9e-c82f55e2d4ca.roa (raw, json)
Hash identifier:          ee6nQb/BFlBFNk/iulBcbp3WDgOk4y7JMAcD91ot7AU=
Subject key identifier:   CD:CD:D7:54:F6:9A:92:9E:8C:F6:65:B1:E8:F4:C3:53:59:C3:28:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F1F03197872714BE60A4F3541ECFCBB2EE09D6B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/399b4f0e-8822-48d9-9c9e-c82f55e2d4ca.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.1.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:1f:03:19:78:72:71:4b:e6:0a:4f:35:41:ec:fc:bb:2e:e0:9d:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=c87ae293e4892d152a52b17c4ce33e2ab2671846a99efb84af9e072192b2b237, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6f:36:f8:34:ba:4f:0c:fa:82:40:5f:6e:70:
                    a5:46:ca:1d:c6:82:d2:d2:5e:0a:0e:3d:8a:4c:ef:
                    1d:d0:93:63:63:75:79:01:cd:27:cf:c6:b3:d0:02:
                    8b:50:d3:01:fd:f2:db:ee:ff:68:cf:38:a2:2b:85:
                    82:91:82:5a:41:8e:5d:39:c7:be:cc:16:11:02:47:
                    08:93:5a:bf:dc:93:e6:bb:29:8c:77:1c:17:64:60:
                    bf:ea:09:0f:d4:4f:83:a5:b4:1d:9a:2f:4d:77:12:
                    57:56:5b:bf:21:38:7d:9a:97:7b:4d:10:23:d7:e9:
                    18:32:b1:eb:97:a9:e7:02:56:56:8f:83:0d:35:93:
                    e1:eb:04:dc:c1:e3:7e:36:9c:28:b9:b8:46:16:94:
                    20:c1:53:2a:7e:9f:33:18:39:35:66:f4:09:0f:e1:
                    4d:87:cf:f8:2b:4a:c5:a9:2f:fa:4f:ec:4f:75:60:
                    ad:d9:b8:28:43:d7:49:27:2c:f7:79:bd:d3:a8:78:
                    64:39:5e:96:3b:d4:51:a3:df:26:81:b6:84:f4:23:
                    aa:73:05:1d:ff:81:4e:60:86:64:37:42:37:e2:4f:
                    5b:8b:f7:b8:03:0a:ca:36:21:0d:0b:d9:70:b2:5a:
                    bc:67:76:26:1e:94:99:62:18:3f:f6:0f:49:72:d0:
                    40:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:CD:D7:54:F6:9A:92:9E:8C:F6:65:B1:E8:F4:C3:53:59:C3:28:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/399b4f0e-8822-48d9-9c9e-c82f55e2d4ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.1.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         89:30:da:04:86:94:ef:97:41:b7:cc:ea:e6:f2:95:02:cd:1c:
         14:cd:ed:a2:4f:c1:04:ef:67:a6:55:6b:2d:60:9d:f4:c9:bc:
         b6:8c:e3:20:53:04:56:e7:1e:7f:a6:0f:0c:1c:10:5e:25:ec:
         76:ce:75:2f:2a:b3:49:c7:3d:94:25:6e:6d:c5:05:a5:91:11:
         48:3f:54:86:31:02:8b:a9:35:05:c5:fa:5a:0e:fd:bd:9b:06:
         9f:36:e2:25:2f:66:7a:85:8e:0d:eb:74:9c:36:c5:07:e7:02:
         5e:29:b1:74:e0:84:9b:73:91:6b:c5:10:06:fc:16:6c:37:ff:
         ca:90:f1:28:19:51:4e:b0:36:ca:56:85:cb:f5:7e:18:a3:a5:
         10:a0:7e:fb:9e:cb:93:23:c5:bd:65:fc:df:99:ff:87:8c:4e:
         03:13:fa:90:d7:c8:59:5a:0f:e2:65:12:f5:12:82:6d:91:5f:
         60:79:ae:62:72:a9:a7:d7:17:4d:d6:70:f6:3d:bd:c3:e5:be:
         19:60:08:fc:14:19:47:5c:3d:9e:93:b1:ed:37:4d:30:fd:3d:
         44:97:98:cb:2e:37:cb:07:ec:55:a3:de:a9:6f:ff:91:a9:2f:
         c3:58:2a:ea:39:c1:54:db:a9:e8:ae:d1:32:c1:5b:cf:75:18:
         57:de:08:86
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbx8DGXhycUvmCk81Qez8uy7gnWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjODdhZTI5M2U0ODkyZDE1MmE1MmIxN2M0Y2UzM2UyYWIy
NjcxODQ2YTk5ZWZiODRhZjllMDcyMTkyYjJiMjM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCIbzb4NLpPDPqCQF9ucKVGyh3GgtLSXgoOPYpM7x3Qk2Nj
dXkBzSfPxrPQAotQ0wH98tvu/2jPOKIrhYKRglpBjl05x77MFhECRwiTWr/ck+a7
KYx3HBdkYL/qCQ/UT4OltB2aL013EldWW78hOH2al3tNECPX6RgyseuXqecCVlaP
gw01k+HrBNzB4342nCi5uEYWlCDBUyp+nzMYOTVm9AkP4U2Hz/grSsWpL/pP7E91
YK3ZuChD10knLPd5vdOoeGQ5XpY71FGj3yaBtoT0I6pzBR3/gU5ghmQ3QjfiT1uL
97gDCso2IQ0L2XCyWrxndiYelJliGD/2D0ly0EAlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzc3XVPaakp6M9mWx6PTDU1nDKJwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM5OWI0ZjBlLTg4MjItNDhkOS05YzllLWM4MmY1NWUyZDRjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIATANBgkqhkiG9w0BAQsFAAOCAQEAiTDaBIaU75dBt8zq5vKVAs0cFM3t
ok/BBO9nplVrLWCd9Mm8tozjIFMEVucef6YPDBwQXiXsds51LyqzScc9lCVubcUF
pZERSD9UhjECi6k1BcX6Wg79vZsGnzbiJS9meoWODet0nDbFB+cCXimxdOCEm3OR
a8UQBvwWbDf/ypDxKBlRTrA2ylaFy/V+GKOlEKB++57LkyPFvWX835n/h4xOAxP6
kNfIWVoP4mUS9RKCbZFfYHmuYnKpp9cXTdZw9j29w+W+GWAI/BQZR1w9npOx7TdN
MP09RJeYyy43ywfsVaPeqW//kakvw1gq6jnBVNup6K7RMsFbz3UYV94Ihg==
-----END CERTIFICATE-----