Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d38e691-f76c-405d-a7f5-c43f12d20580.roa
File:                     3d38e691-f76c-405d-a7f5-c43f12d20580.roa (raw, json)
Hash identifier:          GkboD0lrqTKUQOzS3JgWWuc9eq/STsa98MmC4AHO8xc=
Subject key identifier:   65:C3:EA:5D:9A:7A:D0:6D:A0:E6:20:4B:C1:2D:A9:6F:88:41:1F:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       26EF587554A085DD512C26969A12B8097DE0A56B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d38e691-f76c-405d-a7f5-c43f12d20580.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        75.45.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ef:58:75:54:a0:85:dd:51:2c:26:96:9a:12:b8:09:7d:e0:a5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:56:79:a1:a8:45:ca:85:94:4f:d5:5c:7f:3a:
                    4b:b9:d6:db:8f:fb:ef:d7:65:f3:38:1c:7a:01:72:
                    df:38:24:1c:8f:01:24:02:fe:2b:f1:3b:c9:fb:51:
                    60:ac:71:b3:01:29:c7:5b:d9:97:bb:8d:5a:c3:79:
                    6a:41:59:85:34:d5:51:bd:ff:76:eb:37:16:b7:6d:
                    0e:a2:d6:09:bf:c0:cf:cd:35:11:4f:77:f2:73:a1:
                    b2:41:dc:87:4f:6d:62:c2:1d:01:f2:3d:d9:ed:17:
                    af:70:0e:94:2b:8c:63:be:c6:4a:80:8b:10:23:65:
                    50:a5:01:b5:f1:45:87:d5:0a:4a:5e:e6:97:d8:5c:
                    a2:2f:9a:e5:2b:f8:d5:c2:a8:b2:c1:7a:85:fa:9e:
                    3c:7e:b5:1b:4f:b4:72:46:ee:da:6e:6d:2b:16:74:
                    97:ac:af:ca:02:1d:1c:c3:be:70:22:05:c2:5f:eb:
                    de:0e:f1:18:b2:75:df:3e:1d:27:5b:ba:f9:90:6a:
                    34:fc:84:1c:8f:d2:4f:0c:ec:42:4a:fd:72:7f:2b:
                    bf:0e:15:50:61:74:d5:7c:bf:5f:0f:0b:83:e7:eb:
                    8b:65:80:a6:cd:ae:a2:33:89:54:c8:0c:ff:c5:65:
                    f7:95:dc:0a:b6:7f:5c:f4:50:06:45:53:6c:43:a6:
                    4d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C3:EA:5D:9A:7A:D0:6D:A0:E6:20:4B:C1:2D:A9:6F:88:41:1F:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3d38e691-f76c-405d-a7f5-c43f12d20580.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.45.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0a:ff:ed:b6:7f:40:f7:56:b7:ed:86:1a:b9:1f:17:fa:10:02:
         6a:4b:ab:3c:92:0d:47:fc:b4:78:9c:80:28:14:e7:cc:76:b8:
         4d:7f:d1:af:da:0e:0f:9b:5a:41:86:a7:79:d5:a7:db:61:a5:
         40:0e:d6:8d:7a:8a:84:b3:a5:f9:15:c2:22:0f:25:ff:a4:f3:
         31:5f:7e:1f:66:2b:f9:de:72:8c:d7:dc:43:93:74:10:c8:2c:
         a4:6c:30:f0:ab:ff:3b:52:64:12:7e:77:3f:29:63:1e:8a:c5:
         66:8f:68:71:c6:f1:ce:10:0f:c9:05:3c:8f:90:e5:41:01:3b:
         56:bf:3d:20:54:6c:db:02:9d:8a:db:b6:47:10:00:4f:27:c9:
         24:cf:50:a7:4e:ba:c0:5a:4c:f0:fc:a4:dc:9a:13:f9:21:f6:
         07:e2:2d:ca:06:b7:84:cd:51:7c:4b:bb:5d:d2:4b:83:2c:aa:
         ed:c3:9f:8e:33:ee:1a:db:87:59:4f:c3:f4:00:3d:5b:1c:6f:
         06:33:65:a4:4b:87:fb:8e:12:43:74:1e:5e:67:26:7f:09:a2:
         09:3f:ef:8c:74:db:1d:f3:99:c9:32:14:bf:9b:0d:48:a1:45:
         4f:ee:9e:3e:67:9f:0a:f9:80:13:24:6a:1b:6d:d4:fa:a1:f4:
         e0:79:5d:af
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJu9YdVSghd1RLCaWmhK4CX3gpWswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjJiYzI1YTY5M2RiYmVjMjU3OGM5MTVhODcxYTYxY2Yw
NDUwZDMwMmRlODc3MzQ3MDc5OGNjMTQxNDYzMTI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMVnmhqEXKhZRP1Vx/Oku51tuP++/XZfM4HHoBct84JByP
ASQC/ivxO8n7UWCscbMBKcdb2Ze7jVrDeWpBWYU01VG9/3brNxa3bQ6i1gm/wM/N
NRFPd/JzobJB3IdPbWLCHQHyPdntF69wDpQrjGO+xkqAixAjZVClAbXxRYfVCkpe
5pfYXKIvmuUr+NXCqLLBeoX6njx+tRtPtHJG7tpubSsWdJesr8oCHRzDvnAiBcJf
694O8Riydd8+HSdbuvmQajT8hByP0k8M7EJK/XJ/K78OFVBhdNV8v18PC4Pn64tl
gKbNrqIziVTIDP/FZfeV3Aq2f1z0UAZFU2xDpk3XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZcPqXZp60G2g5iBLwS2pb4hBH9EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkMzhlNjkxLWY3NmMtNDA1ZC1hN2Y1LWM0M2YxMmQyMDU4MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZLLYAwDQYJKoZIhvcNAQELBQADggEBAAr/7bZ/QPdWt+2GGrkfF/oQAmpL
qzySDUf8tHicgCgU58x2uE1/0a/aDg+bWkGGp3nVp9thpUAO1o16ioSzpfkVwiIP
Jf+k8zFffh9mK/necozX3EOTdBDILKRsMPCr/ztSZBJ+dz8pYx6KxWaPaHHG8c4Q
D8kFPI+Q5UEBO1a/PSBUbNsCnYrbtkcQAE8nySTPUKdOusBaTPD8pNyaE/kh9gfi
LcoGt4TNUXxLu13SS4Msqu3Dn44z7hrbh1lPw/QAPVscbwYzZaRLh/uOEkN0Hl5n
Jn8Jogk/74x02x3zmckyFL+bDUihRU/unj5nnwr5gBMkahtt1Pqh9OB5Xa8=
-----END CERTIFICATE-----