Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dee3f1a-6740-49ae-981e-1b2103f8f324.roa
File:                     3dee3f1a-6740-49ae-981e-1b2103f8f324.roa (raw, json)
Hash identifier:          x170pHv89AO1d0rWP4ePcyrLfGn38yiveO03Itb5VUg=
Subject key identifier:   98:B5:A6:C7:E0:42:EF:45:29:88:7D:17:60:57:85:F6:1F:21:25:92
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63E275D5EC7BF28CA32034420572806883675C30
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dee3f1a-6740-49ae-981e-1b2103f8f324.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        57.89.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:e2:75:d5:ec:7b:f2:8c:a3:20:34:42:05:72:80:68:83:67:5c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=17f03035f915e6fa09b67aa7fc8c57be261316a769b530f084abf74dbc20d9ca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:cf:38:cd:ca:7c:ea:9c:d1:19:b6:21:13:5a:
                    64:82:6e:5b:e6:f0:ce:2d:06:3a:2d:56:07:57:3f:
                    05:2e:68:64:47:08:82:6b:8f:a0:72:01:ba:3e:6d:
                    08:ed:05:9d:74:0f:75:ca:4e:04:f8:53:a0:0b:65:
                    ed:f3:16:04:35:ce:a7:ad:f1:6f:6d:9e:f4:33:aa:
                    02:9d:b4:fd:45:11:4e:1c:1e:5d:d8:a4:f1:00:71:
                    24:e8:70:2f:a5:74:40:ee:99:fd:67:fa:58:bd:34:
                    b5:0c:7f:94:73:13:93:17:41:d4:03:75:35:30:63:
                    2f:46:a9:b4:aa:d6:b7:ed:60:ba:69:2d:d6:3a:f4:
                    29:30:e7:76:16:17:29:ed:54:e8:04:92:45:6f:f2:
                    9c:38:3b:cf:8f:10:ad:e5:58:5c:cb:1c:f2:27:49:
                    bb:a3:08:6a:08:47:ee:80:24:0e:92:ae:52:a9:53:
                    62:ca:f4:59:c8:9f:61:2d:55:72:d8:2b:78:e4:76:
                    94:7d:5f:ab:a9:58:93:cc:9c:65:79:3f:b2:4a:56:
                    3a:b9:39:11:41:5e:48:ca:be:19:e8:3b:bf:33:0b:
                    46:f6:43:d6:61:b9:a1:87:82:9e:c5:4e:0e:9e:8a:
                    c3:2c:7b:82:7b:40:86:d9:6c:f4:8f:92:5f:63:f6:
                    ee:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B5:A6:C7:E0:42:EF:45:29:88:7D:17:60:57:85:F6:1F:21:25:92
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3dee3f1a-6740-49ae-981e-1b2103f8f324.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:5c:e9:5a:8f:85:ce:0f:15:c0:93:1f:93:af:a2:cb:c1:56:
         1d:69:0f:8f:f7:5f:ca:d5:66:78:79:04:a5:c9:36:6a:20:c0:
         9c:3a:43:3e:4a:cf:f6:32:ca:5f:8f:da:fc:a4:ad:98:4c:e9:
         da:c8:19:4d:c6:4e:58:57:1e:78:fc:00:47:56:7d:48:e7:b1:
         67:55:7a:9c:ee:14:a4:b4:69:77:26:a2:fa:06:0b:c8:43:29:
         ac:75:b4:2a:f8:a0:74:d6:66:1a:aa:0f:9a:62:43:14:a2:10:
         bf:5c:73:06:5e:ef:41:aa:23:a0:d5:db:57:e6:85:1f:69:58:
         7a:55:6d:40:a9:3d:31:48:b4:08:2a:f4:6f:04:aa:99:d3:57:
         1f:75:e6:fa:30:4e:f4:58:ef:42:d7:7a:e5:46:f3:0e:15:23:
         2b:eb:04:fc:34:e3:66:51:bf:92:d6:6f:a6:63:98:2a:fe:61:
         d8:f1:43:2d:a1:41:54:6e:26:ec:b8:ff:6a:2b:c2:39:c0:d8:
         42:71:06:9d:a4:26:dc:46:05:c3:bd:dd:89:c4:b4:d4:2e:70:
         8c:cf:dd:45:17:33:8e:73:f5:41:5f:c0:ff:cc:96:fc:f7:e3:
         23:f7:8c:72:43:3d:8c:e2:c9:bd:fe:69:50:58:ee:b3:d9:51:
         fd:b8:f1:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY+J11ex78oyjIDRCBXKAaINnXDAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxN2YwMzAzNWY5MTVlNmZhMDliNjdhYTdmYzhjNTdiZTI2
MTMxNmE3NjliNTMwZjA4NGFiZjc0ZGJjMjBkOWNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCizzjNynzqnNEZtiETWmSCblvm8M4tBjotVgdXPwUuaGRH
CIJrj6ByAbo+bQjtBZ10D3XKTgT4U6ALZe3zFgQ1zqet8W9tnvQzqgKdtP1FEU4c
Hl3YpPEAcSTocC+ldEDumf1n+li9NLUMf5RzE5MXQdQDdTUwYy9GqbSq1rftYLpp
LdY69Ckw53YWFyntVOgEkkVv8pw4O8+PEK3lWFzLHPInSbujCGoIR+6AJA6SrlKp
U2LK9FnIn2EtVXLYK3jkdpR9X6upWJPMnGV5P7JKVjq5ORFBXkjKvhnoO78zC0b2
Q9ZhuaGHgp7FTg6eisMse4J7QIbZbPSPkl9j9u47AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmLWmx+BC70UpiH0XYFeF9h8hJZIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNkZWUzZjFhLTY3NDAtNDlhZS05ODFlLTFiMjEwM2Y4ZjMyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5WTANBgkqhkiG9w0BAQsFAAOCAQEAKlzpWo+Fzg8VwJMfk6+iy8FWHWkP
j/dfytVmeHkEpck2aiDAnDpDPkrP9jLKX4/a/KStmEzp2sgZTcZOWFceePwAR1Z9
SOexZ1V6nO4UpLRpdyai+gYLyEMprHW0KvigdNZmGqoPmmJDFKIQv1xzBl7vQaoj
oNXbV+aFH2lYelVtQKk9MUi0CCr0bwSqmdNXH3Xm+jBO9FjvQtd65UbzDhUjK+sE
/DTjZlG/ktZvpmOYKv5h2PFDLaFBVG4m7Lj/aivCOcDYQnEGnaQm3EYFw73dicS0
1C5wjM/dRRczjnP1QV/A/8yW/PfjI/eMckM9jOLJvf5pUFjus9lR/bjxYQ==
-----END CERTIFICATE-----