Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa
File:                     4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa (raw, json)
Hash identifier:          fBzSeiZPIuVBuIM8cFL3f0GV3BGSd/s//LVBDj+tWhs=
Subject key identifier:   92:8C:D1:39:20:50:60:A1:AC:DF:97:B8:49:55:00:BA:63:1D:AC:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37626ED30AB2074EFA4B0FC51248CD4808CCE4B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        68.217.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:62:6e:d3:0a:b2:07:4e:fa:4b:0f:c5:12:48:cd:48:08:cc:e4:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:26:00:07:81:af:03:51:d9:b8:4d:0f:ea:43:
                    18:15:ac:d6:70:ac:d8:92:58:32:f5:7e:ce:34:77:
                    d4:60:dc:9a:bb:39:0c:f5:67:4c:f6:f1:38:18:08:
                    ef:fc:2d:bf:e3:eb:7e:f1:46:b9:d5:57:30:a7:78:
                    33:aa:78:ff:90:86:ca:33:bb:36:70:c4:fd:78:fb:
                    19:ba:6d:fe:39:98:71:8e:b1:7e:2d:65:81:67:ee:
                    05:61:14:85:44:81:a7:7d:61:7b:94:b9:52:9a:d6:
                    ef:66:b0:80:5c:d5:b6:97:40:43:3f:14:63:0d:10:
                    e4:29:4f:08:aa:44:32:c4:46:47:5f:09:da:b9:0f:
                    56:a3:4d:8e:8d:5a:1a:87:68:26:13:11:33:76:ec:
                    e4:5b:ab:d8:52:75:f8:bc:14:cb:4d:7d:d2:d1:63:
                    f0:34:fc:7a:61:6e:a1:18:ae:75:57:b8:27:8c:91:
                    90:45:9f:04:ed:70:f4:48:a6:6a:e9:7c:26:0d:f8:
                    b0:7e:bd:06:a8:6b:22:0a:5a:fb:0e:c5:de:de:f0:
                    e0:04:43:c1:a3:97:b2:8e:14:ac:fc:16:1f:52:6b:
                    a5:50:9b:65:a6:13:35:6c:6c:54:4d:0f:50:e2:60:
                    3d:0c:3c:57:16:38:aa:86:c4:a6:be:25:aa:08:b7:
                    2a:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:8C:D1:39:20:50:60:A1:AC:DF:97:B8:49:55:00:BA:63:1D:AC:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4287b7a8-1fdf-4426-9a03-058b4d8c35bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  68.217.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0c:d5:36:a4:ee:70:71:b3:a1:b5:11:7d:9a:50:b3:48:5a:b4:
         e4:e3:27:98:84:56:f9:a4:be:3c:fe:20:3d:5c:89:b5:16:80:
         fc:08:9a:dc:10:8e:0e:6e:2b:84:ee:b4:6f:05:9e:38:5b:c5:
         16:25:10:9c:93:78:c9:16:fb:e5:bb:da:7c:03:89:d8:86:6f:
         4a:16:01:27:da:63:b7:f2:f2:0f:79:8d:ec:7a:26:8c:a5:2b:
         3c:9e:8e:3f:c2:a5:28:69:80:e8:83:f6:3a:54:55:d6:a8:5c:
         a3:3a:3b:e3:e4:a9:ac:8b:86:48:4f:07:1e:96:9f:28:82:0e:
         24:bd:cb:e8:07:2f:c2:7b:66:92:21:6c:6b:f1:bf:d8:29:7d:
         36:5e:aa:ea:f9:5a:fe:3c:8c:5a:de:0d:5b:93:61:7e:d9:9a:
         89:59:06:6b:a0:9f:b8:cf:7f:ef:bd:a3:80:ed:c8:59:16:fc:
         67:09:c6:41:cc:9b:25:0d:45:5c:e0:d0:0f:01:6d:0a:7b:57:
         37:19:db:3f:98:a7:d8:08:f6:46:a3:2c:5f:e1:37:02:d3:c7:
         fb:05:7a:49:9b:fa:1a:68:12:17:d5:e0:a5:16:e7:56:4f:7e:
         82:44:27:c0:4f:cb:ed:48:60:dc:94:a7:ed:27:c7:98:9d:90:
         ee:db:17:0a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN2Ju0wqyB076Sw/FEkjNSAjM5LgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzI2YmRkOWU1ODU1ZjY0ODg1NmQzNGJmZTlhOWFjYzky
OTlhZDdhYjAxZWFhZjZmMGJiOWQ4NmExMDk3NWMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+JgAHga8DUdm4TQ/qQxgVrNZwrNiSWDL1fs40d9Rg3Jq7
OQz1Z0z28TgYCO/8Lb/j637xRrnVVzCneDOqeP+QhsozuzZwxP14+xm6bf45mHGO
sX4tZYFn7gVhFIVEgad9YXuUuVKa1u9msIBc1baXQEM/FGMNEOQpTwiqRDLERkdf
Cdq5D1ajTY6NWhqHaCYTETN27ORbq9hSdfi8FMtNfdLRY/A0/HphbqEYrnVXuCeM
kZBFnwTtcPRIpmrpfCYN+LB+vQaoayIKWvsOxd7e8OAEQ8Gjl7KOFKz8Fh9Sa6VQ
m2WmEzVsbFRND1DiYD0MPFcWOKqGxKa+JaoItyqBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkozROSBQYKGs35e4SVUAumMdrO0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyODdiN2E4LTFmZGYtNDQyNi05YTAzLTA1OGI0ZDhjMzViZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBE2TANBgkqhkiG9w0BAQsFAAOCAQEADNU2pO5wcbOhtRF9mlCzSFq05OMn
mIRW+aS+PP4gPVyJtRaA/Aia3BCODm4rhO60bwWeOFvFFiUQnJN4yRb75bvafAOJ
2IZvShYBJ9pjt/LyD3mN7HomjKUrPJ6OP8KlKGmA6IP2OlRV1qhcozo74+SprIuG
SE8HHpafKIIOJL3L6AcvwntmkiFsa/G/2Cl9Nl6q6vla/jyMWt4NW5NhftmaiVkG
a6CfuM9/772jgO3IWRb8ZwnGQcybJQ1FXODQDwFtCntXNxnbP5in2Aj2RqMsX+E3
AtPH+wV6SZv6GmgSF9XgpRbnVk9+gkQnwE/L7Uhg3JSn7SfHmJ2Q7tsXCg==
-----END CERTIFICATE-----