Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b504a9-ef28-46c1-b609-0afe9112b179.roa
File:                     43b504a9-ef28-46c1-b609-0afe9112b179.roa (raw, json)
Hash identifier:          zcNArDTcLZAQKxWDI0Z5UgnM/r5wZFlydotvzEYvBOU=
Subject key identifier:   FA:1B:A4:2A:62:4B:58:5F:0B:10:20:E2:32:19:FF:29:BE:1F:BD:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       749EDDEF76B05C494B13117B82895C0D8D2A5731
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b504a9-ef28-46c1-b609-0afe9112b179.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        66.245.128.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:9e:dd:ef:76:b0:5c:49:4b:13:11:7b:82:89:5c:0d:8d:2a:57:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=0c81d7059a15246547aaa5736ad252da17c6f6fc1fb4e705e6933d2101d1f29b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:1d:b0:3f:8d:bd:a9:25:9b:47:19:24:5e:b3:
                    f3:4a:d6:62:2c:57:69:f8:a3:72:2d:aa:70:f3:51:
                    b5:7c:fe:85:a6:10:8a:b5:93:8b:a0:33:e0:30:ab:
                    6b:8a:61:8c:b4:f7:72:3b:84:5a:8e:da:f3:7e:59:
                    43:ef:06:d6:77:68:f9:24:2e:dc:0e:61:24:c4:7c:
                    60:b5:f5:b4:f8:a2:39:5e:20:a0:01:dd:71:d9:6c:
                    f2:31:a0:ee:87:55:55:c0:40:a1:a2:d8:2a:ca:75:
                    06:3f:84:7d:c7:ce:37:6d:72:47:77:8d:13:54:d6:
                    10:ad:1e:af:81:82:53:ad:db:ed:05:9a:06:fc:60:
                    db:3b:58:99:13:21:21:8e:8c:2d:9c:72:a8:79:6b:
                    a7:b7:50:8a:e1:b0:5d:07:c2:e9:a7:2f:3c:ce:e9:
                    d4:66:cc:58:0a:81:90:47:4c:d1:c1:8e:81:4a:b4:
                    13:2a:68:46:a6:79:b2:71:83:ba:ba:5d:7d:d9:fd:
                    a7:37:32:49:3d:1c:fa:7d:e1:c3:fd:d9:15:19:b0:
                    d8:f8:b4:23:19:90:8d:d0:59:9e:00:8d:70:3b:c6:
                    3c:9b:86:93:25:82:57:2c:62:e3:5f:82:cc:a6:71:
                    24:e0:f7:82:25:7a:09:28:59:ff:d1:85:5c:f8:32:
                    f6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:1B:A4:2A:62:4B:58:5F:0B:10:20:E2:32:19:FF:29:BE:1F:BD:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b504a9-ef28-46c1-b609-0afe9112b179.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.245.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1f:d1:f7:4e:a7:38:48:f3:95:99:0a:ca:6b:2f:51:a1:17:c6:
         a3:af:92:b2:6e:44:2c:f4:ef:00:e0:cb:de:ee:6a:da:e7:fd:
         54:58:bb:df:2f:73:c9:d9:6c:8f:04:74:c1:25:c6:18:7c:53:
         18:36:f5:cd:c6:ad:b3:35:53:a3:1f:30:06:84:31:34:84:27:
         47:32:b8:bb:9f:69:c7:e9:e8:4d:d6:56:92:b8:75:ab:24:01:
         fc:20:93:69:b5:3b:d2:79:76:5c:6f:97:5b:74:c2:90:3f:40:
         bf:f7:b4:6e:7b:d2:89:62:68:b8:00:77:07:11:b7:06:07:76:
         76:b6:98:10:e4:51:71:d1:19:32:c6:1a:94:92:d6:39:bd:9d:
         45:c6:d0:4f:61:d9:9d:ef:29:c9:71:c4:6f:d5:f6:f2:f9:99:
         ac:0d:ec:46:d5:75:56:f1:50:43:ce:37:73:9c:53:b8:b9:23:
         8f:ec:93:a1:48:c9:f4:3e:73:c4:2f:99:d6:04:87:a6:3f:35:
         91:96:51:77:c2:67:4c:ea:1c:90:dd:a9:69:d7:de:22:68:57:
         be:14:c5:3c:12:52:94:b9:36:96:5b:0a:3c:ee:f5:f0:07:f8:
         fa:6c:41:8b:e6:d9:b5:da:6d:8e:c8:2f:cb:25:88:ff:fb:47:
         58:b3:66:5f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdJ7d73awXElLExF7golcDY0qVzEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzgxZDcwNTlhMTUyNDY1NDdhYWE1NzM2YWQyNTJkYTE3
YzZmNmZjMWZiNGU3MDVlNjkzM2QyMTAxZDFmMjliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuHbA/jb2pJZtHGSRes/NK1mIsV2n4o3ItqnDzUbV8/oWm
EIq1k4ugM+Awq2uKYYy093I7hFqO2vN+WUPvBtZ3aPkkLtwOYSTEfGC19bT4ojle
IKAB3XHZbPIxoO6HVVXAQKGi2CrKdQY/hH3Hzjdtckd3jRNU1hCtHq+BglOt2+0F
mgb8YNs7WJkTISGOjC2ccqh5a6e3UIrhsF0HwumnLzzO6dRmzFgKgZBHTNHBjoFK
tBMqaEamebJxg7q6XX3Z/ac3Mkk9HPp94cP92RUZsNj4tCMZkI3QWZ4AjXA7xjyb
hpMlglcsYuNfgsymcSTg94IlegkoWf/RhVz4Mvb/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+hukKmJLWF8LECDiMhn/Kb4fvewwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzYjUwNGE5LWVmMjgtNDZjMS1iNjA5LTBhZmU5MTEyYjE3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVC9YAwDQYJKoZIhvcNAQELBQADggEBAB/R906nOEjzlZkKymsvUaEXxqOv
krJuRCz07wDgy97uatrn/VRYu98vc8nZbI8EdMElxhh8Uxg29c3GrbM1U6MfMAaE
MTSEJ0cyuLufacfp6E3WVpK4daskAfwgk2m1O9J5dlxvl1t0wpA/QL/3tG570oli
aLgAdwcRtwYHdna2mBDkUXHRGTLGGpSS1jm9nUXG0E9h2Z3vKclxxG/V9vL5mawN
7EbVdVbxUEPON3OcU7i5I4/sk6FIyfQ+c8QvmdYEh6Y/NZGWUXfCZ0zqHJDdqWnX
3iJoV74UxTwSUpS5NpZbCjzu9fAH+PpsQYvm2bXabY7IL8sliP/7R1izZl8=
-----END CERTIFICATE-----