Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43c3117e-7a48-4db8-be6d-8a65a6d41cbc.roa
File:                     43c3117e-7a48-4db8-be6d-8a65a6d41cbc.roa (raw, json)
Hash identifier:          5a2jcBpGn9fGzYqqUI2m+zZW8I4IozNZkt6T1krrvVg=
Subject key identifier:   9D:0C:50:D0:70:1C:65:BA:DC:40:88:80:B5:07:CA:ED:B2:99:24:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1D1F2D7557716DBA34CBDF6C4997F09C57B12977
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43c3117e-7a48-4db8-be6d-8a65a6d41cbc.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.46.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:1f:2d:75:57:71:6d:ba:34:cb:df:6c:49:97:f0:9c:57:b1:29:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=c66ed9e174ebfe58ab6e790e48872e3871d32417b4d78c5d9169a4779c159621, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:65:6c:39:2f:81:53:a2:20:f2:f2:49:51:54:
                    18:60:d5:91:e0:fc:3e:8c:d7:0f:52:a1:1c:f5:4b:
                    93:68:3c:5a:00:51:d9:9f:7e:83:c8:bf:ba:4d:32:
                    eb:d8:52:c5:27:7e:7d:e7:de:c1:fb:c1:a0:b7:73:
                    3d:b3:fa:a6:8c:42:60:b9:a7:8d:80:90:a0:5e:34:
                    57:27:48:82:5e:90:43:4a:57:a8:6b:ed:54:30:2a:
                    79:04:40:74:46:4c:cf:bb:04:e2:56:f4:71:64:9c:
                    fc:3b:4d:ca:0a:6b:a8:97:14:68:f1:27:6b:f9:14:
                    ba:37:a9:21:24:79:dd:6a:2c:07:86:20:8b:0b:39:
                    00:92:46:29:df:f9:b6:b3:d3:73:e7:50:37:7e:69:
                    d7:54:0d:b3:38:c8:49:37:1a:22:46:9d:29:cd:63:
                    cb:d5:40:de:42:6a:ee:cd:6f:df:15:cb:a1:69:3f:
                    3d:03:a9:11:28:b0:02:76:f7:6e:f6:c9:44:dc:bd:
                    ef:ed:28:69:32:b3:92:1c:5e:b3:6a:f8:f5:ba:a1:
                    53:58:ef:af:2f:4d:52:bf:a6:09:c4:d5:ca:64:50:
                    76:d0:fc:5d:bc:96:85:9c:3d:db:e3:8a:84:be:44:
                    5d:8c:97:13:f8:df:91:79:a6:07:95:79:a1:35:71:
                    d0:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:0C:50:D0:70:1C:65:BA:DC:40:88:80:B5:07:CA:ED:B2:99:24:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43c3117e-7a48-4db8-be6d-8a65a6d41cbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.46.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         40:fb:49:06:cc:ac:f2:d8:86:70:9c:80:3b:54:2c:eb:19:7a:
         29:aa:a2:2d:bf:38:0e:7f:3d:a9:5a:67:f2:ee:83:d2:ee:da:
         fe:57:95:3c:b1:96:c8:f2:04:2d:f5:f8:d5:47:d4:2f:bc:e0:
         e6:1a:82:fe:0d:17:d5:12:8f:68:6c:8b:10:e2:6c:7e:d0:a4:
         b2:b2:b4:75:76:36:47:6a:cc:83:97:54:58:94:dd:32:dd:72:
         85:37:9c:36:94:6a:92:a7:5f:a3:d8:ee:4a:1a:05:5f:77:69:
         eb:29:84:51:51:4e:1a:2c:e6:f7:59:e5:e2:ab:af:df:cc:0b:
         2c:cf:1e:d6:2d:8e:4c:90:c6:30:2e:c4:d4:b1:20:0e:90:d3:
         f6:93:78:a6:db:79:9e:f7:13:a9:a4:71:a1:80:b4:80:ec:03:
         48:14:6e:fa:6f:e0:d4:f1:8e:99:57:19:49:39:7d:93:00:df:
         02:70:f9:ba:29:4a:8b:f5:ba:c6:75:15:de:16:7e:86:6b:c9:
         10:95:8b:36:5b:8a:bc:ce:a6:62:cc:ea:94:e6:3a:bf:1b:70:
         e9:27:24:72:ac:93:8b:db:61:22:42:3b:37:0e:c9:c6:25:e7:
         b4:c6:84:77:2b:19:59:e5:36:31:a8:a8:6b:3f:f7:3b:c2:c8:
         c1:2f:81:e6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHR8tdVdxbbo0y99sSZfwnFexKXcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjZlZDllMTc0ZWJmZTU4YWI2ZTc5MGU0ODg3MmUzODcx
ZDMyNDE3YjRkNzhjNWQ5MTY5YTQ3NzljMTU5NjIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXZWw5L4FToiDy8klRVBhg1ZHg/D6M1w9SoRz1S5NoPFoA
UdmffoPIv7pNMuvYUsUnfn3n3sH7waC3cz2z+qaMQmC5p42AkKBeNFcnSIJekENK
V6hr7VQwKnkEQHRGTM+7BOJW9HFknPw7TcoKa6iXFGjxJ2v5FLo3qSEked1qLAeG
IIsLOQCSRinf+baz03PnUDd+addUDbM4yEk3GiJGnSnNY8vVQN5Cau7Nb98Vy6Fp
Pz0DqREosAJ29272yUTcve/tKGkys5IcXrNq+PW6oVNY768vTVK/pgnE1cpkUHbQ
/F28loWcPdvjioS+RF2MlxP435F5pgeVeaE1cdBdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnQxQ0HAcZbrcQIiAtQfK7bKZJOswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzYzMxMTdlLTdhNDgtNGRiOC1iZTZkLThhNjVhNmQ0MWNiYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2LjANBgkqhkiG9w0BAQsFAAOCAQEAQPtJBsys8tiGcJyAO1Qs6xl6Kaqi
Lb84Dn89qVpn8u6D0u7a/leVPLGWyPIELfX41UfUL7zg5hqC/g0X1RKPaGyLEOJs
ftCksrK0dXY2R2rMg5dUWJTdMt1yhTecNpRqkqdfo9juShoFX3dp6ymEUVFOGizm
91nl4quv38wLLM8e1i2OTJDGMC7E1LEgDpDT9pN4ptt5nvcTqaRxoYC0gOwDSBRu
+m/g1PGOmVcZSTl9kwDfAnD5uilKi/W6xnUV3hZ+hmvJEJWLNluKvM6mYszqlOY6
vxtw6SckcqyTi9thIkI7Nw7JxiXntMaEdysZWeU2Maioaz/3O8LIwS+B5g==
-----END CERTIFICATE-----