Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45affd42-2744-48f2-a212-a55559bedfe0.roa
File:                     45affd42-2744-48f2-a212-a55559bedfe0.roa (raw, json)
Hash identifier:          yLHBd0LXWo8oGJmfsybIOrRZPGprkZ2/3UfMwJCgbyc=
Subject key identifier:   0E:CA:79:E0:E9:23:DC:4E:65:D7:33:3B:B8:55:14:04:AC:CE:0D:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B210CFA6D54151500322E48887323D67351D365
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45affd42-2744-48f2-a212-a55559bedfe0.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.72.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:21:0c:fa:6d:54:15:15:00:32:2e:48:88:73:23:d6:73:51:d3:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c0:f5:f1:47:e3:07:6b:f9:ba:11:09:44:1a:
                    90:a3:17:2b:a6:5c:88:24:b8:df:a1:5e:2a:9f:c3:
                    97:51:bf:ac:dd:22:54:60:44:d3:5b:ca:45:7d:ae:
                    a2:1d:20:cc:fc:4a:30:1c:05:34:96:29:6e:ef:b5:
                    cb:7d:10:1f:26:f4:9e:20:0b:9b:18:9b:b4:58:9e:
                    08:b0:51:5a:7d:4e:b5:84:37:72:ec:73:50:2a:fb:
                    40:ec:d3:ac:82:2c:0d:88:b1:08:1e:52:a5:ba:a6:
                    65:6a:5a:b5:fe:99:46:4c:d4:df:f6:b4:1e:9e:26:
                    82:e6:a1:16:4f:eb:d8:73:8f:a4:30:0a:fa:f9:d5:
                    35:2c:ef:ce:d6:dd:3f:e6:a6:bf:65:eb:81:d8:f8:
                    b1:dc:76:13:5a:8a:73:e7:c0:d4:0d:f0:cf:78:65:
                    2d:e9:d1:52:25:3d:e4:b9:c8:c7:b3:62:74:d4:ef:
                    69:98:06:7d:b3:18:d1:0b:ef:ad:53:15:8a:aa:6f:
                    6d:15:eb:5d:b5:e6:b8:87:f7:65:19:ce:71:8f:84:
                    6a:6b:41:aa:25:86:47:68:df:1c:2d:b3:1c:98:50:
                    07:fe:05:19:18:12:2d:f7:2b:3e:6a:79:0a:20:eb:
                    cb:d6:b1:07:d0:35:b7:50:b1:42:7f:50:cf:77:a2:
                    5c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:CA:79:E0:E9:23:DC:4E:65:D7:33:3B:B8:55:14:04:AC:CE:0D:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/45affd42-2744-48f2-a212-a55559bedfe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         be:7a:4b:c2:4b:b0:02:02:bc:16:cb:f3:47:6f:ab:c7:99:44:
         fb:f6:58:83:69:d6:4c:a5:42:ea:d2:6a:98:28:e7:b4:45:fc:
         91:9c:55:85:e9:4c:22:68:73:cc:24:1f:f1:75:84:70:79:4c:
         11:48:b0:77:e5:b0:da:10:2c:d8:30:d3:d9:35:34:7a:56:32:
         01:12:05:01:a4:73:da:aa:49:57:0b:de:e8:4b:a2:0e:e1:63:
         15:53:2c:ca:6f:4d:ac:e2:f5:a7:85:a3:e6:27:f1:d3:c0:66:
         8a:7b:dd:41:38:17:a2:04:79:e3:d8:99:46:fa:4a:16:d8:79:
         ad:99:0d:f1:7a:91:06:d4:1e:46:b4:ec:27:a1:ed:5f:5f:cd:
         74:db:69:ad:54:7a:70:11:aa:c8:be:d5:75:d7:5d:0c:06:e2:
         55:bb:fa:6c:5e:97:45:0b:c5:c8:91:0a:d8:04:37:ea:dc:4b:
         f4:4f:5e:a6:5a:ef:b0:33:46:e9:74:71:20:6f:53:f5:ec:ed:
         e7:b9:09:98:b7:d8:dc:07:b5:be:de:5f:a1:28:80:e5:9c:c0:
         c5:44:76:fd:0f:fe:9b:a4:8f:44:3a:2a:34:15:c3:51:47:d3:
         e7:81:bd:94:ac:b8:6a:de:7e:e8:b8:e3:8c:e2:fb:ad:3d:a8:
         76:7e:55:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUayEM+m1UFRUAMi5IiHMj1nNR02UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjIwNTdlNjk4NDc5NTQzN2UxNmJhNjRhOGJmMjIzNWE5
NTQ1MGQ2MDVkOGFkOGNhOWJmOWRkZjM0YjMzNDcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnwPXxR+MHa/m6EQlEGpCjFyumXIgkuN+hXiqfw5dRv6zd
IlRgRNNbykV9rqIdIMz8SjAcBTSWKW7vtct9EB8m9J4gC5sYm7RYngiwUVp9TrWE
N3Lsc1Aq+0Ds06yCLA2IsQgeUqW6pmVqWrX+mUZM1N/2tB6eJoLmoRZP69hzj6Qw
Cvr51TUs787W3T/mpr9l64HY+LHcdhNainPnwNQN8M94ZS3p0VIlPeS5yMezYnTU
72mYBn2zGNEL761TFYqqb20V61215riH92UZznGPhGprQaolhkdo3xwtsxyYUAf+
BRkYEi33Kz5qeQog68vWsQfQNbdQsUJ/UM93olzFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDsp54Okj3E5l1zM7uFUUBKzODR0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1YWZmZDQyLTI3NDQtNDhmMi1hMjEyLWE1NTU1OWJlZGZlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgAEgwDQYJKoZIhvcNAQELBQADggEBAL56S8JLsAICvBbL80dvq8eZRPv2
WINp1kylQurSapgo57RF/JGcVYXpTCJoc8wkH/F1hHB5TBFIsHflsNoQLNgw09k1
NHpWMgESBQGkc9qqSVcL3uhLog7hYxVTLMpvTazi9aeFo+Yn8dPAZop73UE4F6IE
eePYmUb6ShbYea2ZDfF6kQbUHka07Ceh7V9fzXTbaa1UenARqsi+1XXXXQwG4lW7
+mxel0ULxciRCtgEN+rcS/RPXqZa77AzRul0cSBvU/Xs7ee5CZi32NwHtb7eX6Eo
gOWcwMVEdv0P/pukj0Q6KjQVw1FH0+eBvZSsuGrefui444zi+609qHZ+VUY=
-----END CERTIFICATE-----