Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b676a1e-6f46-4e14-847a-82030d5082ec.roa
File:                     4b676a1e-6f46-4e14-847a-82030d5082ec.roa (raw, json)
Hash identifier:          oY0ci5WKwwwARmO8WDh6s/9fBPnau+l6/Ayjc794SNc=
Subject key identifier:   E3:3E:61:86:0A:5E:49:56:78:09:16:66:8C:F6:B6:EA:58:2C:6F:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7398BDA2FEE6CC8A034AE236FE7F52F20225484D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b676a1e-6f46-4e14-847a-82030d5082ec.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        130.171.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:98:bd:a2:fe:e6:cc:8a:03:4a:e2:36:fe:7f:52:f2:02:25:48:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:0f:95:b0:fd:a4:cc:5b:0a:7b:4b:ce:03:2d:
                    d6:92:b7:ec:a7:ec:5a:11:6a:b4:2b:df:6b:3b:c6:
                    be:2c:0d:e7:6c:32:c5:7f:78:5b:9c:1d:66:ce:46:
                    64:c4:23:8b:52:6c:d1:94:7a:84:ea:0d:20:46:af:
                    af:bb:8f:71:bf:9f:63:88:5f:06:14:47:0a:11:fa:
                    82:e7:e7:6b:58:92:d6:e7:76:33:b4:70:e9:34:9d:
                    95:98:98:48:d6:95:f9:99:ea:87:10:2b:c5:95:25:
                    67:35:3a:30:db:e8:4f:bf:80:d8:fc:fc:47:82:d4:
                    92:3d:25:b1:5c:2d:cd:0b:d8:90:ef:87:58:64:77:
                    2c:b6:6e:b0:f3:ce:18:e9:3d:86:ea:28:de:20:d1:
                    9a:d8:bc:bb:66:61:c0:99:01:d2:e2:7b:1c:b3:72:
                    4e:67:94:10:c2:06:c9:f5:fb:de:ed:64:77:9e:9a:
                    57:50:0c:ff:c6:40:59:2f:de:e5:0f:bc:73:38:c9:
                    9b:f2:b5:8a:c2:c2:af:34:65:c7:ab:0e:4e:4d:18:
                    4f:92:1d:3b:fa:6e:e4:4b:63:4e:9b:27:1c:3c:4c:
                    e7:29:de:bd:a2:de:fa:2c:c4:50:49:7c:41:67:60:
                    63:11:a4:9e:f0:b3:08:10:b7:04:e1:25:27:78:f9:
                    77:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:3E:61:86:0A:5E:49:56:78:09:16:66:8C:F6:B6:EA:58:2C:6F:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b676a1e-6f46-4e14-847a-82030d5082ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.171.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         10:30:d2:a3:ff:a4:99:65:cf:bd:2e:79:6b:9d:20:52:af:84:
         04:26:a2:30:b2:b7:38:89:45:2e:48:dd:3a:e1:a6:ee:c1:6b:
         5c:df:5f:a2:52:6f:1d:99:02:af:ed:a4:22:50:9a:8f:65:09:
         5e:e7:05:4f:ad:c6:87:2b:86:49:b5:b4:8e:4d:ba:67:70:69:
         14:c6:25:e0:4f:da:1c:fa:cd:05:04:35:fc:88:dc:bb:ba:06:
         2a:10:ed:ab:37:79:c1:72:9e:17:52:29:48:53:7b:1e:3a:b5:
         41:88:63:ea:42:55:d5:fe:18:82:72:bc:27:ea:78:0f:fb:3d:
         05:6a:12:e9:0d:e2:25:b4:45:c3:38:15:f3:2d:5c:01:10:19:
         61:c8:13:e1:a6:8e:d1:f0:57:c9:dc:db:45:a8:35:ab:6a:0e:
         55:67:af:7b:05:e6:82:4a:13:db:e4:3d:17:b2:da:97:6a:9b:
         b9:ce:99:dc:ce:ec:36:0c:eb:06:07:f6:b2:90:c9:63:12:24:
         10:67:3b:ec:80:66:a3:10:db:ae:d4:31:27:36:1f:55:7f:53:
         78:12:bd:42:d5:89:d9:77:0a:e2:95:e2:45:50:83:68:45:c2:
         c3:26:86:72:15:c2:d9:25:04:e2:40:d7:4a:a9:45:47:b7:ef:
         1f:24:72:cd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUc5i9ov7mzIoDSuI2/n9S8gIlSE0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDZlMDFjMzIzMzBhMTA0YmNkOTU0OTA0YzIyYTc5OGQw
ZjBmNjMyZDc0YzFkYTcxZDljMjk0OTk2OTgzMGE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChD5Ww/aTMWwp7S84DLdaSt+yn7FoRarQr32s7xr4sDeds
MsV/eFucHWbORmTEI4tSbNGUeoTqDSBGr6+7j3G/n2OIXwYURwoR+oLn52tYktbn
djO0cOk0nZWYmEjWlfmZ6ocQK8WVJWc1OjDb6E+/gNj8/EeC1JI9JbFcLc0L2JDv
h1hkdyy2brDzzhjpPYbqKN4g0ZrYvLtmYcCZAdLiexyzck5nlBDCBsn1+97tZHee
mldQDP/GQFkv3uUPvHM4yZvytYrCwq80ZcerDk5NGE+SHTv6buRLY06bJxw8TOcp
3r2i3vosxFBJfEFnYGMRpJ7wswgQtwThJSd4+XflAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4z5hhgpeSVZ4CRZmjPa26lgsbwMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRiNjc2YTFlLTZmNDYtNGUxNC04NDdhLTgyMDMwZDUwODJlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCCqzANBgkqhkiG9w0BAQsFAAOCAQEAEDDSo/+kmWXPvS55a50gUq+EBCai
MLK3OIlFLkjdOuGm7sFrXN9folJvHZkCr+2kIlCaj2UJXucFT63GhyuGSbW0jk26
Z3BpFMYl4E/aHPrNBQQ1/Ijcu7oGKhDtqzd5wXKeF1IpSFN7Hjq1QYhj6kJV1f4Y
gnK8J+p4D/s9BWoS6Q3iJbRFwzgV8y1cARAZYcgT4aaO0fBXydzbRag1q2oOVWev
ewXmgkoT2+Q9F7Lal2qbuc6Z3M7sNgzrBgf2spDJYxIkEGc77IBmoxDbrtQxJzYf
VX9TeBK9QtWJ2XcK4pXiRVCDaEXCwyaGchXC2SUE4kDXSqlFR7fvHyRyzQ==
-----END CERTIFICATE-----