Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4dc98777-6d3b-48a6-ac2a-131d1fd621c6.roa
File:                     4dc98777-6d3b-48a6-ac2a-131d1fd621c6.roa (raw, json)
Hash identifier:          npppR1COmo5YILAWfuW3UQ077GSo7lwpOUTMPJOb6+Y=
Subject key identifier:   58:C2:3F:1A:62:01:51:F6:29:A8:99:59:B0:EA:B1:FC:A9:22:17:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B54268D7DBE2911DE447ABBD21810067E264F75
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4dc98777-6d3b-48a6-ac2a-131d1fd621c6.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        70.131.192.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:54:26:8d:7d:be:29:11:de:44:7a:bb:d2:18:10:06:7e:26:4f:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=eec675308601676374aad00ab02adb91385b05f237d683fc98619a439a444bc2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:1f:f9:24:37:38:e6:21:fe:25:e2:27:06:aa:
                    2e:f0:23:88:8d:43:b8:9d:1f:98:46:13:f2:8b:87:
                    05:a3:dc:fe:eb:bf:32:45:c3:05:88:75:7b:3b:b3:
                    aa:ab:d0:ee:90:2d:2d:23:ec:99:16:a7:2b:31:1c:
                    5d:24:ea:08:b0:49:42:cb:63:cf:da:f3:68:96:d9:
                    0b:48:28:ff:c0:f1:c7:e1:2f:e3:79:e5:f4:2d:1b:
                    fb:9b:cc:5c:00:19:3a:70:18:6e:eb:26:eb:c8:80:
                    ec:ab:58:d4:9a:29:53:c9:ca:81:dc:fc:b5:25:21:
                    33:39:ab:f1:24:09:dc:05:f0:4d:f5:1b:5a:a9:1d:
                    a5:9d:0a:c8:a3:02:e1:7d:af:31:47:63:40:10:6a:
                    16:ee:81:4e:8e:96:ea:90:81:c4:c0:20:6b:c1:b3:
                    c3:0b:58:a5:f1:02:f7:68:47:45:c2:dd:7b:a6:78:
                    62:6f:90:69:63:9f:9e:f8:6c:18:7d:25:6b:ea:10:
                    9c:23:86:bf:f9:a5:a1:38:3b:45:06:f3:a9:3a:ed:
                    2f:38:2c:09:40:6e:6a:37:a7:c3:05:05:aa:54:21:
                    b1:71:a9:57:0e:45:78:d8:9f:fa:93:5a:10:f1:ba:
                    9e:d2:52:74:17:d8:49:0e:54:53:58:7b:8d:59:1d:
                    ac:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C2:3F:1A:62:01:51:F6:29:A8:99:59:B0:EA:B1:FC:A9:22:17:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4dc98777-6d3b-48a6-ac2a-131d1fd621c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.131.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         4c:10:b5:4e:f0:c6:3c:58:fa:7b:e3:64:3b:3a:df:36:06:d6:
         32:1d:ec:5f:12:cb:ac:29:07:e2:90:b2:ef:4e:79:17:a9:f3:
         40:07:5b:ba:16:29:07:12:aa:c2:15:e1:53:4b:10:ca:ec:15:
         d9:5d:98:88:04:dc:78:d7:44:87:dc:ca:89:cd:65:4a:43:d5:
         b4:05:f3:b0:3f:fa:5d:7a:15:a8:fa:e0:0c:55:ab:34:bf:d9:
         3f:b6:d8:ce:e4:7f:55:fc:cc:a0:53:7d:44:44:97:46:72:a5:
         27:8b:52:9e:fc:e5:dc:4d:df:25:43:95:40:24:69:ae:b6:49:
         a9:75:26:dd:b4:72:2b:22:e1:21:9a:d5:a3:85:59:74:bb:aa:
         29:26:49:19:09:bc:62:6c:cf:8e:ea:e3:32:bd:fd:40:53:97:
         33:7b:75:ce:1e:33:e0:f0:db:12:06:d7:86:f1:8b:2c:4a:02:
         6a:7f:9d:01:c4:17:d7:2d:83:8c:41:60:4b:f3:ee:5c:aa:5c:
         72:e2:c8:64:e7:cd:d5:e1:a6:71:4d:1c:2e:90:40:20:f1:da:
         99:c7:85:7a:88:3f:87:d2:e8:fc:2c:41:54:e5:cb:64:d5:20:
         fe:36:9a:4f:b8:56:3f:72:0b:af:37:cb:fc:ae:02:2e:b5:c9:
         7e:f5:d9:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK1QmjX2+KRHeRHq70hgQBn4mT3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWM2NzUzMDg2MDE2NzYzNzRhYWQwMGFiMDJhZGI5MTM4
NWIwNWYyMzdkNjgzZmM5ODYxOWE0MzlhNDQ0YmMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCOH/kkNzjmIf4l4icGqi7wI4iNQ7idH5hGE/KLhwWj3P7r
vzJFwwWIdXs7s6qr0O6QLS0j7JkWpysxHF0k6giwSULLY8/a82iW2QtIKP/A8cfh
L+N55fQtG/ubzFwAGTpwGG7rJuvIgOyrWNSaKVPJyoHc/LUlITM5q/EkCdwF8E31
G1qpHaWdCsijAuF9rzFHY0AQahbugU6OluqQgcTAIGvBs8MLWKXxAvdoR0XC3Xum
eGJvkGljn574bBh9JWvqEJwjhr/5paE4O0UG86k67S84LAlAbmo3p8MFBapUIbFx
qVcORXjYn/qTWhDxup7SUnQX2EkOVFNYe41ZHazLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWMI/GmIBUfYpqJlZsOqx/KkiF5cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRkYzk4Nzc3LTZkM2ItNDhhNi1hYzJhLTEzMWQxZmQ2MjFjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZGg8AwDQYJKoZIhvcNAQELBQADggEBAEwQtU7wxjxY+nvjZDs63zYG1jId
7F8Sy6wpB+KQsu9OeRep80AHW7oWKQcSqsIV4VNLEMrsFdldmIgE3HjXRIfcyonN
ZUpD1bQF87A/+l16Faj64AxVqzS/2T+22M7kf1X8zKBTfUREl0ZypSeLUp785dxN
3yVDlUAkaa62Sal1Jt20cisi4SGa1aOFWXS7qikmSRkJvGJsz47q4zK9/UBTlzN7
dc4eM+Dw2xIG14bxiyxKAmp/nQHEF9ctg4xBYEvz7lyqXHLiyGTnzdXhpnFNHC6Q
QCDx2pnHhXqIP4fS6PwsQVTly2TVIP42mk+4Vj9yC683y/yuAi61yX712Wo=
-----END CERTIFICATE-----