Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/57d40863-a1e6-46dc-9a27-b0d3de172b46.roa
File:                     57d40863-a1e6-46dc-9a27-b0d3de172b46.roa (raw, json)
Hash identifier:          mxhRJ+Geez8nCPrvffoCBhQCYoJmEt2mLEE8llExx1I=
Subject key identifier:   FF:96:4B:23:A7:DF:32:71:88:4D:88:BA:2E:63:CD:99:D4:E1:99:DB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       64253DFF0A29627123F5389319B2A32C77BD3850
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/57d40863-a1e6-46dc-9a27-b0d3de172b46.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        167.243.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:25:3d:ff:0a:29:62:71:23:f5:38:93:19:b2:a3:2c:77:bd:38:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=a4cee2ccee52f2591bc3ea024eb5be7c15c5011e33916164c2a4a8a2122a31a3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0e:ac:db:2b:58:c4:82:fe:95:a6:e7:60:55:
                    ed:50:fa:72:91:9e:10:dd:55:1b:38:25:09:f8:45:
                    67:36:1c:0c:0e:ec:d7:38:65:25:fd:3e:cc:fd:60:
                    bf:28:0c:a7:72:62:8a:1c:be:5c:92:1f:45:06:2b:
                    de:3a:b3:e3:18:ea:9c:5d:84:91:59:f9:c4:c2:92:
                    cc:0f:9c:45:67:c9:e1:35:0d:d4:2c:60:97:cf:6c:
                    17:32:54:0c:17:f8:d2:d1:0b:f3:36:4a:22:3a:c5:
                    fb:45:0a:7d:53:8e:68:06:60:53:d6:58:63:f5:87:
                    81:6a:c2:a4:03:38:2f:4c:fe:81:bc:a8:78:45:dc:
                    4b:4b:cc:69:12:24:e2:c8:b6:a7:49:a5:92:02:0f:
                    33:e1:dc:19:4e:ff:cc:66:16:08:11:19:59:3a:22:
                    f0:57:31:31:76:1a:0d:bb:24:75:15:32:d8:4d:5b:
                    1e:87:fe:bb:99:a5:aa:aa:d4:14:10:1c:1b:ab:23:
                    b5:a9:25:37:4f:64:0b:85:cc:e3:c7:73:13:b3:28:
                    fe:c4:75:cf:e4:a7:94:c3:42:73:e3:44:d8:cc:03:
                    3d:82:39:13:e2:7c:3e:18:8c:7c:3d:40:bf:a2:7d:
                    6c:4d:1d:e3:df:d5:c8:9e:3c:3c:d0:ca:41:36:86:
                    df:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:96:4B:23:A7:DF:32:71:88:4D:88:BA:2E:63:CD:99:D4:E1:99:DB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/57d40863-a1e6-46dc-9a27-b0d3de172b46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.243.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:c6:67:9f:e3:8f:e1:25:43:bd:62:67:4c:b3:e3:97:aa:af:
         66:2c:04:3e:ae:69:f9:f6:20:8f:8b:29:2a:eb:c8:b2:b1:c2:
         33:38:36:3a:40:4e:b3:e9:19:88:7d:a5:4b:4d:f2:37:0b:d7:
         6b:fa:e8:f0:d9:6b:30:ca:7b:1d:a0:90:7a:30:ec:95:d1:4b:
         e6:d7:c5:0a:35:52:73:e1:18:1f:d0:44:fe:63:2f:e6:fc:d2:
         1d:4b:cb:55:be:10:55:38:94:c0:68:2b:2a:e3:81:b9:36:8b:
         cd:a2:51:bd:20:ed:83:86:60:cf:ed:29:15:80:36:25:a3:47:
         86:3d:7f:5f:f3:5d:45:81:ea:c3:3d:cf:9c:41:fb:a0:e6:ec:
         67:c8:93:aa:6c:88:8c:f3:54:3b:3d:da:c5:36:32:4f:f7:cc:
         b4:cc:22:b2:62:3b:7a:5a:3e:f1:23:2c:72:89:9c:9a:b4:4d:
         6d:69:42:f9:7d:3d:4e:11:4e:c5:d5:8e:ed:1a:2f:c5:cd:1f:
         4e:af:c6:75:41:12:77:b2:eb:03:5f:1b:30:2e:19:22:30:f3:
         d2:3b:42:1f:6e:e3:30:35:94:9f:66:1a:7d:29:18:ee:e1:8e:
         b1:af:e2:b8:0c:58:75:67:d5:07:41:c9:16:03:bf:37:9e:ff:
         e6:d1:d2:aa
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZCU9/wopYnEj9TiTGbKjLHe9OFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNGNlZTJjY2VlNTJmMjU5MWJjM2VhMDI0ZWI1YmU3YzE1
YzUwMTFlMzM5MTYxNjRjMmE0YThhMjEyMmEzMWEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmDqzbK1jEgv6VpudgVe1Q+nKRnhDdVRs4JQn4RWc2HAwO
7Nc4ZSX9Psz9YL8oDKdyYoocvlySH0UGK946s+MY6pxdhJFZ+cTCkswPnEVnyeE1
DdQsYJfPbBcyVAwX+NLRC/M2SiI6xftFCn1TjmgGYFPWWGP1h4FqwqQDOC9M/oG8
qHhF3EtLzGkSJOLItqdJpZICDzPh3BlO/8xmFggRGVk6IvBXMTF2Gg27JHUVMthN
Wx6H/ruZpaqq1BQQHBurI7WpJTdPZAuFzOPHcxOzKP7Edc/kp5TDQnPjRNjMAz2C
ORPifD4YjHw9QL+ifWxNHePf1ciePDzQykE2ht9HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/5ZLI6ffMnGITYi6LmPNmdThmdswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3ZDQwODYzLWExZTYtNDZkYy05YTI3LWIwZDNkZTE3MmI0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCn8zANBgkqhkiG9w0BAQsFAAOCAQEAQ8Znn+OP4SVDvWJnTLPjl6qvZiwE
Pq5p+fYgj4spKuvIsrHCMzg2OkBOs+kZiH2lS03yNwvXa/ro8NlrMMp7HaCQejDs
ldFL5tfFCjVSc+EYH9BE/mMv5vzSHUvLVb4QVTiUwGgrKuOBuTaLzaJRvSDtg4Zg
z+0pFYA2JaNHhj1/X/NdRYHqwz3PnEH7oObsZ8iTqmyIjPNUOz3axTYyT/fMtMwi
smI7elo+8SMscomcmrRNbWlC+X09ThFOxdWO7Rovxc0fTq/GdUESd7LrA18bMC4Z
IjDz0jtCH27jMDWUn2YafSkY7uGOsa/iuAxYdWfVB0HJFgO/N57/5tHSqg==
-----END CERTIFICATE-----