Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58d12de3-cdc0-4a87-831a-9aac5269d717.roa
File:                     58d12de3-cdc0-4a87-831a-9aac5269d717.roa (raw, json)
Hash identifier:          7mGUcDP55vpmTo5exWNzU+OvgX2luywZE8dyxmfCCEY=
Subject key identifier:   2D:37:BC:61:84:D4:30:64:F7:4B:95:36:23:CF:E5:EC:CC:95:BE:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C876FA7BB7DE0D70271F42E6BD2322ABB28D809
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58d12de3-cdc0-4a87-831a-9aac5269d717.roa
Signing time:             Mon 15 Apr 2024 00:00:00 +0000
ROA not before:           Mon 15 Apr 2024 00:00:00 +0000
ROA not after:            Mon 20 May 2024 23:59:59 +0000
asID:                     7393
IP address blocks:        65.175.64.0/18 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:87:6f:a7:bb:7d:e0:d7:02:71:f4:2e:6b:d2:32:2a:bb:28:d8:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 15 00:00:00 2024 GMT
            Not After : May 20 23:59:59 2024 GMT
        Subject: serialNumber=acb938379deeb4a97bf48eeeb71c6c3eee7b33af4d716e2f4774bbdd546c297c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7d:eb:03:cc:ae:4b:5e:9c:42:98:c8:a9:bd:
                    8d:84:49:07:81:fe:4e:82:64:b3:7d:98:0f:a8:ea:
                    9e:c5:cf:c7:c0:51:ce:2a:33:90:ab:f6:47:92:ad:
                    e4:92:d7:c8:d2:95:60:7b:36:5e:18:23:8c:1e:57:
                    1d:55:92:f1:6b:85:db:7b:ff:54:71:7e:4d:b0:fe:
                    c5:58:f5:52:39:97:22:27:5d:ae:b4:c0:db:df:be:
                    55:40:ad:32:08:5f:eb:b1:06:12:6e:82:6b:45:8a:
                    fd:01:bf:b7:9e:9a:26:6e:68:34:28:e5:98:05:99:
                    0c:d1:af:b8:10:65:a2:99:88:75:0c:78:78:5a:01:
                    b4:36:8a:0d:51:f0:e9:d1:32:95:96:d7:5d:97:90:
                    63:55:d3:9e:9a:7a:68:63:e4:d6:e9:09:49:15:6b:
                    80:8a:e0:18:96:94:bb:c3:09:4a:d9:52:07:f3:c5:
                    01:61:23:b6:8e:b9:7a:3f:03:b4:24:30:a6:3d:5c:
                    a1:06:ab:79:2e:d5:4e:ce:e5:38:9e:5f:66:c7:a5:
                    70:b1:91:27:16:52:d1:71:68:de:9b:f9:f1:0c:6b:
                    f0:44:a3:84:88:06:29:27:8c:48:56:10:32:6e:f4:
                    ca:de:44:0b:70:69:7d:f4:b8:eb:0b:92:86:80:bc:
                    3e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:37:BC:61:84:D4:30:64:F7:4B:95:36:23:CF:E5:EC:CC:95:BE:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58d12de3-cdc0-4a87-831a-9aac5269d717.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.175.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         54:71:46:c9:11:01:38:01:12:50:71:57:24:84:c2:1a:f0:2b:
         88:b3:bd:ba:77:a4:b9:ff:1a:d6:0a:79:36:fc:bf:fc:de:74:
         77:d6:f5:a5:a4:b7:08:89:25:56:40:a2:68:29:06:04:49:57:
         d9:98:e0:72:c3:f2:fd:49:e9:ab:f5:97:cb:de:f5:80:65:a4:
         8e:ed:8a:5e:d9:58:51:ec:f0:e4:c0:2c:77:49:6c:6f:58:ef:
         58:32:1a:70:cd:a8:81:4d:98:dd:9e:b6:5c:5a:7c:9c:19:16:
         51:ac:52:27:a1:89:9a:39:4f:e6:83:b1:df:b6:59:5a:cc:91:
         5b:5e:c0:e5:b8:79:1e:7f:69:f0:af:dc:fc:53:e4:68:86:58:
         e6:ec:ed:ea:dc:ae:dc:48:b0:78:de:7b:47:d0:67:9b:50:71:
         94:24:8e:7d:e4:73:04:b8:25:56:57:79:99:76:83:06:41:f1:
         64:2b:55:dc:2b:40:16:d5:ce:b5:a5:99:ae:52:30:2a:b9:ef:
         f1:3a:e1:19:c2:a8:c5:f3:08:a6:f6:0f:8d:8c:69:b8:bf:c8:
         af:33:f9:e2:bb:57:de:0d:29:28:43:e2:d5:ab:71:4c:bc:9e:
         24:6b:0b:59:9c:bc:78:5d:11:ce:86:82:e9:53:90:ac:94:d5:
         36:27:3b:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULIdvp7t94NcCcfQua9IyKrso2AkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwNDE1MDAwMDAwWhcNMjQwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhY2I5MzgzNzlkZWViNGE5N2JmNDhlZWViNzFjNmMzZWVl
N2IzM2FmNGQ3MTZlMmY0Nzc0YmJkZDU0NmMyOTdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCufesDzK5LXpxCmMipvY2ESQeB/k6CZLN9mA+o6p7Fz8fA
Uc4qM5Cr9keSreSS18jSlWB7Nl4YI4weVx1VkvFrhdt7/1Rxfk2w/sVY9VI5lyIn
Xa60wNvfvlVArTIIX+uxBhJugmtFiv0Bv7eemiZuaDQo5ZgFmQzRr7gQZaKZiHUM
eHhaAbQ2ig1R8OnRMpWW112XkGNV056aemhj5NbpCUkVa4CK4BiWlLvDCUrZUgfz
xQFhI7aOuXo/A7QkMKY9XKEGq3ku1U7O5TieX2bHpXCxkScWUtFxaN6b+fEMa/BE
o4SIBiknjEhWEDJu9MreRAtwaX30uOsLkoaAvD57AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULTe8YYTUMGT3S5U2I8/l7MyVvq4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4ZDEyZGUzLWNkYzAtNGE4Ny04MzFhLTlhYWM1MjY5ZDcxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZBr0AwDQYJKoZIhvcNAQELBQADggEBAFRxRskRATgBElBxVySEwhrwK4iz
vbp3pLn/GtYKeTb8v/zedHfW9aWktwiJJVZAomgpBgRJV9mY4HLD8v1J6av1l8ve
9YBlpI7til7ZWFHs8OTALHdJbG9Y71gyGnDNqIFNmN2etlxafJwZFlGsUiehiZo5
T+aDsd+2WVrMkVtewOW4eR5/afCv3PxT5GiGWObs7ercrtxIsHjee0fQZ5tQcZQk
jn3kcwS4JVZXeZl2gwZB8WQrVdwrQBbVzrWlma5SMCq57/E64RnCqMXzCKb2D42M
abi/yK8z+eK7V94NKShD4tWrcUy8niRrC1mcvHhdEc6GgulTkKyU1TYnO4k=
-----END CERTIFICATE-----