Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c643c23-d471-4596-afde-39615bee9ec6.roa
File:                     5c643c23-d471-4596-afde-39615bee9ec6.roa (raw, json)
Hash identifier:          FuL4Tgz4fj586Z2lJ43h5uGk2WNsHFnXqylLCshx1jQ=
Subject key identifier:   9C:C5:7D:84:27:F2:A8:EB:1F:67:70:78:F2:A0:DB:5B:1E:2D:47:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       394837A5B296D6F48227778DC94DBC345A6D6684
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c643c23-d471-4596-afde-39615bee9ec6.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.136.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:48:37:a5:b2:96:d6:f4:82:27:77:8d:c9:4d:bc:34:5a:6d:66:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:52:eb:82:28:fc:e8:2b:d8:72:4c:c3:cd:dc:
                    df:14:b2:d1:a1:e6:4b:fc:d6:3d:87:6f:4b:0d:60:
                    fa:65:fd:65:48:ea:15:15:a8:2c:41:f7:74:7b:d0:
                    30:da:df:fd:2c:2d:12:b3:c1:08:9c:ed:7f:86:cb:
                    4f:eb:09:11:19:37:3d:e8:66:bc:43:75:e8:bb:ad:
                    e0:e8:5b:c5:5e:91:16:4b:e0:d6:3b:c2:e0:37:b2:
                    91:69:21:d9:1a:2c:5d:4c:86:65:21:c0:60:41:17:
                    c1:30:83:c5:f1:a1:e7:e4:82:d6:e9:1c:a8:78:d4:
                    01:c6:ea:f4:a4:44:93:f5:30:75:fa:6d:03:1d:d3:
                    49:7c:06:21:cb:12:45:bc:c3:cb:f2:cc:a8:f9:c6:
                    fa:07:49:ef:17:26:31:ee:62:87:a8:43:cd:a2:5f:
                    a4:c4:3a:05:80:62:c4:18:b2:f0:29:34:41:93:18:
                    37:70:04:d9:e7:53:a7:59:36:59:1c:82:a9:75:ed:
                    aa:08:91:51:37:6c:b4:15:75:fc:5c:fc:b6:1e:15:
                    6a:ec:27:bc:6a:15:ad:19:6d:35:5d:15:20:b1:1b:
                    7e:8e:b9:40:d8:40:d0:5c:5a:8e:9a:45:6b:b0:b5:
                    78:82:08:55:39:dd:ff:39:8c:5e:7b:dd:2c:15:40:
                    ad:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:C5:7D:84:27:F2:A8:EB:1F:67:70:78:F2:A0:DB:5B:1E:2D:47:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5c643c23-d471-4596-afde-39615bee9ec6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         cd:cc:36:64:3f:8a:c6:20:31:3c:b2:5c:e6:42:41:66:b8:94:
         87:7e:76:21:54:e1:18:a4:24:3d:fd:d1:4a:64:cf:36:57:23:
         09:aa:f1:33:81:35:32:f3:30:72:49:f3:82:6c:83:9f:5a:c9:
         45:6b:ae:a1:fe:cd:60:0b:bc:b5:e0:72:2a:c0:fa:6e:e8:01:
         f7:2a:72:36:23:78:a7:f6:3d:39:c6:5a:fa:f4:36:0c:88:da:
         20:cd:00:d7:00:2d:5b:c8:ab:68:81:d4:3e:9f:53:72:5c:8c:
         43:63:c8:11:a9:cf:45:cb:f0:8f:5e:72:4d:4b:15:07:3c:5b:
         a5:7f:ae:12:32:86:b6:8d:cb:54:61:8d:ed:2e:3f:eb:e5:d1:
         f3:f1:4c:02:96:df:3e:38:9d:e4:99:a6:8b:b5:99:e6:78:ad:
         b9:bc:a4:ee:cb:5b:08:bf:ad:49:d6:f8:17:3d:05:b6:f8:1b:
         3d:64:3b:38:e3:d6:64:61:87:60:80:fb:f2:cc:ca:9f:e8:ed:
         23:01:43:6a:17:cf:08:c9:05:77:c4:e0:20:b5:0d:3f:14:c6:
         03:4e:75:6a:22:00:b1:dc:86:66:1a:ef:c5:93:9a:f1:4c:13:
         67:1f:2b:9b:f4:bb:50:e3:44:f1:17:e8:7f:05:5e:bd:32:aa:
         d8:a1:a1:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOUg3pbKW1vSCJ3eNyU28NFptZoQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjRiN2RkYmQwNjQ3NDc2MDM1ZGYxODY1YmJmODdlYTAz
MWUxMTQ3MjRiM2JlMWRkYTk5N2UwNGMzNzcyNGQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/UuuCKPzoK9hyTMPN3N8UstGh5kv81j2Hb0sNYPpl/WVI
6hUVqCxB93R70DDa3/0sLRKzwQic7X+Gy0/rCREZNz3oZrxDdei7reDoW8VekRZL
4NY7wuA3spFpIdkaLF1MhmUhwGBBF8Ewg8XxoefkgtbpHKh41AHG6vSkRJP1MHX6
bQMd00l8BiHLEkW8w8vyzKj5xvoHSe8XJjHuYoeoQ82iX6TEOgWAYsQYsvApNEGT
GDdwBNnnU6dZNlkcgql17aoIkVE3bLQVdfxc/LYeFWrsJ7xqFa0ZbTVdFSCxG36O
uUDYQNBcWo6aRWuwtXiCCFU53f85jF573SwVQK3ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnMV9hCfyqOsfZ3B48qDbWx4tR18wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVjNjQzYzIzLWQ0NzEtNDU5Ni1hZmRlLTM5NjE1YmVlOWVjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANgAIgwDQYJKoZIhvcNAQELBQADggEBAM3MNmQ/isYgMTyyXOZCQWa4lId+
diFU4RikJD390UpkzzZXIwmq8TOBNTLzMHJJ84Jsg59ayUVrrqH+zWALvLXgcirA
+m7oAfcqcjYjeKf2PTnGWvr0NgyI2iDNANcALVvIq2iB1D6fU3JcjENjyBGpz0XL
8I9eck1LFQc8W6V/rhIyhraNy1Rhje0uP+vl0fPxTAKW3z44neSZpou1meZ4rbm8
pO7LWwi/rUnW+Bc9Bbb4Gz1kOzjj1mRhh2CA+/LMyp/o7SMBQ2oXzwjJBXfE4CC1
DT8UxgNOdWoiALHchmYa78WTmvFME2cfK5v0u1DjRPEX6H8FXr0yqtihodI=
-----END CERTIFICATE-----