Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/606443da-54b6-4079-ae57-487588d0ad78.roa
File:                     606443da-54b6-4079-ae57-487588d0ad78.roa (raw, json)
Hash identifier:          Rc3ebt0NrUhxyYgXbqhrw26V1OceKku789d6+s8A+dA=
Subject key identifier:   DE:49:98:64:7A:46:A5:35:E8:2E:FA:4D:87:61:44:C2:57:DF:20:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1815F76492C5E373947C6A0866E2BDBF58DD3B76
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/606443da-54b6-4079-ae57-487588d0ad78.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        64.37.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:15:f7:64:92:c5:e3:73:94:7c:6a:08:66:e2:bd:bf:58:dd:3b:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=2993e504ceae634f4e92229ec65c89fb32eb657b28369e150fc07325520fb81e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:17:d8:7f:2e:00:8a:d9:4a:49:5f:1e:be:6d:
                    f7:74:46:90:f8:f3:ca:b7:8b:67:23:38:63:64:e8:
                    e7:24:64:70:02:70:52:ae:f8:eb:2f:6b:0d:4a:96:
                    a0:3d:b5:a7:40:0e:66:81:da:67:97:a5:79:4a:85:
                    5b:a1:17:2e:84:04:7a:2b:a6:03:3c:e9:13:6f:fa:
                    d1:e3:7e:77:f6:79:f1:60:49:70:8a:bd:67:71:42:
                    74:cf:f8:e8:22:2c:ba:7b:02:d3:7a:60:ca:57:5d:
                    73:c8:e8:51:b1:02:3a:b2:51:70:89:f5:4b:55:45:
                    22:64:84:99:7d:df:f9:a9:7a:d6:04:1b:b9:a0:b5:
                    8c:1c:97:df:c1:b2:ad:79:e4:f5:34:9b:d9:96:37:
                    c3:8c:22:7b:b9:5e:4a:32:62:4a:4c:47:5a:26:10:
                    cf:db:37:f0:53:4d:77:1b:73:6b:df:94:e7:df:1b:
                    03:c3:c4:18:3f:28:65:91:0c:e0:28:40:22:bf:81:
                    0f:94:26:ee:08:13:b1:1a:e5:ec:4f:6d:d3:25:d9:
                    82:e4:03:cc:b1:1f:89:19:a8:41:ad:ae:56:73:56:
                    1e:54:43:db:bc:75:31:8c:c7:60:ea:c5:33:08:96:
                    d4:ae:ef:8f:7b:8f:6a:d6:c3:39:3c:7e:06:05:78:
                    c7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:49:98:64:7A:46:A5:35:E8:2E:FA:4D:87:61:44:C2:57:DF:20:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/606443da-54b6-4079-ae57-487588d0ad78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.37.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         23:dd:79:2f:54:78:c6:58:24:c6:b3:31:dd:20:6c:e8:dc:0a:
         c2:81:d3:36:94:be:bb:fb:ff:bc:d5:0e:1e:0e:8f:a0:66:8c:
         17:59:ee:cf:66:53:d3:88:89:d9:df:36:ad:9b:50:65:bb:09:
         9d:c6:b8:2f:79:f1:df:3d:cd:d9:b6:10:b5:18:ff:c9:9a:96:
         70:61:77:b0:a3:a8:2b:d8:12:0a:7b:3c:54:bd:ac:8e:2f:d0:
         57:76:6f:07:83:96:a5:3b:e8:d8:4e:8f:58:83:d2:71:30:6a:
         15:88:1b:b4:d9:14:8f:24:9f:18:29:ed:73:26:96:78:a5:23:
         74:bf:20:06:da:15:a5:26:d9:51:ec:a0:62:9c:a0:29:0d:e9:
         3e:47:0f:a9:d4:0e:cc:8c:40:22:35:f0:94:f8:7a:2c:53:4c:
         87:73:28:65:76:93:cf:ec:2f:81:aa:5f:ba:b5:08:7b:95:34:
         07:fa:6a:c9:9a:7f:28:8d:53:e1:02:b7:4b:35:41:b5:66:b4:
         fb:d2:fe:34:a8:01:a2:e8:a4:71:53:fc:f8:f3:15:d0:ac:fb:
         b5:dd:9c:7b:ea:70:3e:3c:42:dc:3e:c0:bd:6e:81:8f:19:2d:
         3d:8a:3e:8e:0c:c7:3b:39:5c:85:d9:de:e2:41:42:8a:47:35:
         a2:99:cb:f4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGBX3ZJLF43OUfGoIZuK9v1jdO3YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOTkzZTUwNGNlYWU2MzRmNGU5MjIyOWVjNjVjODlmYjMy
ZWI2NTdiMjgzNjllMTUwZmMwNzMyNTUyMGZiODFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiF9h/LgCK2UpJXx6+bfd0RpD488q3i2cjOGNk6OckZHAC
cFKu+Osvaw1KlqA9tadADmaB2meXpXlKhVuhFy6EBHorpgM86RNv+tHjfnf2efFg
SXCKvWdxQnTP+OgiLLp7AtN6YMpXXXPI6FGxAjqyUXCJ9UtVRSJkhJl93/mpetYE
G7mgtYwcl9/Bsq155PU0m9mWN8OMInu5XkoyYkpMR1omEM/bN/BTTXcbc2vflOff
GwPDxBg/KGWRDOAoQCK/gQ+UJu4IE7Ea5exPbdMl2YLkA8yxH4kZqEGtrlZzVh5U
Q9u8dTGMx2DqxTMIltSu7497j2rWwzk8fgYFeMehAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3kmYZHpGpTXoLvpNh2FEwlffIPowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwNjQ0M2RhLTU0YjYtNDA3OS1hZTU3LTQ4NzU4OGQwYWQ3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZAJUAwDQYJKoZIhvcNAQELBQADggEBACPdeS9UeMZYJMazMd0gbOjcCsKB
0zaUvrv7/7zVDh4Oj6BmjBdZ7s9mU9OIidnfNq2bUGW7CZ3GuC958d89zdm2ELUY
/8malnBhd7CjqCvYEgp7PFS9rI4v0Fd2bweDlqU76NhOj1iD0nEwahWIG7TZFI8k
nxgp7XMmlnilI3S/IAbaFaUm2VHsoGKcoCkN6T5HD6nUDsyMQCI18JT4eixTTIdz
KGV2k8/sL4GqX7q1CHuVNAf6asmafyiNU+ECt0s1QbVmtPvS/jSoAaLopHFT/Pjz
FdCs+7XdnHvqcD48Qtw+wL1ugY8ZLT2KPo4Mxzs5XIXZ3uJBQopHNaKZy/Q=
-----END CERTIFICATE-----