Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/614154af-68bd-4727-89f4-647be8dc65ad.roa
File:                     614154af-68bd-4727-89f4-647be8dc65ad.roa (raw, json)
Hash identifier:          8mq34pE8JY9LiYoPYcgTybajO5A5YOvHNKPlO7/cvqQ=
Subject key identifier:   38:C1:8B:2E:FC:8E:CB:00:9F:8A:8C:0D:5E:3E:01:1F:2F:28:75:F0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5633640A0E2CBA409AC2B7B56E09E28A0F1A69AE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/614154af-68bd-4727-89f4-647be8dc65ad.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        192.189.198.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:33:64:0a:0e:2c:ba:40:9a:c2:b7:b5:6e:09:e2:8a:0f:1a:69:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=6efcedacf26cd6b751dae67404b4c7f85b4f64517aefe8f58c1125ec45132abc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:f6:19:65:33:e9:1c:67:a7:43:36:07:20:fe:
                    7b:56:30:94:f3:df:1c:d4:ec:ff:c7:a5:4d:79:c8:
                    70:cb:e4:ab:c7:ed:9f:3a:25:8d:04:b8:f9:e1:d2:
                    eb:8f:3c:70:9e:47:de:85:28:bf:a7:0e:f9:29:54:
                    b3:c2:6e:1d:ab:88:e0:ac:13:0e:7f:ff:1a:45:05:
                    12:47:4c:b7:16:a1:1d:2f:1f:bd:1b:49:e9:c2:f1:
                    c8:e1:68:cd:f8:87:01:14:9a:20:1d:37:a6:87:79:
                    fe:44:d4:27:1b:fc:4a:2e:cf:a1:cb:67:a1:9b:ef:
                    d8:86:77:96:c0:d0:5e:d7:17:5a:56:5c:9b:99:89:
                    53:60:60:45:77:60:0b:7a:db:88:dc:20:94:62:84:
                    e1:e5:dc:f0:de:96:21:42:78:24:4e:06:0d:fd:6e:
                    74:af:65:91:45:8c:b2:40:aa:97:4d:46:5a:4c:d8:
                    43:9a:6d:ed:dd:86:99:97:0f:3d:51:da:c1:ef:f3:
                    e1:f1:e4:cb:14:3c:28:9a:c7:ab:5d:e5:9f:f4:6d:
                    0e:e4:82:c5:dd:b9:5b:b2:0d:28:4a:ac:97:63:6c:
                    b1:1f:f9:5c:ca:a1:94:7d:4b:c0:22:2f:c3:4b:2b:
                    3c:a5:a7:9f:82:69:37:34:77:f5:27:17:35:bc:6e:
                    1c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:C1:8B:2E:FC:8E:CB:00:9F:8A:8C:0D:5E:3E:01:1F:2F:28:75:F0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/614154af-68bd-4727-89f4-647be8dc65ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:80:73:b2:09:c0:af:53:77:74:93:dd:f3:52:6b:b8:64:9a:
         06:e0:5f:ac:93:cc:b3:28:f8:ec:6d:68:52:eb:b1:24:44:9a:
         ee:90:89:6a:37:40:61:5d:3c:1c:89:72:14:7d:44:bb:37:92:
         9c:6a:23:6c:36:42:b1:2e:c7:ea:cb:4f:91:96:d7:34:45:21:
         8f:d8:4f:0a:ff:d6:9b:ac:ae:42:88:29:a5:e4:ff:a8:73:5e:
         59:ee:2c:19:a5:ea:f7:73:ac:e0:c6:fd:70:a0:ae:66:f4:2e:
         58:e6:96:51:39:c2:06:8f:3f:ba:e2:9c:f0:f9:26:d7:4a:c3:
         05:06:2e:99:c1:4c:fd:8a:ef:87:83:cd:c1:78:52:a6:36:8b:
         8e:fc:b4:ab:42:f6:74:c9:4e:84:e3:9c:15:65:32:4f:b0:78:
         ce:39:e4:bf:64:a6:95:33:41:6e:26:7a:bb:1f:d0:ff:12:73:
         cf:5b:66:3f:63:0a:f5:26:ea:43:e3:f5:60:6d:b1:67:e6:df:
         83:12:9d:60:71:f1:b1:b5:a8:ee:3b:e2:51:f1:b5:7b:9b:0e:
         62:c5:ab:64:db:81:3a:6e:56:53:19:7f:27:69:10:c0:b6:30:
         6c:b5:05:a9:86:50:9a:cb:85:a1:59:0e:23:36:0f:66:31:5d:
         43:db:8a:aa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVjNkCg4sukCawre1bgniig8aaa4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZWZjZWRhY2YyNmNkNmI3NTFkYWU2NzQwNGI0YzdmODVi
NGY2NDUxN2FlZmU4ZjU4YzExMjVlYzQ1MTMyYWJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDy9hllM+kcZ6dDNgcg/ntWMJTz3xzU7P/HpU15yHDL5KvH
7Z86JY0EuPnh0uuPPHCeR96FKL+nDvkpVLPCbh2riOCsEw5//xpFBRJHTLcWoR0v
H70bSenC8cjhaM34hwEUmiAdN6aHef5E1Ccb/Eouz6HLZ6Gb79iGd5bA0F7XF1pW
XJuZiVNgYEV3YAt624jcIJRihOHl3PDeliFCeCROBg39bnSvZZFFjLJAqpdNRlpM
2EOabe3dhpmXDz1R2sHv8+Hx5MsUPCiax6td5Z/0bQ7kgsXduVuyDShKrJdjbLEf
+VzKoZR9S8AiL8NLKzylp5+CaTc0d/UnFzW8bhyfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOMGLLvyOywCfiowNXj4BHy8odfAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxNDE1NGFmLTY4YmQtNDcyNy04OWY0LTY0N2JlOGRjNjVhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAvcYwDQYJKoZIhvcNAQELBQADggEBAACAc7IJwK9Td3ST3fNSa7hkmgbg
X6yTzLMo+OxtaFLrsSREmu6QiWo3QGFdPByJchR9RLs3kpxqI2w2QrEux+rLT5GW
1zRFIY/YTwr/1pusrkKIKaXk/6hzXlnuLBml6vdzrODG/XCgrmb0LljmllE5wgaP
P7rinPD5JtdKwwUGLpnBTP2K74eDzcF4UqY2i478tKtC9nTJToTjnBVlMk+weM45
5L9kppUzQW4mersf0P8Sc89bZj9jCvUm6kPj9WBtsWfm34MSnWBx8bG1qO474lHx
tXubDmLFq2TbgTpuVlMZfydpEMC2MGy1BamGUJrLhaFZDiM2D2YxXUPbiqo=
-----END CERTIFICATE-----