Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61e6e454-3c81-4f28-972a-059e874b46a3.roa
File:                     61e6e454-3c81-4f28-972a-059e874b46a3.roa (raw, json)
Hash identifier:          /I6+RkUkVEg9KVlZmaMMcsITGcclPisAUswk9Ored5U=
Subject key identifier:   3A:17:08:71:B2:F3:00:C5:ED:46:2C:2C:4E:EF:06:8E:0C:3B:56:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7682166E32DC4BF5EB608F97DFA063013588C7DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61e6e454-3c81-4f28-972a-059e874b46a3.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.132.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:82:16:6e:32:dc:4b:f5:eb:60:8f:97:df:a0:63:01:35:88:c7:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fe:06:15:24:0f:26:d0:af:bc:dd:96:96:83:
                    cb:f9:88:e5:e3:0d:63:53:e6:ff:46:ee:2b:6b:6a:
                    75:3e:bd:fd:ec:86:a4:6e:cc:19:c6:97:1b:b5:63:
                    af:30:4e:c4:32:bd:76:93:e7:fa:de:07:44:12:55:
                    34:dd:e9:74:37:40:fd:36:05:8b:d0:55:48:3a:51:
                    ac:96:ac:b6:d6:49:e0:7b:14:8c:e0:c6:9c:f5:57:
                    53:fe:65:33:db:b0:e0:ea:85:d2:17:0c:e6:ff:c6:
                    ac:e4:ea:fc:50:5e:44:4f:72:d0:fe:81:2f:dc:90:
                    ee:fb:e6:92:23:f8:74:26:65:d4:86:ef:b7:f2:a9:
                    74:97:09:48:74:62:6a:32:22:da:2c:38:5e:8b:3e:
                    36:d8:d7:12:7d:b9:f1:46:39:fe:63:33:14:d5:97:
                    9f:15:ac:f6:0d:22:38:72:d3:a1:08:7e:53:15:3c:
                    f8:f3:e9:43:51:b8:c9:c7:5f:dc:54:34:5d:f9:d4:
                    b9:4f:35:a4:f3:82:0c:f6:fd:78:bb:33:41:28:95:
                    dd:95:68:4f:41:98:fe:04:07:2b:e5:c7:c2:df:8f:
                    4b:92:f2:15:79:30:71:e6:d5:4d:30:12:06:aa:54:
                    55:f1:54:dd:4b:37:b9:18:70:f9:c1:7b:1f:91:f0:
                    0d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:17:08:71:B2:F3:00:C5:ED:46:2C:2C:4E:EF:06:8E:0C:3B:56:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61e6e454-3c81-4f28-972a-059e874b46a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:64:aa:bb:96:fc:f4:44:bb:ba:7a:17:10:ae:ba:c3:f8:9c:
         58:d6:4b:66:c8:b7:35:a2:f2:bf:ca:6c:10:88:20:4d:fa:02:
         96:4f:13:60:63:08:8e:ff:7e:77:d6:a6:45:74:43:63:1a:b3:
         61:1a:15:62:7f:a3:1f:08:8d:d8:03:47:43:fe:d0:69:53:e5:
         1b:21:d3:fd:fa:a6:e0:81:d0:8f:6a:e9:31:11:cc:e2:d4:d7:
         77:dc:41:b0:f1:3f:43:02:8c:e9:2d:6d:b5:62:8d:6e:27:cf:
         f7:95:d9:b1:11:51:91:bf:34:d8:35:81:2f:3a:83:78:e6:93:
         bd:4b:24:a3:e2:c7:bb:92:76:06:9f:43:4b:90:98:32:7c:f7:
         5a:9f:80:1f:15:b4:87:81:10:11:ad:80:7c:fe:12:7d:e5:df:
         ba:04:c7:78:ac:9c:af:9d:33:a4:51:73:ae:27:67:ec:ea:3c:
         fe:ba:df:18:f7:ff:17:5a:de:fa:f5:33:02:19:62:6f:79:9a:
         b5:9f:8b:f3:07:30:12:53:03:25:b3:1d:68:4a:61:5d:9a:4e:
         79:51:c2:e4:f5:c4:35:e9:17:16:4a:56:89:c5:3e:d2:e4:0c:
         20:61:08:f3:61:f4:59:b5:fb:a3:fd:d3:a5:e1:3a:bf:75:08:
         10:35:af:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdoIWbjLcS/XrYI+X36BjATWIx90wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNDBmYjEyZTI0NmNiMTE3YjFlYjgzYjAxYTU0OTBhMTZj
MGM0MWY0Y2NmMTI1NWZhODQ2ZmI1MjVhOTliMWIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw/gYVJA8m0K+83ZaWg8v5iOXjDWNT5v9G7itranU+vf3s
hqRuzBnGlxu1Y68wTsQyvXaT5/reB0QSVTTd6XQ3QP02BYvQVUg6UayWrLbWSeB7
FIzgxpz1V1P+ZTPbsODqhdIXDOb/xqzk6vxQXkRPctD+gS/ckO775pIj+HQmZdSG
77fyqXSXCUh0YmoyItosOF6LPjbY1xJ9ufFGOf5jMxTVl58VrPYNIjhy06EIflMV
PPjz6UNRuMnHX9xUNF351LlPNaTzggz2/Xi7M0Eold2VaE9BmP4EByvlx8Lfj0uS
8hV5MHHm1U0wEgaqVFXxVN1LN7kYcPnBex+R8A1dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOhcIcbLzAMXtRiwsTu8Gjgw7VpgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxZTZlNDU0LTNjODEtNGYyOC05NzJhLTA1OWU4NzRiNDZhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJgAIQwDQYJKoZIhvcNAQELBQADggEBAMRkqruW/PREu7p6FxCuusP4nFjW
S2bItzWi8r/KbBCIIE36ApZPE2BjCI7/fnfWpkV0Q2Mas2EaFWJ/ox8IjdgDR0P+
0GlT5Rsh0/36puCB0I9q6TERzOLU13fcQbDxP0MCjOktbbVijW4nz/eV2bERUZG/
NNg1gS86g3jmk71LJKPix7uSdgafQ0uQmDJ891qfgB8VtIeBEBGtgHz+En3l37oE
x3isnK+dM6RRc64nZ+zqPP663xj3/xda3vr1MwIZYm95mrWfi/MHMBJTAyWzHWhK
YV2aTnlRwuT1xDXpFxZKVonFPtLkDCBhCPNh9Fm1+6P906XhOr91CBA1r70=
-----END CERTIFICATE-----