Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62ecd07b-f054-49cf-a2f2-4441b893bb8b.roa
File:                     62ecd07b-f054-49cf-a2f2-4441b893bb8b.roa (raw, json)
Hash identifier:          /gh9bDaXi+huFg+l2+rK+brAcYsbgNyFEEX2CCNV6Yo=
Subject key identifier:   7F:40:C6:B0:3C:E3:8A:55:3B:A6:BF:F5:D1:CB:ED:EB:D6:0C:95:B0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       08E32B9822075D3143D356BA0BEBCA2071E17160
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62ecd07b-f054-49cf-a2f2-4441b893bb8b.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        209.248.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:e3:2b:98:22:07:5d:31:43:d3:56:ba:0b:eb:ca:20:71:e1:71:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=867e7593218cc94a99eca0d0c6118d175f14e4c183f9eb5f0431234df2921f7e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:05:0d:42:65:cf:c4:6a:bc:ec:d4:52:a4:28:
                    02:f1:2f:24:ed:b7:b0:7a:f3:a2:3e:74:3d:be:0f:
                    69:c8:24:95:5d:41:48:71:92:50:03:37:5f:28:ef:
                    c3:58:2f:d4:fd:51:80:ad:e3:28:ab:a7:b4:2b:8a:
                    0e:f9:27:d8:66:34:fb:14:19:d8:66:57:72:1b:d5:
                    41:1f:45:73:08:cc:61:d5:15:80:e3:f3:01:c0:b7:
                    6b:39:c2:0f:fa:9e:71:a1:9a:dd:10:b9:90:a5:f2:
                    b0:03:c6:1d:fe:25:d2:69:00:96:23:65:f9:9f:8a:
                    3c:59:70:fb:20:20:3b:7b:0a:06:dc:d6:7b:81:4f:
                    5a:3d:62:5c:9d:9b:c1:ad:a9:20:b0:cc:42:78:77:
                    29:c2:6a:97:ab:3f:77:62:6c:83:94:e1:3f:a6:2b:
                    9d:64:a9:36:4d:60:ff:d8:44:a3:8f:e1:e1:4d:b1:
                    44:3b:49:1f:d0:94:77:8a:1f:65:03:0a:ed:0a:a7:
                    d0:e3:4c:ac:4e:75:94:33:dd:55:e7:1d:9e:fd:34:
                    81:75:ae:61:1a:59:b4:53:08:06:cf:af:3e:d0:41:
                    8f:75:39:f0:9d:d3:f5:ae:72:28:46:10:9f:ea:f2:
                    98:ac:91:46:1c:9d:7f:fd:ec:f5:13:68:dd:85:79:
                    98:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:40:C6:B0:3C:E3:8A:55:3B:A6:BF:F5:D1:CB:ED:EB:D6:0C:95:B0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62ecd07b-f054-49cf-a2f2-4441b893bb8b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.248.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         23:c7:9c:c2:9e:12:8a:d4:2e:36:2a:c4:a1:3f:c9:40:78:6f:
         ea:d2:0a:45:f4:99:2d:bc:40:dc:bf:da:5a:3d:02:41:21:a1:
         66:c3:f4:92:b0:31:29:2b:bf:ee:47:a5:d9:43:e8:62:49:fb:
         a7:21:24:eb:2a:b1:33:7e:d8:b0:3a:d9:0e:97:d9:bf:9e:e0:
         81:74:6d:a1:e0:7e:02:12:b5:54:86:36:88:40:7c:24:ab:16:
         3a:f2:27:ff:9b:9a:db:fb:bd:e5:11:35:da:75:4d:4d:69:c7:
         ca:2c:35:83:4d:eb:99:c5:15:53:db:d5:eb:72:6e:16:c8:e3:
         17:be:5e:e2:dd:c5:6a:b7:e9:39:d0:76:f7:75:c5:c8:87:76:
         a3:15:78:35:b0:74:ad:64:9a:23:bc:e0:05:58:62:80:c0:36:
         e2:44:46:b0:d5:2e:9b:61:5e:d4:09:f8:cd:d8:aa:0b:97:f1:
         ff:b1:6b:bc:34:37:67:7d:ad:7b:66:a2:a8:28:1f:2e:86:b7:
         53:f4:1a:7c:18:22:a2:55:84:50:1d:5b:1a:ce:0b:b1:ce:7f:
         76:17:53:64:a6:9d:ab:9b:c4:b6:ff:c1:1f:f6:c7:74:7d:34:
         b7:43:e9:50:ca:29:d2:2d:b0:c3:47:7b:30:66:1a:2d:e8:e6:
         4b:fe:ed:f5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCOMrmCIHXTFD01a6C+vKIHHhcWAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjdlNzU5MzIxOGNjOTRhOTllY2EwZDBjNjExOGQxNzVm
MTRlNGMxODNmOWViNWYwNDMxMjM0ZGYyOTIxZjdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsBQ1CZc/Earzs1FKkKALxLyTtt7B686I+dD2+D2nIJJVd
QUhxklADN18o78NYL9T9UYCt4yirp7Qrig75J9hmNPsUGdhmV3Ib1UEfRXMIzGHV
FYDj8wHAt2s5wg/6nnGhmt0QuZCl8rADxh3+JdJpAJYjZfmfijxZcPsgIDt7Cgbc
1nuBT1o9Ylydm8GtqSCwzEJ4dynCaperP3dibIOU4T+mK51kqTZNYP/YRKOP4eFN
sUQ7SR/QlHeKH2UDCu0Kp9DjTKxOdZQz3VXnHZ79NIF1rmEaWbRTCAbPrz7QQY91
OfCd0/WucihGEJ/q8piskUYcnX/97PUTaN2FeZj/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUf0DGsDzjilU7pr/10cvt69YMlbAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyZWNkMDdiLWYwNTQtNDljZi1hMmYyLTQ0NDFiODkzYmI4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfR+IAwDQYJKoZIhvcNAQELBQADggEBACPHnMKeEorULjYqxKE/yUB4b+rS
CkX0mS28QNy/2lo9AkEhoWbD9JKwMSkrv+5HpdlD6GJJ+6chJOsqsTN+2LA62Q6X
2b+e4IF0baHgfgIStVSGNohAfCSrFjryJ/+bmtv7veURNdp1TU1px8osNYNN65nF
FVPb1etybhbI4xe+XuLdxWq36TnQdvd1xciHdqMVeDWwdK1kmiO84AVYYoDANuJE
RrDVLpthXtQJ+M3YqguX8f+xa7w0N2d9rXtmoqgoHy6Gt1P0GnwYIqJVhFAdWxrO
C7HOf3YXU2SmnaubxLb/wR/2x3R9NLdD6VDKKdItsMNHezBmGi3o5kv+7fU=
-----END CERTIFICATE-----