Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64da19af-aece-4ba7-9ae1-57846512b6bf.roa
File:                     64da19af-aece-4ba7-9ae1-57846512b6bf.roa (raw, json)
Hash identifier:          tNUBloMOeW9yKKzqw/U9SMz4SqbpXpLRoTvDbgGVte4=
Subject key identifier:   3D:FD:2F:14:BC:27:5C:1F:70:0C:9D:29:B8:E0:BD:68:55:6C:85:68
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57F486EBD1BF2538132BC8F16FCAACB90FDE99A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64da19af-aece-4ba7-9ae1-57846512b6bf.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        130.176.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:f4:86:eb:d1:bf:25:38:13:2b:c8:f1:6f:ca:ac:b9:0f:de:99:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=ca49a297ff4c9bb78fe0339a19df742c644ea9ca783f994198e66af3b1a74d11, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:94:15:9d:9c:04:c5:cd:3b:66:78:e4:80:5f:
                    fc:b9:e7:d3:06:41:a0:0c:6f:db:fd:45:88:94:ff:
                    e5:37:7e:fb:3d:57:c6:ce:c0:2c:7c:16:79:b3:d1:
                    ae:2c:f0:16:c0:fb:bd:b3:b0:34:24:de:6a:ff:35:
                    a6:0d:30:bc:08:3e:5e:b6:b3:6b:c6:05:25:23:70:
                    0f:5f:56:a8:03:bc:ee:43:06:6f:6c:d2:72:a2:0a:
                    5b:3b:2f:6c:0e:ac:9d:7d:4b:42:6f:14:01:89:5f:
                    c3:f8:54:69:7f:cc:eb:a5:49:23:b7:ef:6a:ec:c5:
                    8e:23:fd:a0:38:c9:17:7a:d4:c3:4e:5c:93:f4:c9:
                    e0:f6:4a:19:d7:47:9f:55:a1:9d:79:54:a3:d4:f4:
                    99:ed:f5:cb:7e:75:d7:69:1f:9d:43:26:27:7b:6e:
                    9e:22:af:05:3c:d8:bb:bb:9c:48:18:73:c9:73:f7:
                    d3:db:6f:92:29:cf:3b:53:5a:76:0d:50:92:11:a6:
                    c9:1a:bb:39:c2:e3:8c:38:97:3d:b4:d3:f4:02:93:
                    1b:14:54:ea:fc:79:dc:4b:60:9e:de:4e:b6:f2:20:
                    6d:e3:e3:e6:8f:50:6c:c8:27:bb:45:23:9f:67:55:
                    0b:86:60:ac:c9:ea:9d:c6:8a:e0:e3:2a:05:2a:3c:
                    a7:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:FD:2F:14:BC:27:5C:1F:70:0C:9D:29:B8:E0:BD:68:55:6C:85:68
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64da19af-aece-4ba7-9ae1-57846512b6bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.176.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cd:75:bf:8b:ec:f7:a7:d8:b6:20:b9:45:a5:2e:63:5b:a7:87:
         ec:61:be:ea:75:34:4b:3f:fd:18:18:6f:30:a8:39:37:d4:47:
         e2:fd:c5:d6:9f:94:ac:f2:04:52:04:8f:f3:be:47:33:6a:f2:
         1d:41:fc:ae:1f:2d:2e:6c:4a:30:98:9b:a3:60:67:8b:c0:6f:
         e9:98:68:50:53:52:b9:c5:68:5a:b4:46:56:3f:11:fb:a3:4d:
         6e:a9:2e:e3:9d:cc:6e:82:b4:48:cf:ca:de:b5:d6:66:16:b4:
         60:62:44:9c:84:00:0b:2c:fe:25:eb:e8:ff:84:68:86:64:d9:
         5a:9b:a7:e9:af:15:d8:0a:c3:73:1a:8f:99:04:e7:58:3c:a6:
         35:16:0a:e5:39:14:89:f6:8c:d8:23:5f:b0:30:a9:81:21:e8:
         8a:b7:a9:11:94:96:ed:9d:81:54:78:38:57:1d:52:d5:c3:51:
         32:7b:7a:ee:a8:0a:a4:7c:01:21:ca:8e:1d:92:67:01:f9:2a:
         ac:6d:d7:fd:1e:10:5e:74:09:68:33:65:c8:57:46:28:fc:dd:
         60:82:4f:77:8f:c8:d7:6f:7d:68:c2:28:a7:8a:da:bc:4a:6e:
         bc:73:6b:91:ba:bc:9d:bb:9c:fb:2e:38:8c:86:5b:d0:ca:65:
         56:89:e4:ab
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUV/SG69G/JTgTK8jxb8qsuQ/emaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTQ5YTI5N2ZmNGM5YmI3OGZlMDMzOWExOWRmNzQyYzY0
NGVhOWNhNzgzZjk5NDE5OGU2NmFmM2IxYTc0ZDExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXlBWdnATFzTtmeOSAX/y559MGQaAMb9v9RYiU/+U3fvs9
V8bOwCx8Fnmz0a4s8BbA+72zsDQk3mr/NaYNMLwIPl62s2vGBSUjcA9fVqgDvO5D
Bm9s0nKiCls7L2wOrJ19S0JvFAGJX8P4VGl/zOulSSO372rsxY4j/aA4yRd61MNO
XJP0yeD2ShnXR59VoZ15VKPU9Jnt9ct+dddpH51DJid7bp4irwU82Lu7nEgYc8lz
99Pbb5IpzztTWnYNUJIRpskauznC44w4lz200/QCkxsUVOr8edxLYJ7eTrbyIG3j
4+aPUGzIJ7tFI59nVQuGYKzJ6p3GiuDjKgUqPKe3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPf0vFLwnXB9wDJ0puOC9aFVshWgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0ZGExOWFmLWFlY2UtNGJhNy05YWUxLTU3ODQ2NTEyYjZiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCCsDANBgkqhkiG9w0BAQsFAAOCAQEAzXW/i+z3p9i2ILlFpS5jW6eH7GG+
6nU0Sz/9GBhvMKg5N9RH4v3F1p+UrPIEUgSP875HM2ryHUH8rh8tLmxKMJibo2Bn
i8Bv6ZhoUFNSucVoWrRGVj8R+6NNbqku453MboK0SM/K3rXWZha0YGJEnIQACyz+
Jevo/4RohmTZWpun6a8V2ArDcxqPmQTnWDymNRYK5TkUifaM2CNfsDCpgSHoirep
EZSW7Z2BVHg4Vx1S1cNRMnt67qgKpHwBIcqOHZJnAfkqrG3X/R4QXnQJaDNlyFdG
KPzdYIJPd4/I1299aMIop4ravEpuvHNrkbq8nbuc+y44jIZb0MplVonkqw==
-----END CERTIFICATE-----