Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6595489f-598b-4c8b-9989-e5cec93894f3.roa
File:                     6595489f-598b-4c8b-9989-e5cec93894f3.roa (raw, json)
Hash identifier:          0lRlEWZgOwyeB10MasFs6LOtNbxP4+wq0WJp7FMqAvI=
Subject key identifier:   42:91:FB:73:DD:B5:0C:C7:DA:39:A1:FC:28:C0:B5:B5:10:44:71:A2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       071AC6B6269223C5922B6AABEC988DBD3C33D2E0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6595489f-598b-4c8b-9989-e5cec93894f3.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        168.241.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:1a:c6:b6:26:92:23:c5:92:2b:6a:ab:ec:98:8d:bd:3c:33:d2:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f8:83:12:93:7b:f7:94:a4:16:8b:1d:ae:5c:
                    29:5c:d1:e3:08:10:e7:71:c6:0a:2b:8d:f6:8b:55:
                    ee:b5:f0:d8:40:97:44:97:e0:86:86:ef:95:1e:1e:
                    ee:1d:a5:0d:15:75:c7:3f:95:f8:c1:38:fd:77:45:
                    02:ab:94:d0:28:03:e6:6d:64:f3:8c:cb:78:67:79:
                    ec:c8:ff:98:40:aa:08:b0:ae:72:54:6d:60:9a:39:
                    2b:f2:5e:b7:00:c3:45:45:bf:1b:76:9a:69:9d:69:
                    26:24:2c:10:b8:1e:4e:90:e9:7e:2d:5e:38:9c:b3:
                    9e:22:79:e6:b6:05:b4:31:da:19:c8:97:c8:c7:60:
                    9a:f0:7c:b6:4d:f7:bf:70:ee:db:4f:99:3a:c8:39:
                    67:6c:e5:04:10:31:fd:a8:70:a0:d5:c3:f5:94:3d:
                    8c:19:09:b5:e5:14:25:cf:44:6f:ba:d7:48:86:20:
                    55:7c:0d:b5:85:93:20:24:28:b3:82:29:24:17:48:
                    5a:ed:d3:db:28:7a:38:55:56:73:81:fd:e1:e6:4b:
                    d4:99:90:95:20:6b:5d:89:3c:15:e8:34:4d:99:d0:
                    2f:f0:5d:88:5d:e0:e9:fe:9c:c3:cf:ef:6a:0c:ea:
                    03:ab:0d:4f:49:ef:e2:46:9f:8b:23:59:75:5e:fa:
                    4c:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:91:FB:73:DD:B5:0C:C7:DA:39:A1:FC:28:C0:B5:B5:10:44:71:A2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6595489f-598b-4c8b-9989-e5cec93894f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.241.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bb:82:8c:9a:4f:20:a5:7c:2b:75:9f:39:54:4f:61:e0:b5:4a:
         a4:72:8e:9c:2a:3b:17:1d:e5:8a:12:7e:99:84:00:a3:b4:63:
         66:af:a9:19:d8:8c:14:2f:cc:05:90:c4:02:e0:e1:94:39:22:
         d3:15:41:1f:6f:81:b3:ce:82:b5:45:80:e6:57:c3:f2:81:99:
         c7:5a:d1:a0:4b:cf:8e:db:e2:43:64:ce:5a:41:e4:4f:f8:aa:
         9e:42:e6:8b:ef:e6:b2:db:e2:de:f0:a5:9d:2c:88:ae:fe:17:
         f1:55:0b:87:88:12:95:f9:16:73:ba:8e:86:ad:c6:97:28:8f:
         52:3f:05:c4:74:8e:12:cf:22:84:15:56:6b:c7:c2:10:27:63:
         07:45:52:97:eb:a8:5b:63:38:a4:75:d1:0d:c0:01:89:fb:fb:
         6b:86:8f:5b:04:92:4b:0f:e1:0a:2a:8c:fc:3f:6d:44:2b:34:
         e8:9e:dd:54:a8:3b:cf:54:f4:1b:80:35:a1:03:70:84:ca:af:
         b0:83:de:f9:09:20:74:cb:67:b3:00:6c:e1:bf:78:4e:b0:83:
         6b:c9:09:85:06:e1:8c:4a:5e:0c:a0:90:7a:bc:cd:1a:bb:17:
         34:3c:86:85:94:76:1d:77:bc:ef:0a:31:d5:bf:73:f0:c3:79:
         3f:68:64:6b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBxrGtiaSI8WSK2qr7JiNvTwz0uAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmQ1YmZiN2Q4MzU3MmUyZmM3YTFiN2Y3ZTk1NWQyY2Q4
NjI1NWNjOGQ3MjMzN2Q1NWY5ZGI5NzkyMWFjOGQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp+IMSk3v3lKQWix2uXClc0eMIEOdxxgorjfaLVe618NhA
l0SX4IaG75UeHu4dpQ0Vdcc/lfjBOP13RQKrlNAoA+ZtZPOMy3hneezI/5hAqgiw
rnJUbWCaOSvyXrcAw0VFvxt2mmmdaSYkLBC4Hk6Q6X4tXjics54ieea2BbQx2hnI
l8jHYJrwfLZN979w7ttPmTrIOWds5QQQMf2ocKDVw/WUPYwZCbXlFCXPRG+610iG
IFV8DbWFkyAkKLOCKSQXSFrt09soejhVVnOB/eHmS9SZkJUga12JPBXoNE2Z0C/w
XYhd4On+nMPP72oM6gOrDU9J7+JGn4sjWXVe+kwFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQpH7c921DMfaOaH8KMC1tRBEcaIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1OTU0ODlmLTU5OGItNGM4Yi05OTg5LWU1Y2VjOTM4OTRmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCo8TANBgkqhkiG9w0BAQsFAAOCAQEAu4KMmk8gpXwrdZ85VE9h4LVKpHKO
nCo7Fx3lihJ+mYQAo7RjZq+pGdiMFC/MBZDEAuDhlDki0xVBH2+Bs86CtUWA5lfD
8oGZx1rRoEvPjtviQ2TOWkHkT/iqnkLmi+/mstvi3vClnSyIrv4X8VULh4gSlfkW
c7qOhq3GlyiPUj8FxHSOEs8ihBVWa8fCECdjB0VSl+uoW2M4pHXRDcABifv7a4aP
WwSSSw/hCiqM/D9tRCs06J7dVKg7z1T0G4A1oQNwhMqvsIPe+QkgdMtnswBs4b94
TrCDa8kJhQbhjEpeDKCQerzNGrsXNDyGhZR2HXe87wox1b9z8MN5P2hkaw==
-----END CERTIFICATE-----