Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6996b089-2646-45d3-a84b-453d40cbf047.roa
File:                     6996b089-2646-45d3-a84b-453d40cbf047.roa (raw, json)
Hash identifier:          N6O8aJbHllY3CJxuKFezneeH8Bf6t9q7XFEq084fITE=
Subject key identifier:   95:2A:D0:8F:C7:CE:B5:16:DD:61:C1:01:24:F0:27:E5:23:57:1B:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1A5B857540191BC3B6E8C14F3A524B36FA5E0A1A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6996b089-2646-45d3-a84b-453d40cbf047.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        159.180.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:5b:85:75:40:19:1b:c3:b6:e8:c1:4f:3a:52:4b:36:fa:5e:0a:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=043fade38eb592bed4fd3143fdcda8b030db5fd880c9a016d73fadf0af12d60b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:31:35:a2:fd:f5:61:78:18:6d:fa:1e:8b:cb:
                    2f:3d:a6:11:ed:a4:4e:28:05:2b:95:c0:90:86:99:
                    b8:11:9c:e5:b4:f2:bc:69:bb:31:85:da:00:40:1a:
                    ed:0d:e2:b4:8e:86:94:a1:87:ed:99:6b:e1:11:ff:
                    83:7f:73:1f:32:50:45:ca:a6:8b:08:52:86:43:4b:
                    a7:15:37:5d:fd:7a:b4:75:96:71:4b:71:ff:57:7c:
                    a5:55:a7:63:50:90:93:bf:73:6c:f9:61:05:bb:5b:
                    25:87:14:15:68:e7:da:a9:75:f9:ee:b2:6c:1a:19:
                    89:f3:5d:ce:56:d7:ec:4e:77:db:ba:d8:98:59:0d:
                    e1:64:c3:5a:82:6f:33:9b:80:69:13:12:b0:04:e2:
                    2b:9e:ce:56:90:17:2e:6f:da:1e:b1:c0:6f:e6:67:
                    64:59:4e:05:d2:4c:f5:dd:aa:17:f4:c1:1b:7a:93:
                    1e:0c:68:82:74:c2:1c:93:04:0a:c7:00:66:25:2a:
                    f4:cd:38:da:8c:b8:93:e7:11:46:4c:82:7f:e4:37:
                    8c:b9:c0:55:d9:a4:b1:4a:32:4d:83:6b:7d:c9:91:
                    a3:52:47:63:e9:9f:de:57:70:52:7a:a9:0d:fd:c5:
                    3a:35:e8:92:9a:58:84:2f:cb:65:73:6f:81:9e:e9:
                    96:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:2A:D0:8F:C7:CE:B5:16:DD:61:C1:01:24:F0:27:E5:23:57:1B:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6996b089-2646-45d3-a84b-453d40cbf047.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.180.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         4c:38:9e:8f:e7:b0:d0:54:41:6f:ee:82:b4:5c:ba:37:ca:01:
         cc:cf:b8:f7:06:78:02:e6:8c:d0:e1:a8:f5:f7:b7:1b:2a:19:
         a1:77:70:e4:77:52:68:92:dd:0d:af:79:54:41:7b:f9:84:c9:
         72:ae:a0:b5:b2:d4:8f:85:b7:e9:06:05:5f:3f:96:3d:87:a2:
         7b:e8:08:ca:72:45:ad:50:ff:25:83:37:1c:21:f8:6a:4f:3e:
         24:fe:65:b0:03:ba:82:a8:65:7a:dd:7e:17:42:82:c3:10:50:
         bf:af:8d:88:41:28:fe:03:44:57:dc:e4:a6:e2:f6:7d:f9:fc:
         e9:35:85:4f:5d:4c:9c:f9:d5:88:ec:ea:d1:2c:7d:69:29:d6:
         1a:74:53:a0:5b:10:ef:e9:9f:70:9b:e4:4b:1d:02:5e:ba:fd:
         d3:a9:f2:14:1c:84:01:81:8c:3f:cd:a2:53:07:ed:6b:bb:91:
         b1:06:2f:67:2e:56:36:2b:0c:69:cd:8a:50:ac:fe:5e:3f:13:
         2e:b1:2f:0a:06:52:4e:58:10:9c:72:ac:e2:ba:9e:58:96:31:
         7e:03:cb:ac:db:43:de:32:32:f3:e7:f9:15:49:43:4d:15:8d:
         e6:5f:94:fc:20:ee:c8:9d:df:c6:13:f6:db:ed:2b:71:b1:37:
         1a:5e:58:45
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGluFdUAZG8O26MFPOlJLNvpeChowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDNmYWRlMzhlYjU5MmJlZDRmZDMxNDNmZGNkYThiMDMw
ZGI1ZmQ4ODBjOWEwMTZkNzNmYWRmMGFmMTJkNjBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJMTWi/fVheBht+h6Lyy89phHtpE4oBSuVwJCGmbgRnOW0
8rxpuzGF2gBAGu0N4rSOhpShh+2Za+ER/4N/cx8yUEXKposIUoZDS6cVN139erR1
lnFLcf9XfKVVp2NQkJO/c2z5YQW7WyWHFBVo59qpdfnusmwaGYnzXc5W1+xOd9u6
2JhZDeFkw1qCbzObgGkTErAE4iuezlaQFy5v2h6xwG/mZ2RZTgXSTPXdqhf0wRt6
kx4MaIJ0whyTBArHAGYlKvTNONqMuJPnEUZMgn/kN4y5wFXZpLFKMk2Da33JkaNS
R2Ppn95XcFJ6qQ39xTo16JKaWIQvy2Vzb4Ge6ZZ1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlSrQj8fOtRbdYcEBJPAn5SNXG24wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY5OTZiMDg5LTI2NDYtNDVkMy1hODRiLTQ1M2Q0MGNiZjA0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaftAAwDQYJKoZIhvcNAQELBQADggEBAEw4no/nsNBUQW/ugrRcujfKAczP
uPcGeALmjNDhqPX3txsqGaF3cOR3UmiS3Q2veVRBe/mEyXKuoLWy1I+Ft+kGBV8/
lj2HonvoCMpyRa1Q/yWDNxwh+GpPPiT+ZbADuoKoZXrdfhdCgsMQUL+vjYhBKP4D
RFfc5Kbi9n35/Ok1hU9dTJz51Yjs6tEsfWkp1hp0U6BbEO/pn3Cb5EsdAl66/dOp
8hQchAGBjD/NolMH7Wu7kbEGL2cuVjYrDGnNilCs/l4/Ey6xLwoGUk5YEJxyrOK6
nliWMX4Dy6zbQ94yMvPn+RVJQ00VjeZflPwg7sid38YT9tvtK3GxNxpeWEU=
-----END CERTIFICATE-----