Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a9da140-973c-4fd4-b572-92486de0d261.roa
File:                     6a9da140-973c-4fd4-b572-92486de0d261.roa (raw, json)
Hash identifier:          o58HGFKBg+O6MDOYJ6ci2zBLKVU4nc0r8Yp5sKgeVXs=
Subject key identifier:   FA:88:E8:74:DA:5F:AE:C0:39:D7:49:F7:6A:F0:54:35:F6:5D:31:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       62D3E50CE0DBFA270822FE1F39DCB54C3CFE7F39
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a9da140-973c-4fd4-b572-92486de0d261.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        76.211.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:d3:e5:0c:e0:db:fa:27:08:22:fe:1f:39:dc:b5:4c:3c:fe:7f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=eea7ccc73ea57a9ae7041e43014c46b1bafd778da6ef6c394a82b79c6ff0ade9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:cc:e0:cb:d6:a8:52:00:c6:78:78:f0:ef:0a:
                    4d:c6:c2:b6:81:f7:90:09:13:25:b2:c6:fa:61:43:
                    70:30:23:2c:b2:0e:cf:b2:24:62:eb:88:fa:0b:ab:
                    7f:5b:4f:f2:2f:4c:f9:a7:13:d3:03:94:e9:c8:2e:
                    58:ea:88:55:ed:78:0a:7a:61:b0:1f:bb:38:be:f5:
                    7d:d7:a3:ee:94:a0:d9:d6:a4:db:a6:6f:88:9d:92:
                    54:21:10:d3:cf:93:ef:a5:81:3d:30:ab:28:f5:58:
                    87:f5:51:58:5b:c3:f7:e0:f4:18:fd:c8:97:6c:a0:
                    ba:c4:c5:93:f2:43:9f:3c:92:1c:b9:6d:a4:f8:ab:
                    6c:04:54:ff:19:d0:05:34:c6:6d:1d:84:06:c7:8c:
                    d9:33:35:2c:ba:9d:aa:a5:f4:a1:0c:e0:b5:c4:ec:
                    e1:24:dd:78:6c:15:31:34:18:9d:8d:9f:50:d7:04:
                    d6:ad:0e:e4:7d:93:83:14:98:c2:6f:8e:a9:e5:e0:
                    06:e0:97:e4:45:00:7c:0a:ff:7f:80:0b:19:1f:d0:
                    08:54:ef:78:e6:ea:92:af:10:30:49:8f:98:e0:ff:
                    4d:a9:04:7d:6a:3d:e5:66:fb:3b:6e:4a:3f:23:da:
                    eb:a8:94:94:1e:af:4d:56:79:11:d4:e7:9a:0c:91:
                    f3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:88:E8:74:DA:5F:AE:C0:39:D7:49:F7:6A:F0:54:35:F6:5D:31:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6a9da140-973c-4fd4-b572-92486de0d261.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.211.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9b:cf:b4:53:0f:08:99:a6:23:aa:4f:14:2f:ef:d1:19:25:f1:
         ee:f1:3d:18:c8:21:fc:d4:5c:a0:d4:33:42:7b:c1:b8:1e:16:
         fc:21:67:7f:6f:19:c8:e9:14:b1:68:bb:0c:ae:14:78:03:45:
         9c:7e:dc:c1:ac:2a:74:a1:4d:81:c7:f8:b2:e6:46:f8:57:3b:
         5c:66:c9:50:cc:4a:5b:ed:53:f6:a2:0d:69:e1:29:70:1a:62:
         a9:51:24:e3:20:b7:36:0a:b0:af:ac:96:ff:3b:35:18:11:fa:
         60:2e:70:2f:38:f9:09:b8:84:c8:fe:d0:92:bf:00:80:25:e0:
         82:d2:f0:51:8d:ba:a5:65:de:49:69:b3:7d:f9:b6:68:d2:0e:
         8a:14:93:42:2e:ba:c4:64:a0:72:d8:4d:26:88:55:46:1f:5f:
         cf:99:36:77:13:05:b2:f7:34:97:8f:8c:a2:f3:4f:02:b9:cd:
         97:8c:57:44:4e:ef:d4:4d:71:1d:39:4b:e2:c7:ca:c9:8e:6b:
         4e:61:d8:c9:42:4e:3c:3d:44:f4:54:17:4a:cf:7d:83:8a:9a:
         49:93:51:0a:12:25:c3:3d:38:55:be:36:83:16:85:9e:d8:32:
         69:bd:67:bd:b9:24:ca:81:b1:4c:be:f1:2a:07:19:0c:f9:1c:
         56:eb:8c:33
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYtPlDODb+icIIv4fOdy1TDz+fzkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWE3Y2NjNzNlYTU3YTlhZTcwNDFlNDMwMTRjNDZiMWJh
ZmQ3NzhkYTZlZjZjMzk0YTgyYjc5YzZmZjBhZGU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqzODL1qhSAMZ4ePDvCk3GwraB95AJEyWyxvphQ3AwIyyy
Ds+yJGLriPoLq39bT/IvTPmnE9MDlOnILljqiFXteAp6YbAfuzi+9X3Xo+6UoNnW
pNumb4idklQhENPPk++lgT0wqyj1WIf1UVhbw/fg9Bj9yJdsoLrExZPyQ588khy5
baT4q2wEVP8Z0AU0xm0dhAbHjNkzNSy6naql9KEM4LXE7OEk3XhsFTE0GJ2Nn1DX
BNatDuR9k4MUmMJvjqnl4Abgl+RFAHwK/3+ACxkf0AhU73jm6pKvEDBJj5jg/02p
BH1qPeVm+ztuSj8j2uuolJQer01WeRHU55oMkfO1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+ojodNpfrsA510n3avBUNfZdMRMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZhOWRhMTQwLTk3M2MtNGZkNC1iNTcyLTkyNDg2ZGUwZDI2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZM0wAwDQYJKoZIhvcNAQELBQADggEBAJvPtFMPCJmmI6pPFC/v0Rkl8e7x
PRjIIfzUXKDUM0J7wbgeFvwhZ39vGcjpFLFouwyuFHgDRZx+3MGsKnShTYHH+LLm
RvhXO1xmyVDMSlvtU/aiDWnhKXAaYqlRJOMgtzYKsK+slv87NRgR+mAucC84+Qm4
hMj+0JK/AIAl4ILS8FGNuqVl3klps335tmjSDooUk0IuusRkoHLYTSaIVUYfX8+Z
NncTBbL3NJePjKLzTwK5zZeMV0RO79RNcR05S+LHysmOa05h2MlCTjw9RPRUF0rP
fYOKmkmTUQoSJcM9OFW+NoMWhZ7YMmm9Z725JMqBsUy+8SoHGQz5HFbrjDM=
-----END CERTIFICATE-----