Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b406694-fbe2-446c-827c-7c5ba86ef535.roa
File:                     6b406694-fbe2-446c-827c-7c5ba86ef535.roa (raw, json)
Hash identifier:          M9M1AGOaTvBYtRMOViojCrQk8v+Wk1s/mUO86dh+ipU=
Subject key identifier:   51:6D:C6:B4:08:F4:AE:8E:D1:1E:1B:C7:20:1B:05:A2:50:D9:5F:6C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4FC8B8AFAC72EC90B50934521FE8F3F1CA622479
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b406694-fbe2-446c-827c-7c5ba86ef535.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        57.248.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:c8:b8:af:ac:72:ec:90:b5:09:34:52:1f:e8:f3:f1:ca:62:24:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:78:40:0b:82:ea:f2:a2:b7:45:e5:bc:f8:71:
                    a4:4c:f7:98:2d:91:2a:ba:95:a8:9d:3d:ce:5b:7b:
                    e4:62:b0:48:b1:29:27:e8:05:d6:70:c3:c9:79:50:
                    9e:cb:9e:f9:1f:17:85:2a:6a:11:e5:ca:48:98:f0:
                    9c:c0:5f:3f:8e:38:7b:5d:66:41:ac:2b:7a:5b:81:
                    08:d0:f8:89:6e:89:51:4d:6b:a3:4f:55:fb:e3:d8:
                    02:af:7a:c7:1d:28:2b:d5:bd:29:25:db:e9:e7:85:
                    cf:ed:34:96:bb:39:08:17:72:a9:0f:f4:61:09:c4:
                    08:5f:af:89:e1:65:5d:88:b1:7d:eb:4a:66:13:73:
                    68:3b:f9:da:31:51:ac:26:de:dd:5d:97:db:dd:74:
                    27:3a:42:22:7a:ab:06:ab:99:dd:b4:fd:70:cf:41:
                    d0:b6:5f:1c:b5:35:67:04:95:2c:d1:f1:c2:74:00:
                    a6:72:d7:f6:ac:e3:0f:ee:e6:1c:94:53:35:bb:13:
                    c1:6b:64:ba:e8:24:5f:02:c7:52:4d:fa:51:a2:21:
                    7a:a3:1d:f5:26:05:4e:45:f5:d5:b2:a8:09:1c:a0:
                    03:f9:98:fc:70:18:68:13:81:40:43:48:3b:59:89:
                    41:0a:84:04:49:6c:36:2d:ee:75:65:e3:87:e0:c4:
                    fb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:6D:C6:B4:08:F4:AE:8E:D1:1E:1B:C7:20:1B:05:A2:50:D9:5F:6C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6b406694-fbe2-446c-827c-7c5ba86ef535.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.248.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:74:8c:b2:7f:28:33:01:6e:67:4c:e9:b8:d4:f9:e3:19:b0:
         e2:78:96:60:c6:2d:e8:23:7b:65:cd:58:7f:d5:46:71:64:86:
         62:3f:de:25:6c:0c:d1:6a:c6:f8:e8:0e:98:a1:28:6f:64:e4:
         b0:03:7c:7d:37:b2:9f:b5:2f:ba:7f:58:be:ea:2b:fb:9a:95:
         f7:b9:d3:57:be:7e:93:8b:66:00:74:9d:dd:49:7f:ec:54:c3:
         ce:ef:b3:44:49:0f:93:a8:7b:9c:3f:5c:9b:aa:98:6d:65:65:
         2a:5b:4d:ee:8a:59:99:8a:76:ed:22:26:6a:a1:87:e0:e2:94:
         df:e3:f2:a1:fa:7e:69:d6:57:03:32:14:c4:05:d5:6f:52:07:
         bb:60:ad:fb:e4:db:ac:e4:a3:a4:60:e9:53:d3:1d:7c:b1:22:
         5f:97:9b:46:c7:ec:00:7a:62:1c:2f:ea:dd:64:39:3e:4b:2c:
         3e:7c:01:94:dd:a5:bb:f1:8b:8e:94:52:f5:c9:1b:e4:63:7f:
         ed:23:7b:ab:0a:67:da:bb:88:91:31:cd:76:4a:9e:42:2b:89:
         6f:32:2f:24:76:0a:84:1e:c2:dc:90:4b:93:c7:f4:4c:49:70:
         b5:f8:8b:17:7b:cc:dc:6a:97:0c:9e:02:79:d0:3b:d2:e1:e9:
         d7:c3:76:a1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUT8i4r6xy7JC1CTRSH+jz8cpiJHkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmM0YzM3YThlM2RmMTI4MDdjMmQ5MTJhZWJmNTM1ODll
ZTIyN2YyY2JlYzExYmRmNzk4ODY0MjY3MGIxY2YzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgeEALguryordF5bz4caRM95gtkSq6laidPc5be+RisEix
KSfoBdZww8l5UJ7LnvkfF4UqahHlykiY8JzAXz+OOHtdZkGsK3pbgQjQ+IluiVFN
a6NPVfvj2AKvescdKCvVvSkl2+nnhc/tNJa7OQgXcqkP9GEJxAhfr4nhZV2IsX3r
SmYTc2g7+doxUawm3t1dl9vddCc6QiJ6qwarmd20/XDPQdC2Xxy1NWcElSzR8cJ0
AKZy1/as4w/u5hyUUzW7E8FrZLroJF8Cx1JN+lGiIXqjHfUmBU5F9dWyqAkcoAP5
mPxwGGgTgUBDSDtZiUEKhARJbDYt7nVl44fgxPuHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUW3GtAj0ro7RHhvHIBsFolDZX2wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZiNDA2Njk0LWZiZTItNDQ2Yy04MjdjLTdjNWJhODZlZjUzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA5+DANBgkqhkiG9w0BAQsFAAOCAQEAsnSMsn8oMwFuZ0zpuNT54xmw4niW
YMYt6CN7Zc1Yf9VGcWSGYj/eJWwM0WrG+OgOmKEob2TksAN8fTeyn7Uvun9Yvuor
+5qV97nTV75+k4tmAHSd3Ul/7FTDzu+zREkPk6h7nD9cm6qYbWVlKltN7opZmYp2
7SImaqGH4OKU3+Pyofp+adZXAzIUxAXVb1IHu2Ct++TbrOSjpGDpU9MdfLEiX5eb
RsfsAHpiHC/q3WQ5PkssPnwBlN2lu/GLjpRS9ckb5GN/7SN7qwpn2ruIkTHNdkqe
QiuJbzIvJHYKhB7C3JBLk8f0TElwtfiLF3vM3GqXDJ4CedA70uHp18N2oQ==
-----END CERTIFICATE-----