Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f1676d-5a3b-4ee9-a5a0-8e6a6b89e408.roa
File:                     71f1676d-5a3b-4ee9-a5a0-8e6a6b89e408.roa (raw, json)
Hash identifier:          kat2TG1WjyiE/lRhSdzVybzqJ85MVFkV6Bxf/TG5EJk=
Subject key identifier:   88:C7:0C:F6:01:A4:61:46:58:AD:37:B1:2A:D4:C1:3F:30:D2:83:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       36D398757EBA7BD63D60165686AD6576777D18FA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f1676d-5a3b-4ee9-a5a0-8e6a6b89e408.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.113.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:d3:98:75:7e:ba:7b:d6:3d:60:16:56:86:ad:65:76:77:7d:18:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=5b896c4badc192f2f0231b609e6ed086feaddf643c2e111ff084f1bc9d2ce491, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:04:fd:4a:db:ff:5d:d0:db:19:3d:72:34:e7:
                    d0:67:39:29:d1:b5:33:b1:9d:11:1b:38:c8:82:4a:
                    62:bb:ed:c5:77:c9:de:c8:fb:e8:06:7a:ed:e2:52:
                    07:b3:af:02:1d:e5:72:da:da:3e:79:f8:7c:e8:45:
                    17:cc:f3:35:90:28:2d:e2:f1:65:c1:03:12:7f:59:
                    58:f1:f5:bc:5b:33:6b:0e:2b:5b:e7:e3:38:75:d9:
                    0b:1c:2f:8b:ab:87:33:26:36:ef:7f:fa:f8:32:a5:
                    dc:af:66:44:1e:39:63:a8:35:69:07:52:88:7e:aa:
                    9e:0c:cc:fa:1c:35:47:05:c3:d0:09:36:88:61:68:
                    c5:21:0b:11:74:9b:5b:ea:65:d4:78:a1:86:11:74:
                    9d:8b:c7:6c:24:03:ba:ec:4f:a6:e1:69:05:88:68:
                    77:53:09:8a:ea:6b:e1:52:3b:3d:bc:f8:47:00:fb:
                    ba:57:b2:40:21:c7:0c:10:fa:f2:44:38:8c:20:d1:
                    75:08:49:ff:79:4d:11:6f:ae:04:cd:1c:aa:22:b5:
                    cb:03:f6:75:f5:9c:33:d3:41:cd:ae:2d:4c:4b:95:
                    2a:e6:b4:24:ef:c1:15:70:89:1b:bb:7b:30:af:75:
                    fb:bb:4c:52:31:f5:ff:24:e3:3b:25:1e:90:e4:83:
                    bf:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:C7:0C:F6:01:A4:61:46:58:AD:37:B1:2A:D4:C1:3F:30:D2:83:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71f1676d-5a3b-4ee9-a5a0-8e6a6b89e408.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.113.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cf:15:a7:3c:b7:80:9e:1b:da:8d:50:da:36:ac:6d:38:76:c3:
         7b:55:ef:23:6b:c1:7c:ce:e0:20:16:ff:05:2f:36:45:47:e9:
         22:07:67:4c:19:c1:36:61:7a:d0:94:79:4a:79:f6:67:77:b0:
         27:ca:a6:f7:0e:06:71:1c:c0:72:1b:6b:66:5e:78:6b:25:18:
         10:0a:d5:76:51:a1:03:df:b9:5d:bb:fa:6a:20:c7:c5:92:f5:
         2b:45:40:d1:d0:e6:aa:0e:1e:84:42:f6:b2:46:81:e9:d5:a6:
         fd:5e:f4:7e:04:88:d1:4a:e0:07:91:9a:15:e0:41:a9:7f:92:
         af:ae:07:38:1f:d5:64:1b:29:7a:71:d4:66:b4:dd:9b:32:7c:
         ad:b2:c7:13:da:38:cc:98:4e:67:b2:05:37:b4:a9:07:a4:9d:
         11:fa:f4:8d:bd:97:6a:c8:a9:f9:22:62:7d:79:6c:7b:8f:fb:
         ff:08:4a:95:df:86:99:84:0b:18:87:be:9d:24:83:fb:a6:d0:
         5e:6d:c1:a5:ab:90:76:5d:de:b8:64:42:c5:f9:93:9b:69:28:
         17:7a:0d:58:85:04:29:d5:3b:68:ad:a0:7c:f2:fc:02:47:0a:
         36:f1:90:db:6e:66:e0:c0:0e:c6:d5:1a:f3:9b:9b:9c:00:22:
         c3:a8:d2:13
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNtOYdX66e9Y9YBZWhq1ldnd9GPowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Yjg5NmM0YmFkYzE5MmYyZjAyMzFiNjA5ZTZlZDA4NmZl
YWRkZjY0M2MyZTExMWZmMDg0ZjFiYzlkMmNlNDkxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiBP1K2/9d0NsZPXI059BnOSnRtTOxnREbOMiCSmK77cV3
yd7I++gGeu3iUgezrwId5XLa2j55+HzoRRfM8zWQKC3i8WXBAxJ/WVjx9bxbM2sO
K1vn4zh12QscL4urhzMmNu9/+vgypdyvZkQeOWOoNWkHUoh+qp4MzPocNUcFw9AJ
NohhaMUhCxF0m1vqZdR4oYYRdJ2Lx2wkA7rsT6bhaQWIaHdTCYrqa+FSOz28+EcA
+7pXskAhxwwQ+vJEOIwg0XUISf95TRFvrgTNHKoitcsD9nX1nDPTQc2uLUxLlSrm
tCTvwRVwiRu7ezCvdfu7TFIx9f8k4zslHpDkg79NAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiMcM9gGkYUZYrTexKtTBPzDSg/4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxZjE2NzZkLTVhM2ItNGVlOS1hNWEwLThlNmE2Yjg5ZTQwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2cTANBgkqhkiG9w0BAQsFAAOCAQEAzxWnPLeAnhvajVDaNqxtOHbDe1Xv
I2vBfM7gIBb/BS82RUfpIgdnTBnBNmF60JR5Snn2Z3ewJ8qm9w4GcRzAchtrZl54
ayUYEArVdlGhA9+5Xbv6aiDHxZL1K0VA0dDmqg4ehEL2skaB6dWm/V70fgSI0Urg
B5GaFeBBqX+Sr64HOB/VZBspenHUZrTdmzJ8rbLHE9o4zJhOZ7IFN7SpB6SdEfr0
jb2Xasip+SJifXlse4/7/whKld+GmYQLGIe+nSSD+6bQXm3BpauQdl3euGRCxfmT
m2koF3oNWIUEKdU7aK2gfPL8AkcKNvGQ225m4MAOxtUa85ubnAAiw6jSEw==
-----END CERTIFICATE-----