Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76caef13-32fa-47e5-baec-6e716eac1f78.roa
File:                     76caef13-32fa-47e5-baec-6e716eac1f78.roa (raw, json)
Hash identifier:          wKMYK7UqjHuKCCl0gnipoV8vWW3BX9kHWlY2XJbCcJg=
Subject key identifier:   1C:D9:1D:FE:2C:FC:62:64:16:FF:92:CB:B5:8C:9C:BC:C7:F3:6D:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D84E6451CB8D05CB1367D294F80A06EB56DDC19
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76caef13-32fa-47e5-baec-6e716eac1f78.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.97.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:84:e6:45:1c:b8:d0:5c:b1:36:7d:29:4f:80:a0:6e:b5:6d:dc:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5c:cc:cf:8f:15:5a:49:0e:2d:a1:f4:98:61:
                    99:60:d0:a6:6d:ca:eb:93:69:53:f4:62:77:5b:b0:
                    91:20:d5:bd:6b:ff:75:01:30:29:d9:c9:4d:05:c8:
                    8e:48:64:29:1c:84:c9:ee:aa:1d:1c:c6:44:f4:86:
                    40:60:22:b8:04:9e:10:88:fb:29:b6:66:c8:db:00:
                    3c:cd:fe:6b:6d:41:b5:44:4a:af:cc:a2:58:40:23:
                    72:8f:57:55:1a:b7:5f:8e:7b:33:13:cf:7d:e2:c5:
                    0b:5a:d5:1a:2e:4a:12:2e:04:64:82:bd:27:33:7d:
                    28:92:47:67:75:a4:e6:b4:c3:0f:6c:f0:e7:2c:f2:
                    17:72:8e:b1:2a:c5:39:7f:c6:77:fa:59:b2:ce:de:
                    fa:be:00:33:f6:20:f2:e1:9b:a1:70:84:df:3b:93:
                    0c:3b:11:d8:e0:b7:bf:6b:5f:c6:97:65:23:e9:b9:
                    84:d3:54:84:ff:29:50:89:f5:00:56:0b:0a:58:a8:
                    2a:38:39:9c:68:6e:54:9a:2e:a1:bf:b0:9e:a6:eb:
                    fe:f7:ed:99:62:42:4c:18:ef:db:69:09:f3:ff:36:
                    b5:10:00:d0:1c:c5:f6:c4:1a:03:c8:b2:35:52:c8:
                    dd:5c:b2:7d:53:df:9d:00:52:af:3f:bd:4f:f9:4c:
                    17:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:D9:1D:FE:2C:FC:62:64:16:FF:92:CB:B5:8C:9C:BC:C7:F3:6D:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/76caef13-32fa-47e5-baec-6e716eac1f78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.97.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         ce:dd:53:5a:bc:5e:5c:77:b6:b3:71:b7:ac:3d:03:1f:18:2c:
         76:c5:87:b3:54:11:91:d8:d8:23:74:df:88:17:f8:01:00:bc:
         95:2a:d0:3b:e1:e2:37:98:85:c1:a7:87:6b:3b:bb:5b:70:30:
         e9:b1:76:4c:a0:67:97:e4:a1:6d:24:2e:85:89:90:67:94:f0:
         b0:23:77:29:fd:f0:f5:d9:59:95:de:25:6e:86:fe:70:5d:af:
         d7:4b:61:bf:3d:c4:65:4f:9b:4b:4f:be:9f:9d:a6:0a:2b:cc:
         85:cd:7a:ae:1e:fd:cd:62:5f:3d:59:53:d7:07:6a:8c:f9:e1:
         25:84:fd:e7:dc:12:8d:5c:16:b0:52:82:b9:20:75:74:4b:85:
         4b:14:fe:b5:a9:f3:38:7f:ea:db:97:fb:ef:b0:06:32:5b:ad:
         c3:a5:6e:a1:cb:f1:a7:aa:d4:ad:55:22:4a:6c:6c:58:56:6e:
         5b:99:70:79:3c:05:05:3b:cb:74:ef:5e:e1:05:e0:9b:93:63:
         10:db:9b:9e:ec:a8:32:d1:3b:6e:0d:fb:c1:33:b6:9b:67:94:
         79:07:35:15:e2:f3:a2:3a:4d:34:24:e3:06:cc:0e:3b:0c:ee:
         e5:a9:40:38:e3:13:e4:1b:6e:6c:cc:a7:45:a5:72:e1:60:dd:
         6e:b2:86:36
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbYTmRRy40FyxNn0pT4CgbrVt3BkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhY2VlYTZjNjBmNTE5MjFlNDk3NGE3NzA1ZjljYzRkYTVj
MGVmZjVhMjEyMWEyZjJlOWQzOTZlNmU0MDk2ZjUxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqXMzPjxVaSQ4tofSYYZlg0KZtyuuTaVP0YndbsJEg1b1r
/3UBMCnZyU0FyI5IZCkchMnuqh0cxkT0hkBgIrgEnhCI+ym2ZsjbADzN/mttQbVE
Sq/MolhAI3KPV1Uat1+OezMTz33ixQta1RouShIuBGSCvSczfSiSR2d1pOa0ww9s
8Ocs8hdyjrEqxTl/xnf6WbLO3vq+ADP2IPLhm6FwhN87kww7Edjgt79rX8aXZSPp
uYTTVIT/KVCJ9QBWCwpYqCo4OZxoblSaLqG/sJ6m6/737ZliQkwY79tpCfP/NrUQ
ANAcxfbEGgPIsjVSyN1csn1T350AUq8/vU/5TBd7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHNkd/iz8YmQW/5LLtYycvMfzbbcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc2Y2FlZjEzLTMyZmEtNDdlNS1iYWVjLTZlNzE2ZWFjMWY3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfYYQAwDQYJKoZIhvcNAQELBQADggEBAM7dU1q8Xlx3trNxt6w9Ax8YLHbF
h7NUEZHY2CN034gX+AEAvJUq0Dvh4jeYhcGnh2s7u1twMOmxdkygZ5fkoW0kLoWJ
kGeU8LAjdyn98PXZWZXeJW6G/nBdr9dLYb89xGVPm0tPvp+dpgorzIXNeq4e/c1i
Xz1ZU9cHaoz54SWE/efcEo1cFrBSgrkgdXRLhUsU/rWp8zh/6tuX+++wBjJbrcOl
bqHL8aeq1K1VIkpsbFhWbluZcHk8BQU7y3TvXuEF4JuTYxDbm57sqDLRO24N+8Ez
tptnlHkHNRXi86I6TTQk4wbMDjsM7uWpQDjjE+QbbmzMp0WlcuFg3W6yhjY=
-----END CERTIFICATE-----