Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bbf701c-c82a-4725-92d6-ec291f355b42.roa
File:                     7bbf701c-c82a-4725-92d6-ec291f355b42.roa (raw, json)
Hash identifier:          FYrW2KCw+Hg4r9259bSHehpr80p44DCUcHuGPt2pWp8=
Subject key identifier:   74:F1:CC:73:FB:40:A9:35:1E:29:B4:99:75:7D:90:9B:9E:53:79:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CDE94E145E46220D1290A8FCD29E1A22214823C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bbf701c-c82a-4725-92d6-ec291f355b42.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        63.176.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:de:94:e1:45:e4:62:20:d1:29:0a:8f:cd:29:e1:a2:22:14:82:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0c:9c:1e:ac:82:ed:0b:4e:3d:a1:cb:7c:88:
                    1c:e3:80:b7:55:be:88:ef:10:51:52:c0:4c:0f:52:
                    9d:ef:9f:f4:f1:20:65:d6:d3:fd:5d:8d:8a:0e:2d:
                    eb:f9:1e:76:0c:9f:c9:bb:b2:aa:6a:e6:08:30:67:
                    63:d4:45:b9:23:2d:30:67:64:95:e2:e2:8d:cc:e7:
                    82:f5:ef:01:37:58:05:14:d0:14:05:d2:b5:56:c2:
                    88:18:ed:c8:64:16:b8:c8:f3:83:0f:ee:68:7c:80:
                    05:07:02:75:56:a6:23:e5:70:e1:3f:a1:98:c6:c8:
                    59:96:20:1b:ba:ce:3c:27:cb:22:30:47:67:55:ac:
                    00:2c:aa:d0:6f:f6:50:54:62:46:a8:78:d8:b7:5f:
                    c1:8d:4a:f2:85:68:29:8f:45:7c:6d:27:5f:00:46:
                    16:a0:b2:9a:a3:cf:89:29:14:f9:7a:29:95:82:3c:
                    96:7f:15:e9:f9:39:c0:3c:f9:a9:8b:44:0d:0c:f9:
                    1e:d9:4a:35:a6:4f:e0:10:6a:f6:ff:0e:f9:fa:ad:
                    13:58:07:21:99:d8:f8:ab:ac:ec:a1:99:40:5d:d3:
                    3b:39:14:38:cc:1a:02:7a:84:ba:44:51:22:20:5c:
                    18:e4:08:4a:cd:89:98:04:14:6e:99:35:f1:1f:50:
                    9a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:F1:CC:73:FB:40:A9:35:1E:29:B4:99:75:7D:90:9B:9E:53:79:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7bbf701c-c82a-4725-92d6-ec291f355b42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         b2:8a:fd:fe:06:be:07:54:74:4b:8f:ae:1e:58:fc:33:66:53:
         95:96:8c:fb:6c:31:be:7f:aa:f6:f9:76:09:a0:1b:ab:95:26:
         2d:fc:34:70:b2:98:28:df:1e:92:43:a0:e2:e9:2d:1b:14:5f:
         73:d9:3b:c4:b0:4c:25:27:55:3a:78:b6:77:87:91:4a:aa:40:
         ea:a5:fa:a9:ed:ac:0b:29:22:84:21:f6:3e:2a:52:8a:79:27:
         d0:50:eb:14:2d:ef:6a:07:c0:ea:a4:ff:36:b1:16:22:08:2b:
         e1:9f:3b:3e:49:75:99:e6:c9:61:f5:23:64:f3:f4:81:1b:cf:
         96:50:a9:eb:12:7b:e8:f9:ad:a0:ab:92:e2:00:f7:b1:83:79:
         fb:a0:49:bb:16:cc:9a:c4:d3:20:76:dd:b6:76:48:7a:1e:85:
         50:2c:b0:da:7c:e5:36:c6:c9:66:94:00:21:87:26:f3:85:bd:
         bf:56:17:9a:4a:9d:e6:7b:ac:f7:b2:4c:94:46:26:b7:46:5e:
         ca:f9:cd:92:80:24:38:e5:37:bc:72:a6:c9:0b:48:bf:12:dd:
         90:66:a2:38:c7:54:3c:4b:47:ec:8d:61:49:cb:6c:a3:df:45:
         f9:26:93:f2:bf:df:0e:1d:ea:f7:81:6a:c4:2a:90:1b:c3:bc:
         98:da:b3:f0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTN6U4UXkYiDRKQqPzSnhoiIUgjwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTlkMjJlY2VkOTk0YWNmMDIxYmY0NWIxZjlhNjZkNmY5
ZThmNDhiMDQ3N2JjYzRiMTlmYjhhZTIxZjVlYzViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgDJwerILtC049oct8iBzjgLdVvojvEFFSwEwPUp3vn/Tx
IGXW0/1djYoOLev5HnYMn8m7sqpq5ggwZ2PURbkjLTBnZJXi4o3M54L17wE3WAUU
0BQF0rVWwogY7chkFrjI84MP7mh8gAUHAnVWpiPlcOE/oZjGyFmWIBu6zjwnyyIw
R2dVrAAsqtBv9lBUYkaoeNi3X8GNSvKFaCmPRXxtJ18ARhagspqjz4kpFPl6KZWC
PJZ/Fen5OcA8+amLRA0M+R7ZSjWmT+AQavb/Dvn6rRNYByGZ2PirrOyhmUBd0zs5
FDjMGgJ6hLpEUSIgXBjkCErNiZgEFG6ZNfEfUJr1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdPHMc/tAqTUeKbSZdX2Qm55TeaQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiYmY3MDFjLWM4MmEtNDcyNS05MmQ2LWVjMjkxZjM1NWI0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI/sDANBgkqhkiG9w0BAQsFAAOCAQEAsor9/ga+B1R0S4+uHlj8M2ZTlZaM
+2wxvn+q9vl2CaAbq5UmLfw0cLKYKN8ekkOg4uktGxRfc9k7xLBMJSdVOni2d4eR
SqpA6qX6qe2sCykihCH2PipSinkn0FDrFC3vagfA6qT/NrEWIggr4Z87Pkl1mebJ
YfUjZPP0gRvPllCp6xJ76PmtoKuS4gD3sYN5+6BJuxbMmsTTIHbdtnZIeh6FUCyw
2nzlNsbJZpQAIYcm84W9v1YXmkqd5nus97JMlEYmt0ZeyvnNkoAkOOU3vHKmyQtI
vxLdkGaiOMdUPEtH7I1hSctso99F+SaT8r/fDh3q94FqxCqQG8O8mNqz8A==
-----END CERTIFICATE-----