Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c6d1f71-ca0a-44fe-8689-1129cdc5510d.roa
File:                     7c6d1f71-ca0a-44fe-8689-1129cdc5510d.roa (raw, json)
Hash identifier:          AnZ6XzuBsQoqFDH3b9W22EPJUq2kvAO9gFVBvqZojFg=
Subject key identifier:   DB:6B:A8:A6:8D:AE:43:84:B5:C7:D1:F0:5F:04:0B:DF:2B:3F:1F:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       534AA2042519CC278E119FF2FFDF19ADBB66047D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c6d1f71-ca0a-44fe-8689-1129cdc5510d.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        96.45.160.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:4a:a2:04:25:19:cc:27:8e:11:9f:f2:ff:df:19:ad:bb:66:04:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=8073d6e97ccc708770367c88f1ba3691e298f0faad74ef25bdfb50992ae7b5e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:18:13:56:91:1c:2f:83:55:23:4c:05:21:26:
                    33:98:41:89:c0:04:a9:3e:73:60:44:1d:34:80:8e:
                    be:69:49:14:3f:8d:ed:aa:30:3e:92:3d:8b:9c:a3:
                    ca:ae:34:43:3f:ca:30:95:a6:0d:34:b8:82:4d:36:
                    50:67:98:f0:3a:6c:2f:89:4f:f0:56:07:64:ac:2f:
                    c8:4e:7c:b6:5a:de:6f:cf:d8:3c:71:25:1a:4b:e1:
                    b1:74:20:e8:d7:8d:ab:c8:e1:86:9a:f9:a7:9d:76:
                    8a:ec:6c:09:61:c6:89:84:4f:7b:bc:66:83:e5:19:
                    d6:1c:91:91:70:39:91:2e:ad:30:e6:d3:c9:95:51:
                    88:46:45:31:1c:44:f4:2d:74:fc:52:87:4d:96:11:
                    99:f5:cc:61:f1:78:df:e0:cc:57:2f:24:ca:94:43:
                    96:3c:b9:c3:40:45:21:df:62:8b:49:7b:e3:bc:de:
                    bd:54:5f:ab:3d:b4:89:19:d3:0f:db:66:f2:ff:78:
                    17:99:29:a5:f7:04:76:2e:3d:f1:13:d2:3b:33:64:
                    93:75:2f:9f:66:1a:6a:a4:2e:ef:55:83:fe:5e:52:
                    d7:56:4f:b2:22:e4:30:59:69:ab:2a:5a:c3:7e:ef:
                    c6:71:88:eb:8c:5d:11:cf:09:d1:99:22:b7:0b:48:
                    a9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:6B:A8:A6:8D:AE:43:84:B5:C7:D1:F0:5F:04:0B:DF:2B:3F:1F:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7c6d1f71-ca0a-44fe-8689-1129cdc5510d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.45.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d2:18:cf:77:13:96:8a:a5:8c:57:f1:40:af:1b:ed:e4:15:27:
         79:a0:09:48:62:b8:82:04:c0:96:c4:34:27:34:78:9a:83:77:
         63:fb:cd:10:3f:78:0c:a0:3e:4f:77:42:8d:19:8a:b4:56:87:
         97:29:a4:0d:93:98:e1:e4:69:1b:8f:f9:e2:1c:6e:64:ed:58:
         ed:ce:f0:36:d1:a8:60:ac:b0:3e:e2:38:2d:2d:a6:6b:63:aa:
         e6:a0:f9:ed:4a:55:f3:45:4e:b7:59:dc:b2:f3:c3:7b:12:75:
         fa:e4:ba:a7:55:3d:88:c8:af:39:35:42:d5:2e:be:cf:e2:be:
         06:e2:f1:e0:ec:21:7a:8a:54:12:c6:f4:9a:7f:04:bd:42:db:
         4a:7e:54:0b:9b:0f:ac:a5:7a:d2:2d:e5:31:c0:d9:73:45:4e:
         88:81:83:12:2b:37:55:4d:cd:56:8e:d0:d7:ee:5f:c1:31:2a:
         7a:b7:0b:d0:78:5e:68:38:e6:d9:27:be:75:b0:2d:93:2a:dc:
         f8:33:18:58:62:84:83:0e:cd:99:70:dc:2d:0f:e6:f5:57:21:
         01:8d:18:5a:84:68:25:a6:7d:3a:96:e1:c3:3f:14:5e:b8:3b:
         69:e1:1b:34:10:25:f2:76:e0:f2:20:9f:72:e9:50:3a:70:e4:
         3c:ea:c4:c7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU0qiBCUZzCeOEZ/y/98ZrbtmBH0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDczZDZlOTdjY2M3MDg3NzAzNjdjODhmMWJhMzY5MWUy
OThmMGZhYWQ3NGVmMjViZGZiNTA5OTJhZTdiNWUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkGBNWkRwvg1UjTAUhJjOYQYnABKk+c2BEHTSAjr5pSRQ/
je2qMD6SPYuco8quNEM/yjCVpg00uIJNNlBnmPA6bC+JT/BWB2SsL8hOfLZa3m/P
2DxxJRpL4bF0IOjXjavI4Yaa+aeddorsbAlhxomET3u8ZoPlGdYckZFwOZEurTDm
08mVUYhGRTEcRPQtdPxSh02WEZn1zGHxeN/gzFcvJMqUQ5Y8ucNARSHfYotJe+O8
3r1UX6s9tIkZ0w/bZvL/eBeZKaX3BHYuPfET0jszZJN1L59mGmqkLu9Vg/5eUtdW
T7Ii5DBZaasqWsN+78ZxiOuMXRHPCdGZIrcLSKlZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU22uopo2uQ4S1x9HwXwQL3ys/H0kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjNmQxZjcxLWNhMGEtNDRmZS04Njg5LTExMjljZGM1NTEwZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARgLaAwDQYJKoZIhvcNAQELBQADggEBANIYz3cTloqljFfxQK8b7eQVJ3mg
CUhiuIIEwJbENCc0eJqDd2P7zRA/eAygPk93Qo0ZirRWh5cppA2TmOHkaRuP+eIc
bmTtWO3O8DbRqGCssD7iOC0tpmtjquag+e1KVfNFTrdZ3LLzw3sSdfrkuqdVPYjI
rzk1QtUuvs/ivgbi8eDsIXqKVBLG9Jp/BL1C20p+VAubD6yletIt5THA2XNFToiB
gxIrN1VNzVaO0NfuX8ExKnq3C9B4Xmg45tknvnWwLZMq3PgzGFhihIMOzZlw3C0P
5vVXIQGNGFqEaCWmfTqW4cM/FF64O2nhGzQQJfJ24PIgn3LpUDpw5DzqxMc=
-----END CERTIFICATE-----