Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80fde044-7f2e-4850-aff4-b6d144fa2852.roa
File:                     80fde044-7f2e-4850-aff4-b6d144fa2852.roa (raw, json)
Hash identifier:          om7kpRQhp+Oexfbm+NeN/IhkUPP26u+26noboW64bNc=
Subject key identifier:   B4:4B:D1:F1:36:5D:BB:95:07:55:F2:FF:61:1A:BF:7B:75:DF:2E:A0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77B1F7DEA9332D7A27A0077AD37481CF3A12C51F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80fde044-7f2e-4850-aff4-b6d144fa2852.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        195.38.28.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:b1:f7:de:a9:33:2d:7a:27:a0:07:7a:d3:74:81:cf:3a:12:c5:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=59df17d8f9b11c9597c1e6a70a137451a38144fa09b9f499b6812fd00bf8fbf2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f9:83:61:98:a9:2d:7b:75:81:f0:ce:4c:f2:
                    8f:c9:0b:a6:40:6e:d7:bc:73:6b:23:c1:9e:fa:dd:
                    f3:6c:65:c6:ef:4b:e5:f8:16:a0:59:a0:6d:f8:d9:
                    d8:78:b5:3d:46:9e:8d:36:ab:37:2e:09:04:91:e6:
                    ae:af:67:81:c6:81:8c:2d:17:17:02:86:99:16:67:
                    ed:6c:ba:68:76:ce:7c:85:65:d2:84:60:6c:ac:b2:
                    cc:2f:b4:fa:05:4e:9d:f0:85:28:1b:e7:0a:b0:d8:
                    73:22:f0:87:83:76:5d:f8:9a:55:b6:72:c9:0e:67:
                    c7:e2:e3:12:41:44:34:19:73:38:c1:6b:22:ca:6e:
                    69:9d:fb:9e:65:a7:ef:e7:75:c4:b2:a6:dd:4f:fe:
                    8f:96:42:c2:ec:b0:04:d7:3c:02:d3:38:14:af:6c:
                    95:60:64:86:bb:ed:7d:27:78:86:f4:19:8b:07:2c:
                    22:19:64:83:66:a5:63:d3:00:1c:86:3f:76:8f:0a:
                    45:8e:9d:f5:fc:45:ee:bb:7c:0e:d3:90:f6:50:e9:
                    c9:9d:3b:0b:93:d3:58:49:d9:8f:ac:28:a7:e9:76:
                    3a:7e:72:6c:3b:93:0c:10:24:8b:f3:60:9c:19:6b:
                    d8:1a:45:2e:f9:c9:9e:43:d8:d3:31:0d:6f:cc:b3:
                    01:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:4B:D1:F1:36:5D:BB:95:07:55:F2:FF:61:1A:BF:7B:75:DF:2E:A0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/80fde044-7f2e-4850-aff4-b6d144fa2852.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.38.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:b4:14:e3:00:da:8f:af:26:63:69:b3:50:d0:3f:2a:51:ee:
         8f:a5:8b:f6:09:62:ac:97:50:bc:e5:88:0b:99:d0:bb:3e:68:
         8c:94:e2:38:55:90:75:59:21:e2:26:97:e4:1a:31:25:17:60:
         9d:8e:8a:cd:51:b8:99:8f:fc:c0:15:f4:a5:e0:0d:75:5e:4b:
         0a:44:49:49:1c:7a:10:05:b7:5c:ef:14:3a:d4:d2:7b:08:59:
         c7:e3:a0:c9:20:5e:08:a6:28:37:c0:ac:91:b1:60:1c:07:3e:
         1f:9d:de:1b:c9:19:e1:eb:20:82:ee:94:a9:f9:7e:e3:f0:e7:
         73:1e:64:96:9a:0c:73:05:99:5a:3e:50:71:ee:2a:95:bf:c0:
         e1:b7:60:1d:8f:3f:53:53:06:8f:3c:d4:68:a4:1a:10:4a:e9:
         d3:5e:62:3a:be:ed:fb:4b:87:79:f3:de:82:b9:a6:83:8b:9d:
         b7:a6:26:99:3b:a3:4a:d3:7a:a5:29:01:fc:61:23:18:82:a4:
         ed:99:2f:8e:41:1d:d6:98:b9:57:a1:1a:e7:07:e0:12:2c:5d:
         d4:26:f5:97:f5:d6:18:37:90:c5:9e:ce:94:3a:fb:bd:d4:a3:
         9b:6e:d4:77:b0:6b:07:5b:f7:c9:ca:d4:d3:c6:3d:86:15:93:
         11:03:d5:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd7H33qkzLXonoAd603SBzzoSxR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWRmMTdkOGY5YjExYzk1OTdjMWU2YTcwYTEzNzQ1MWEz
ODE0NGZhMDliOWY0OTliNjgxMmZkMDBiZjhmYmYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3+YNhmKkte3WB8M5M8o/JC6ZAbte8c2sjwZ763fNsZcbv
S+X4FqBZoG342dh4tT1Gno02qzcuCQSR5q6vZ4HGgYwtFxcChpkWZ+1sumh2znyF
ZdKEYGyssswvtPoFTp3whSgb5wqw2HMi8IeDdl34mlW2cskOZ8fi4xJBRDQZczjB
ayLKbmmd+55lp+/ndcSypt1P/o+WQsLssATXPALTOBSvbJVgZIa77X0neIb0GYsH
LCIZZINmpWPTAByGP3aPCkWOnfX8Re67fA7TkPZQ6cmdOwuT01hJ2Y+sKKfpdjp+
cmw7kwwQJIvzYJwZa9gaRS75yZ5D2NMxDW/MswEtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtEvR8TZdu5UHVfL/YRq/e3XfLqAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgwZmRlMDQ0LTdmMmUtNDg1MC1hZmY0LWI2ZDE0NGZhMjg1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAHDJhwwDQYJKoZIhvcNAQELBQADggEBAGi0FOMA2o+vJmNps1DQPypR7o+l
i/YJYqyXULzliAuZ0Ls+aIyU4jhVkHVZIeIml+QaMSUXYJ2Ois1RuJmP/MAV9KXg
DXVeSwpESUkcehAFt1zvFDrU0nsIWcfjoMkgXgimKDfArJGxYBwHPh+d3hvJGeHr
IILulKn5fuPw53MeZJaaDHMFmVo+UHHuKpW/wOG3YB2PP1NTBo881GikGhBK6dNe
Yjq+7ftLh3nz3oK5poOLnbemJpk7o0rTeqUpAfxhIxiCpO2ZL45BHdaYuVehGucH
4BIsXdQm9Zf11hg3kMWezpQ6+73Uo5tu1Hewawdb98nK1NPGPYYVkxED1VA=
-----END CERTIFICATE-----