Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85521f76-acf2-48af-b5b8-89d70851258b.roa
File:                     85521f76-acf2-48af-b5b8-89d70851258b.roa (raw, json)
Hash identifier:          bdJKUx+T55RzBFornZsC18dplRm1g1rARhRybp9iTPw=
Subject key identifier:   1E:A6:EF:3E:F6:69:13:94:56:E4:9F:94:5C:93:84:E2:91:D5:43:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6372AEBCA4CBA626ABB0EA8FB1251AC54A85C424
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85521f76-acf2-48af-b5b8-89d70851258b.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        184.72.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:72:ae:bc:a4:cb:a6:26:ab:b0:ea:8f:b1:25:1a:c5:4a:85:c4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=37eaa3e58fb2bf20159949190629271f1d2a18466d3507f7ac0d6a1705e32d01, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6e:76:e9:4f:42:8c:de:11:fe:1f:0c:6f:5b:
                    92:cc:53:22:aa:90:f2:f5:8c:b9:81:3d:30:d9:9c:
                    20:43:6c:17:83:10:81:d6:3a:0b:a7:fe:58:5f:27:
                    d1:ae:5b:f3:43:b5:63:9e:99:b5:31:9c:81:0f:b8:
                    54:c0:ba:88:96:e4:ac:bc:fa:61:17:75:4f:35:35:
                    63:46:c3:1b:76:8b:14:be:12:bb:5a:18:f6:2f:bd:
                    8a:cc:43:49:c0:10:fe:da:e1:73:75:a1:be:ae:5b:
                    99:e8:5f:f5:e2:d8:9a:6f:5e:79:8f:20:a2:42:5b:
                    36:9d:16:54:7d:3f:25:c0:c2:ff:f4:36:76:53:89:
                    0f:6a:df:44:fa:2d:13:73:74:1b:d8:c2:28:11:a9:
                    bc:f8:c1:51:5c:87:45:89:7b:f5:fd:b1:71:57:9e:
                    2b:ca:67:46:be:32:ea:65:04:67:64:0f:2d:ee:90:
                    1f:3b:21:f9:0e:ee:2d:20:d7:bc:f5:65:ef:c0:9f:
                    2e:0c:d4:d8:08:a1:f0:eb:bb:33:41:49:c9:2a:4b:
                    f5:0e:86:82:51:6a:a7:6c:e0:5d:ba:d6:e9:d5:ad:
                    47:ac:62:c1:fa:62:55:ee:e4:6b:49:5d:1c:4f:87:
                    97:2c:cd:ef:02:de:0f:49:f1:f0:fa:42:43:b8:e2:
                    05:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:A6:EF:3E:F6:69:13:94:56:E4:9F:94:5C:93:84:E2:91:D5:43:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85521f76-acf2-48af-b5b8-89d70851258b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  184.72.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ac:10:d8:a1:00:6b:78:1c:db:5e:2d:a3:4d:7d:e5:d8:35:5a:
         da:6e:26:ab:50:ec:2e:db:49:2d:2d:f3:67:a6:53:16:13:c5:
         4e:51:91:8c:78:1e:16:75:a4:f0:71:e5:f1:5c:bc:9e:95:34:
         f4:33:ab:4a:f1:87:b6:d5:15:a1:d3:9c:b7:88:6d:88:4a:d7:
         0f:96:32:43:80:19:01:47:e9:68:7c:c9:7f:a5:01:a6:b9:3e:
         85:db:24:fe:78:3c:13:6d:9f:78:63:97:02:76:31:bf:de:bb:
         b9:cc:63:56:7e:17:44:e9:69:0f:82:98:cb:a7:c0:76:ea:0d:
         9d:bf:55:64:3a:ed:c4:5f:e2:47:b2:89:9a:57:e5:6f:31:8a:
         08:c3:8a:26:0e:49:fb:57:ef:f3:78:9f:51:3c:88:bb:40:54:
         2a:bc:2c:ff:21:ef:2a:b7:10:74:d5:19:f7:b2:f6:89:ca:6f:
         b1:9a:fd:75:18:f2:96:a5:51:6d:ee:52:8c:5f:44:cf:c7:ed:
         dd:ea:e4:31:5c:e5:e7:24:5f:2b:ca:a4:51:da:36:e2:ca:58:
         a0:87:37:f9:b1:b2:3a:6a:1a:9f:35:10:64:b3:7e:23:d8:7e:
         39:d8:e1:9a:b0:00:d4:32:ff:6c:2b:18:c9:5d:31:6b:36:b1:
         c3:09:43:20
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY3KuvKTLpiarsOqPsSUaxUqFxCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzN2VhYTNlNThmYjJiZjIwMTU5OTQ5MTkwNjI5MjcxZjFk
MmExODQ2NmQzNTA3ZjdhYzBkNmExNzA1ZTMyZDAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDObnbpT0KM3hH+HwxvW5LMUyKqkPL1jLmBPTDZnCBDbBeD
EIHWOgun/lhfJ9GuW/NDtWOembUxnIEPuFTAuoiW5Ky8+mEXdU81NWNGwxt2ixS+
ErtaGPYvvYrMQ0nAEP7a4XN1ob6uW5noX/Xi2JpvXnmPIKJCWzadFlR9PyXAwv/0
NnZTiQ9q30T6LRNzdBvYwigRqbz4wVFch0WJe/X9sXFXnivKZ0a+MuplBGdkDy3u
kB87IfkO7i0g17z1Ze/Any4M1NgIofDruzNBSckqS/UOhoJRaqds4F261unVrUes
YsH6YlXu5GtJXRxPh5csze8C3g9J8fD6QkO44gV5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUHqbvPvZpE5RW5J+UXJOE4pHVQ/UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1NTIxZjc2LWFjZjItNDhhZi1iNWI4LTg5ZDcwODUxMjU4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwG4SDANBgkqhkiG9w0BAQsFAAOCAQEArBDYoQBreBzbXi2jTX3l2DVa2m4m
q1DsLttJLS3zZ6ZTFhPFTlGRjHgeFnWk8HHl8Vy8npU09DOrSvGHttUVodOct4ht
iErXD5YyQ4AZAUfpaHzJf6UBprk+hdsk/ng8E22feGOXAnYxv967ucxjVn4XROlp
D4KYy6fAduoNnb9VZDrtxF/iR7KJmlflbzGKCMOKJg5J+1fv83ifUTyIu0BUKrws
/yHvKrcQdNUZ97L2icpvsZr9dRjylqVRbe5SjF9Ez8ft3erkMVzl5yRfK8qkUdo2
4spYoIc3+bGyOmoanzUQZLN+I9h+OdjhmrAA1DL/bCsYyV0xazaxwwlDIA==
-----END CERTIFICATE-----