Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88f81cbb-80c4-43d5-b6e6-4bd4174853f2.roa
File:                     88f81cbb-80c4-43d5-b6e6-4bd4174853f2.roa (raw, json)
Hash identifier:          lSe6Of+Xnsse416PC7NnPNcL6+eZvCMNOwd37n9cu64=
Subject key identifier:   9D:FB:FD:F2:21:CE:1D:C8:9D:7B:8D:56:E7:81:F7:6D:D8:56:8A:75
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FD5538F23782EC63635B9494145A79C3F653EB7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88f81cbb-80c4-43d5-b6e6-4bd4174853f2.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.46.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:d5:53:8f:23:78:2e:c6:36:35:b9:49:41:45:a7:9c:3f:65:3e:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=a7484da47a38a0d792a044df9eed9c60746241d2c22416ac4ce34868d753ad0a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ff:45:90:d1:ac:e0:79:12:70:98:5f:b1:ee:
                    24:ab:5b:3f:15:88:d8:bb:fe:b4:2e:62:1d:13:f8:
                    e1:dd:70:b8:a1:60:36:19:5c:1d:5c:3b:0b:e9:bc:
                    9c:06:08:a2:f1:44:4b:a9:8e:4e:54:b7:a0:67:f9:
                    65:af:e5:df:0d:29:5f:30:42:d9:7e:04:d1:d2:fa:
                    13:1e:6a:93:81:32:6a:9c:1a:3b:ea:ee:f0:8f:64:
                    0a:2a:32:54:07:2d:71:27:44:a9:39:0a:c9:e5:db:
                    86:da:8c:84:ef:00:d4:88:13:9e:86:01:84:9a:6c:
                    f4:e2:aa:1b:3d:95:fb:31:8c:be:65:b8:f9:03:14:
                    24:b2:64:04:2c:b1:33:ef:4b:80:15:c7:46:50:66:
                    1a:d3:b5:17:10:00:83:27:a8:98:5a:a6:a4:da:7e:
                    f3:65:82:98:7b:6b:be:65:d1:b4:e9:d6:46:1e:a4:
                    b4:67:3b:d5:f6:a6:5e:be:78:6f:8f:5e:6d:db:fa:
                    1b:f7:ee:c1:fc:da:05:e5:40:63:d1:42:83:bb:9c:
                    94:63:5d:f0:08:f7:47:0a:4f:ad:6f:cf:7f:e4:f0:
                    ae:b1:84:bd:10:bf:97:c2:93:2e:53:5a:44:bf:5f:
                    9d:f0:00:f3:78:42:1b:61:11:b4:a0:bb:22:0b:1e:
                    c8:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:FB:FD:F2:21:CE:1D:C8:9D:7B:8D:56:E7:81:F7:6D:D8:56:8A:75
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/88f81cbb-80c4-43d5-b6e6-4bd4174853f2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.46.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         74:38:3d:80:08:f6:e1:f2:2b:11:ec:81:65:9f:a5:cd:4e:50:
         37:f7:a8:79:be:19:7e:ff:cf:22:73:10:8a:0f:81:43:d9:08:
         e0:6e:a1:7a:54:4d:38:a6:1f:98:f3:e7:63:6b:ee:2b:a8:fa:
         6e:a5:86:bd:1b:cd:b0:d3:b0:5b:8f:31:9d:77:29:1c:c6:9e:
         eb:3f:50:12:9f:f4:b8:44:39:b8:d4:ab:03:41:c9:f5:6a:3a:
         85:e8:67:6b:85:85:05:59:6c:dc:25:4b:21:17:21:d0:08:b1:
         3a:a7:60:b3:78:4a:b2:b8:7c:c8:04:e5:8a:be:b0:71:27:16:
         8d:c5:a3:e0:e8:e7:70:8e:84:2b:ee:ae:05:3a:ed:e3:f6:36:
         91:33:f1:bb:ab:7f:5e:b9:e2:79:90:2a:71:ee:ea:1d:bf:42:
         ea:a2:cd:c7:69:33:dd:6a:47:7b:f1:a7:16:88:4f:90:2f:ac:
         5e:86:56:60:c9:97:ba:a5:fb:17:ae:80:e2:b4:39:36:d2:9b:
         f0:2d:a6:9f:d7:e5:c5:1b:5c:df:62:bc:5a:f1:51:33:fc:d1:
         8c:f8:2d:f4:cc:5b:0f:60:68:44:38:78:91:58:4c:fe:6b:a4:
         20:96:02:d7:27:06:9b:69:22:1a:d9:2c:4b:e3:0c:cc:7f:4a:
         01:e6:63:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUP9VTjyN4LsY2NblJQUWnnD9lPrcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzQ4NGRhNDdhMzhhMGQ3OTJhMDQ0ZGY5ZWVkOWM2MDc0
NjI0MWQyYzIyNDE2YWM0Y2UzNDg2OGQ3NTNhZDBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCE/0WQ0azgeRJwmF+x7iSrWz8ViNi7/rQuYh0T+OHdcLih
YDYZXB1cOwvpvJwGCKLxREupjk5Ut6Bn+WWv5d8NKV8wQtl+BNHS+hMeapOBMmqc
Gjvq7vCPZAoqMlQHLXEnRKk5Csnl24bajITvANSIE56GAYSabPTiqhs9lfsxjL5l
uPkDFCSyZAQssTPvS4AVx0ZQZhrTtRcQAIMnqJhapqTafvNlgph7a75l0bTp1kYe
pLRnO9X2pl6+eG+PXm3b+hv37sH82gXlQGPRQoO7nJRjXfAI90cKT61vz3/k8K6x
hL0Qv5fCky5TWkS/X53wAPN4QhthEbSguyILHshLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnfv98iHOHcide41W54H3bdhWinUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg4ZjgxY2JiLTgwYzQtNDNkNS1iNmU2LTRiZDQxNzQ4NTNmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2LjANBgkqhkiG9w0BAQsFAAOCAQEAdDg9gAj24fIrEeyBZZ+lzU5QN/eo
eb4Zfv/PInMQig+BQ9kI4G6helRNOKYfmPPnY2vuK6j6bqWGvRvNsNOwW48xnXcp
HMae6z9QEp/0uEQ5uNSrA0HJ9Wo6hehna4WFBVls3CVLIRch0AixOqdgs3hKsrh8
yATlir6wcScWjcWj4OjncI6EK+6uBTrt4/Y2kTPxu6t/XrnieZAqce7qHb9C6qLN
x2kz3WpHe/GnFohPkC+sXoZWYMmXuqX7F66A4rQ5NtKb8C2mn9flxRtc32K8WvFR
M/zRjPgt9MxbD2BoRDh4kVhM/mukIJYC1ycGm2kiGtksS+MMzH9KAeZjbg==
-----END CERTIFICATE-----