Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c16b353-7529-4f39-af64-ab022dca1336.roa
File:                     9c16b353-7529-4f39-af64-ab022dca1336.roa (raw, json)
Hash identifier:          7Y86pyEiLNU+itBPC0jvsJAoXSCxojl/NuUscmCuvdg=
Subject key identifier:   B6:2D:04:B5:33:74:E4:F4:8E:0A:69:08:CE:90:1E:73:2B:47:12:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7A753DF7FC9363A7E4A86E9E15A802B2285E58FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c16b353-7529-4f39-af64-ab022dca1336.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        71.152.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:75:3d:f7:fc:93:63:a7:e4:a8:6e:9e:15:a8:02:b2:28:5e:58:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:3d:a5:73:9d:2c:ff:7d:94:ad:f8:a9:9d:69:
                    a5:8c:32:68:df:14:bf:00:9a:97:fa:5e:0f:77:42:
                    8c:2f:11:d0:1e:ff:bc:d6:dc:cc:3a:3f:b1:1b:65:
                    dc:27:64:e8:84:f0:49:9c:c2:02:04:de:f9:02:4f:
                    2f:11:74:40:46:4a:42:6b:85:e6:cc:2b:85:4d:09:
                    d4:43:c9:43:46:19:5f:e9:ac:60:e4:d6:12:4c:aa:
                    7c:d0:9d:4d:26:af:87:f7:6e:b4:f9:98:da:8c:aa:
                    ac:63:a2:d7:01:c6:5f:a1:db:e4:82:49:26:d5:ac:
                    14:a9:43:e5:e2:5d:5b:b0:f0:e2:90:56:7f:f9:2c:
                    f6:73:a0:66:a6:a6:c1:e2:eb:d5:e7:8d:46:c6:32:
                    92:95:5b:43:aa:e1:38:41:61:6e:4e:60:3f:02:a4:
                    bf:aa:eb:f6:b1:25:6b:63:e1:d0:29:ec:6f:c7:16:
                    8c:48:e4:94:99:c6:c0:2e:25:14:f8:ba:98:5c:50:
                    1b:22:8d:c4:22:59:2d:af:7d:4a:fc:a0:c2:06:4a:
                    f4:b8:91:c6:43:b9:62:f3:a2:13:7a:e5:de:c6:18:
                    c2:64:58:25:a4:ca:d9:7e:ce:7a:4e:6d:c2:0f:9f:
                    da:c7:88:ea:a2:52:4e:94:67:ae:25:43:41:37:2d:
                    b5:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:2D:04:B5:33:74:E4:F4:8E:0A:69:08:CE:90:1E:73:2B:47:12:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c16b353-7529-4f39-af64-ab022dca1336.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.152.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         67:a0:31:cc:e5:30:f1:37:34:78:ea:e5:5d:8a:d3:2d:d6:8d:
         21:28:98:0b:c2:34:36:c2:cd:55:6c:32:43:6d:6f:4d:7f:45:
         fc:a1:61:40:c1:75:40:8b:28:fc:a9:ce:b2:18:12:a6:d4:00:
         ff:d2:61:d3:35:cc:4d:20:48:ec:c0:8f:fe:c3:db:93:eb:2a:
         1f:62:cb:f0:44:da:1f:c3:22:b7:0b:c3:7b:77:49:f9:2d:92:
         60:1b:36:2f:47:d4:bd:9e:dd:0f:87:54:6a:14:b5:37:88:b2:
         99:8d:09:11:be:d3:b2:07:71:52:00:6e:86:ab:89:a2:89:e9:
         96:10:79:a4:82:34:25:3d:2f:d7:4d:5b:ab:c0:5e:aa:e3:0c:
         1a:39:2c:ae:8d:18:54:a5:07:e0:47:04:71:66:1c:ca:3d:b2:
         6e:3a:5c:be:da:cd:ad:ba:86:db:de:3a:4e:29:b7:7c:76:22:
         57:fb:3d:41:9c:76:9b:92:8e:1b:57:e4:c5:93:a4:19:1f:78:
         5d:42:b5:4f:2b:f9:a1:54:de:ce:d7:49:71:6d:aa:55:99:cd:
         2a:f1:f7:dc:01:8d:74:c6:3d:b4:da:de:90:04:6e:d0:47:46:
         7f:cc:04:19:12:49:08:08:d8:d7:1c:3c:4d:c5:d6:61:63:37:
         4d:cb:7a:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUenU99/yTY6fkqG6eFagCsiheWP8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1M2JiNzQ3NTBjNzI4YmI5YTgyYTFlNzZjYzMwN2UzNjc5
MGMwMTQwYWIyMzY5MGY5MTU4MzVmMmJlZjVmZjA1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzPaVznSz/fZSt+KmdaaWMMmjfFL8Ampf6Xg93QowvEdAe
/7zW3Mw6P7EbZdwnZOiE8EmcwgIE3vkCTy8RdEBGSkJrhebMK4VNCdRDyUNGGV/p
rGDk1hJMqnzQnU0mr4f3brT5mNqMqqxjotcBxl+h2+SCSSbVrBSpQ+XiXVuw8OKQ
Vn/5LPZzoGampsHi69XnjUbGMpKVW0Oq4ThBYW5OYD8CpL+q6/axJWtj4dAp7G/H
FoxI5JSZxsAuJRT4uphcUBsijcQiWS2vfUr8oMIGSvS4kcZDuWLzohN65d7GGMJk
WCWkytl+znpObcIPn9rHiOqiUk6UZ64lQ0E3LbW1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUti0EtTN05PSOCmkIzpAecytHEpMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljMTZiMzUzLTc1MjktNGYzOS1hZjY0LWFiMDIyZGNhMTMzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdHmAAwDQYJKoZIhvcNAQELBQADggEBAGegMczlMPE3NHjq5V2K0y3WjSEo
mAvCNDbCzVVsMkNtb01/RfyhYUDBdUCLKPypzrIYEqbUAP/SYdM1zE0gSOzAj/7D
25PrKh9iy/BE2h/DIrcLw3t3SfktkmAbNi9H1L2e3Q+HVGoUtTeIspmNCRG+07IH
cVIAboariaKJ6ZYQeaSCNCU9L9dNW6vAXqrjDBo5LK6NGFSlB+BHBHFmHMo9sm46
XL7aza26htveOk4pt3x2Ilf7PUGcdpuSjhtX5MWTpBkfeF1CtU8r+aFU3s7XSXFt
qlWZzSrx99wBjXTGPbTa3pAEbtBHRn/MBBkSSQgI2NccPE3F1mFjN03LemU=
-----END CERTIFICATE-----