Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f1d0097-d17d-4221-ad1a-fec79073b731.roa
File:                     9f1d0097-d17d-4221-ad1a-fec79073b731.roa (raw, json)
Hash identifier:          rgpTSbhlrY88U+CtrB9YA5unGs7cByBv7nRlGHCF2nQ=
Subject key identifier:   FC:88:11:A5:80:25:3F:D5:D2:60:1E:C2:99:4E:E1:BF:28:61:E2:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02D7B36529D44F141A8B6685D687B0F97C43FDFE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f1d0097-d17d-4221-ad1a-fec79073b731.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        146.77.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:d7:b3:65:29:d4:4f:14:1a:8b:66:85:d6:87:b0:f9:7c:43:fd:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=9e8c24762c2f63ee222f8e2e5a32400d7016359ee2e7dfd210a76936a729c09d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:e6:e0:06:85:65:13:51:37:80:4c:c1:5d:17:
                    e1:22:21:9f:b8:c3:dd:e2:25:b5:cd:e0:85:e1:30:
                    0b:ae:d1:0f:ea:13:b2:13:f7:0c:e5:a4:41:3d:1d:
                    c8:b6:22:2e:00:84:bd:d6:f0:a3:48:5c:ec:55:f0:
                    49:09:19:95:35:96:42:e5:59:a8:08:b1:55:34:a9:
                    3c:1a:cd:1c:d3:b1:4c:4f:72:df:0a:19:de:3b:d2:
                    2b:37:89:a1:d2:12:e7:1c:88:be:a6:40:ff:df:e7:
                    46:dc:bd:33:02:ef:35:78:22:c3:47:0e:e9:87:4c:
                    d3:b3:f0:cb:d2:5d:a8:67:26:ab:df:e4:16:48:ba:
                    f5:50:ea:c8:f8:2e:f2:7c:f0:2e:49:09:76:70:d7:
                    0c:28:ff:63:99:aa:1c:d1:8b:59:96:99:92:21:ba:
                    be:7b:86:95:86:7a:98:bb:c6:4e:49:61:5f:7b:ca:
                    f6:9e:c5:f6:de:bc:1e:7d:ca:23:f8:e8:42:86:0b:
                    8b:64:55:9d:70:28:e5:1b:98:4d:32:d7:2f:e6:f4:
                    34:15:f7:23:fb:b8:9b:af:0e:98:b0:e2:bb:53:57:
                    c0:68:27:b2:c7:14:b7:04:60:12:71:01:5c:04:16:
                    6a:5b:69:da:94:3a:f9:fc:43:8b:cd:4a:fc:55:0a:
                    26:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:88:11:A5:80:25:3F:D5:D2:60:1E:C2:99:4E:E1:BF:28:61:E2:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f1d0097-d17d-4221-ad1a-fec79073b731.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.77.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bd:94:37:5f:f2:0a:55:89:c5:67:f0:b7:0f:b2:f7:7c:0b:a9:
         47:b7:fa:1e:10:34:70:6a:99:b0:1c:11:ea:e5:8b:fb:ee:b5:
         f5:7a:d2:0e:6c:b4:9c:79:9d:80:42:24:04:24:32:b3:68:72:
         70:f4:c4:8b:5a:44:e6:24:e8:1d:30:ea:8b:f1:3b:6e:3f:df:
         06:d9:d5:4a:88:50:56:f9:76:33:93:5b:4a:a7:b3:e5:6b:ad:
         5a:63:9f:be:a6:3d:d7:51:64:87:46:73:5f:f8:d3:b6:ff:44:
         70:6e:e7:f6:27:ae:3b:05:41:f4:83:68:5b:80:ce:cf:66:1f:
         85:9f:0e:1d:11:46:13:e2:f7:d1:20:b9:cf:17:03:fc:34:e6:
         57:21:8f:9c:c2:fd:31:b7:1e:a8:58:84:68:52:b8:10:8f:4d:
         9a:2c:08:eb:b0:8f:be:b5:57:3f:91:15:ed:83:5d:b9:40:ff:
         bb:a1:2a:34:5a:d8:85:a3:fe:64:8a:c8:f5:e6:bc:f2:90:35:
         fa:08:79:b1:f7:90:86:eb:c3:fa:2f:02:60:5f:67:9b:46:e8:
         26:f9:94:15:c6:1f:e3:78:35:0d:64:2e:13:3d:d2:8e:9e:fa:
         06:2d:38:6c:8c:90:2b:7f:50:8f:63:35:7c:da:af:13:fb:6c:
         b7:76:d7:16
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAtezZSnUTxQai2aF1oew+XxD/f4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZThjMjQ3NjJjMmY2M2VlMjIyZjhlMmU1YTMyNDAwZDcw
MTYzNTllZTJlN2RmZDIxMGE3NjkzNmE3MjljMDlkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDl5uAGhWUTUTeATMFdF+EiIZ+4w93iJbXN4IXhMAuu0Q/q
E7IT9wzlpEE9Hci2Ii4AhL3W8KNIXOxV8EkJGZU1lkLlWagIsVU0qTwazRzTsUxP
ct8KGd470is3iaHSEucciL6mQP/f50bcvTMC7zV4IsNHDumHTNOz8MvSXahnJqvf
5BZIuvVQ6sj4LvJ88C5JCXZw1wwo/2OZqhzRi1mWmZIhur57hpWGepi7xk5JYV97
yvaexfbevB59yiP46EKGC4tkVZ1wKOUbmE0y1y/m9DQV9yP7uJuvDpiw4rtTV8Bo
J7LHFLcEYBJxAVwEFmpbadqUOvn8Q4vNSvxVCiYDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/IgRpYAlP9XSYB7CmU7hvyhh4j0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmMWQwMDk3LWQxN2QtNDIyMS1hZDFhLWZlYzc5MDczYjczMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSTTANBgkqhkiG9w0BAQsFAAOCAQEAvZQ3X/IKVYnFZ/C3D7L3fAupR7f6
HhA0cGqZsBwR6uWL++619XrSDmy0nHmdgEIkBCQys2hycPTEi1pE5iToHTDqi/E7
bj/fBtnVSohQVvl2M5NbSqez5WutWmOfvqY911Fkh0ZzX/jTtv9EcG7n9ieuOwVB
9INoW4DOz2YfhZ8OHRFGE+L30SC5zxcD/DTmVyGPnML9MbceqFiEaFK4EI9NmiwI
67CPvrVXP5EV7YNduUD/u6EqNFrYhaP+ZIrI9ea88pA1+gh5sfeQhuvD+i8CYF9n
m0boJvmUFcYf43g1DWQuEz3Sjp76Bi04bIyQK39Qj2M1fNqvE/tst3bXFg==
-----END CERTIFICATE-----