Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8a0b27e-fd89-434f-84c1-93cf4c39cad8.roa
File:                     a8a0b27e-fd89-434f-84c1-93cf4c39cad8.roa (raw, json)
Hash identifier:          Fkt7rGKOQBUBFevko10zHcq0sMYcova1V5C+bCkcrrY=
Subject key identifier:   86:8A:E4:78:CD:E0:96:85:D1:64:F2:77:C8:C5:DB:58:83:24:25:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       636E9C210351008A541A14D65CE944F9B93DF3F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8a0b27e-fd89-434f-84c1-93cf4c39cad8.roa
Signing time:             Tue 26 Nov 2024 00:00:00 +0000
ROA not before:           Tue 26 Nov 2024 00:00:00 +0000
ROA not after:            Tue 31 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        75.101.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:6e:9c:21:03:51:00:8a:54:1a:14:d6:5c:e9:44:f9:b9:3d:f3:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 26 00:00:00 2024 GMT
            Not After : Dec 31 23:59:59 2024 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2c:d2:8d:5a:c7:d1:f4:3e:ce:b9:88:78:1f:
                    3f:4f:00:09:f2:4b:b9:a8:e9:15:cc:38:a7:e6:53:
                    13:51:83:1e:fa:8e:d2:d7:49:02:e4:5e:c3:aa:41:
                    65:26:fe:b7:09:7d:39:8d:62:ff:ef:3e:91:94:6d:
                    a9:cf:ec:48:06:51:e5:51:b3:cc:d3:ff:0e:6d:dc:
                    35:d0:b9:19:32:67:70:f2:8b:90:d4:63:84:f8:92:
                    6c:81:ab:66:5c:b7:6a:74:27:1a:90:c8:96:8b:e4:
                    5d:1a:18:28:76:33:e3:e1:8a:e7:2d:27:9e:7c:bd:
                    aa:9a:79:90:bb:1a:c9:eb:14:07:25:b3:da:a3:b3:
                    19:39:15:ef:ff:93:11:ac:c0:74:b7:2d:b5:70:08:
                    62:5b:3e:17:92:b1:e0:bf:e2:4d:3a:b0:05:83:13:
                    fd:86:1b:87:bb:30:c1:c5:81:21:66:7f:c4:28:0d:
                    0e:ae:94:db:dd:80:02:d0:bf:fc:bc:58:af:61:19:
                    d0:58:e4:9b:48:e3:f4:ff:2f:37:68:d1:c4:81:2e:
                    08:a5:fa:00:fe:cd:b0:77:6d:54:64:5f:8e:ef:a9:
                    c0:cd:16:ca:b3:eb:36:b9:d4:01:ca:6d:4d:0f:7b:
                    2f:3f:6e:92:14:ac:d5:d2:1b:96:a8:3d:bb:92:1d:
                    d3:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:8A:E4:78:CD:E0:96:85:D1:64:F2:77:C8:C5:DB:58:83:24:25:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8a0b27e-fd89-434f-84c1-93cf4c39cad8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.101.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         37:68:11:1c:97:6e:50:96:8f:9c:84:19:fd:2c:52:fd:c4:d6:
         02:cf:b5:b0:d6:b5:ce:60:d4:bf:76:06:d3:97:dc:6f:39:64:
         a1:72:46:d7:00:2d:d4:9d:4d:e9:31:30:84:29:4b:d3:d8:f5:
         40:63:b3:cd:4c:01:6b:87:5d:3d:31:df:b2:af:8d:38:e1:bd:
         52:fb:f9:d0:27:c2:4b:cc:40:6a:02:ca:c2:74:a9:94:d3:f7:
         ec:d8:72:ad:d9:ae:5c:95:58:4f:14:36:b1:a8:f7:65:6c:d1:
         2f:33:89:9d:63:f8:cc:0c:1e:b9:b9:35:81:4f:26:65:8e:f5:
         a1:f9:b4:03:13:c1:fe:f2:14:b3:39:18:aa:dd:8e:2f:c5:69:
         a4:d5:2b:57:69:49:8d:b3:7c:39:39:5c:fe:88:1d:76:93:b8:
         ee:0d:4f:4a:73:93:0a:ec:01:d7:ed:60:74:12:25:49:20:7f:
         80:76:08:e1:62:70:b6:f0:aa:d1:df:ad:c5:2b:19:d5:95:c0:
         04:a5:2d:89:45:34:b8:f2:b2:29:3c:79:1e:cb:87:63:5c:c2:
         4a:3d:58:6e:97:3e:6f:8f:5c:b5:21:36:99:b3:e8:87:57:e7:
         a9:94:31:ab:2c:3c:0b:26:d0:00:34:a3:06:b9:36:4e:04:62:
         43:8d:d7:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY26cIQNRAIpUGhTWXOlE+bk98/QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI2MDAwMDAwWhcNMjQxMjMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0Njc2NGQ2OWUyMjNmMDllOTI5NzUzNmRhYzk2MDFhMTc4
ODRkYWZkNWI2MjIzZWEzNmEzN2Y4MjA5ZmJmNGJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTLNKNWsfR9D7OuYh4Hz9PAAnyS7mo6RXMOKfmUxNRgx76
jtLXSQLkXsOqQWUm/rcJfTmNYv/vPpGUbanP7EgGUeVRs8zT/w5t3DXQuRkyZ3Dy
i5DUY4T4kmyBq2Zct2p0JxqQyJaL5F0aGCh2M+PhiuctJ558vaqaeZC7GsnrFAcl
s9qjsxk5Fe//kxGswHS3LbVwCGJbPheSseC/4k06sAWDE/2GG4e7MMHFgSFmf8Qo
DQ6ulNvdgALQv/y8WK9hGdBY5JtI4/T/Lzdo0cSBLgil+gD+zbB3bVRkX47vqcDN
Fsqz6za51AHKbU0Pey8/bpIUrNXSG5aoPbuSHdNBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhorkeM3gloXRZPJ3yMXbWIMkJeUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4YTBiMjdlLWZkODktNDM0Zi04NGMxLTkzY2Y0YzM5Y2FkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdLZYAwDQYJKoZIhvcNAQELBQADggEBADdoERyXblCWj5yEGf0sUv3E1gLP
tbDWtc5g1L92BtOX3G85ZKFyRtcALdSdTekxMIQpS9PY9UBjs81MAWuHXT0x37Kv
jTjhvVL7+dAnwkvMQGoCysJ0qZTT9+zYcq3ZrlyVWE8UNrGo92Vs0S8ziZ1j+MwM
Hrm5NYFPJmWO9aH5tAMTwf7yFLM5GKrdji/FaaTVK1dpSY2zfDk5XP6IHXaTuO4N
T0pzkwrsAdftYHQSJUkgf4B2COFicLbwqtHfrcUrGdWVwASlLYlFNLjysik8eR7L
h2Ncwko9WG6XPm+PXLUhNpmz6IdX56mUMassPAsm0AA0owa5Nk4EYkON18A=
-----END CERTIFICATE-----