Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa1fca33-69b9-4bac-a044-04c218a33120.roa
File:                     aa1fca33-69b9-4bac-a044-04c218a33120.roa (raw, json)
Hash identifier:          hfL0FLN8+t43kwE8NA/QECzHDudkDol8fBcdTsjpEU8=
Subject key identifier:   8C:B1:98:D0:09:26:A6:0E:E3:83:54:AE:90:E4:F7:3E:4D:7C:EC:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58F98F5C3B963AA368A49381EF45D960776BEBF1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa1fca33-69b9-4bac-a044-04c218a33120.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        129.223.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:f9:8f:5c:3b:96:3a:a3:68:a4:93:81:ef:45:d9:60:77:6b:eb:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:37:e9:92:f3:03:4c:2c:a2:03:5c:ff:1c:d8:
                    5e:5f:05:f6:3b:c9:d1:90:72:d4:76:c7:94:ed:6f:
                    3a:46:bd:60:b0:04:47:8e:14:c1:8f:19:4f:05:0c:
                    f9:aa:eb:78:a2:8c:00:e3:dd:fa:f8:7c:55:88:15:
                    04:6c:5a:bc:9b:cc:fc:93:ec:1e:73:50:5b:f8:33:
                    c6:36:ad:b7:34:c9:65:1f:2b:f5:ce:7a:6c:62:7d:
                    bd:52:20:75:18:53:a3:cc:57:1f:94:7b:5f:aa:6e:
                    7e:50:1e:38:90:c8:c1:5b:74:0b:e8:91:e0:a4:cd:
                    32:c2:25:b6:dd:2c:bc:b4:f9:d4:0d:fa:82:69:5d:
                    65:c8:8e:af:0d:db:b7:fc:00:95:5e:d6:d1:77:bc:
                    03:11:0c:ff:2d:6f:30:bd:ea:20:3a:7a:3f:28:c2:
                    df:07:2a:68:d0:e4:22:f5:5f:39:ea:92:54:a2:9d:
                    47:46:52:0b:b1:ae:ff:3d:d0:bc:2d:b3:61:1a:13:
                    0d:d5:f2:fa:50:69:10:c1:29:6c:ce:5b:7d:75:03:
                    a6:5f:78:6b:7a:40:28:4e:81:21:16:b1:48:de:a3:
                    a7:54:ce:5f:50:46:44:08:7d:34:39:25:91:47:d1:
                    66:ab:4a:48:13:13:e2:9b:ed:59:5a:12:f6:92:8e:
                    8d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:B1:98:D0:09:26:A6:0E:E3:83:54:AE:90:E4:F7:3E:4D:7C:EC:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa1fca33-69b9-4bac-a044-04c218a33120.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.223.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:d2:b1:7d:8a:9c:a6:0d:3b:dc:e9:b1:2a:33:a2:c6:45:70:
         45:5c:22:ea:3a:f3:8c:a3:4d:8d:00:8b:5c:5a:a4:8a:b4:c0:
         b6:d1:44:f3:42:70:84:ec:ea:29:8d:b0:cc:20:de:e5:e0:82:
         ce:30:f1:d7:80:67:63:ba:5d:bd:fd:fa:8b:d1:c1:f1:e8:22:
         65:05:07:aa:5e:13:02:09:dc:7e:1a:af:f9:57:b8:d9:fa:62:
         f7:23:1e:23:72:55:c8:c2:bc:26:18:04:f3:e8:47:8d:dd:ed:
         60:8e:08:34:20:2b:e4:9e:2b:56:df:f9:53:2f:5a:68:ce:b7:
         a8:c6:df:be:ad:89:64:1e:b0:4a:88:1e:05:94:2c:db:97:b8:
         45:e9:ec:a6:1d:6e:e4:30:72:77:f1:3d:73:eb:b2:47:67:42:
         11:58:a0:9a:8c:83:77:b5:7d:02:d5:7f:a7:cf:60:17:d4:27:
         21:d7:b7:fa:1b:c7:2a:26:f7:11:d6:2f:fc:d7:45:17:f8:4e:
         58:07:22:af:d0:c7:d8:d6:89:97:1d:a6:34:5f:b0:49:65:05:
         f0:b6:27:99:8c:cc:a0:9f:3e:88:c4:d3:a0:ec:ee:31:a2:b0:
         9a:a3:76:89:19:a0:a5:32:af:3e:55:a6:e1:77:69:5e:60:8a:
         01:f5:ef:e9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWPmPXDuWOqNopJOB70XZYHdr6/EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYmI5MGU3NWMwZWNlMDgzYjA5NDA3NDUwOTFkZTA5ZTEy
Y2FlNGNlZWVkYjI4ZGE1N2YyYmI5MGQ3MDkyNTEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRN+mS8wNMLKIDXP8c2F5fBfY7ydGQctR2x5TtbzpGvWCw
BEeOFMGPGU8FDPmq63iijADj3fr4fFWIFQRsWrybzPyT7B5zUFv4M8Y2rbc0yWUf
K/XOemxifb1SIHUYU6PMVx+Ue1+qbn5QHjiQyMFbdAvokeCkzTLCJbbdLLy0+dQN
+oJpXWXIjq8N27f8AJVe1tF3vAMRDP8tbzC96iA6ej8owt8HKmjQ5CL1XznqklSi
nUdGUguxrv890Lwts2EaEw3V8vpQaRDBKWzOW311A6ZfeGt6QChOgSEWsUjeo6dU
zl9QRkQIfTQ5JZFH0WarSkgTE+Kb7VlaEvaSjo3DAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjLGY0Akmpg7jg1SukOT3Pk187KYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhMWZjYTMzLTY5YjktNGJhYy1hMDQ0LTA0YzIxOGEzMzEyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCB3zANBgkqhkiG9w0BAQsFAAOCAQEAo9KxfYqcpg073OmxKjOixkVwRVwi
6jrzjKNNjQCLXFqkirTAttFE80JwhOzqKY2wzCDe5eCCzjDx14BnY7pdvf36i9HB
8egiZQUHql4TAgncfhqv+Ve42fpi9yMeI3JVyMK8JhgE8+hHjd3tYI4INCAr5J4r
Vt/5Uy9aaM63qMbfvq2JZB6wSogeBZQs25e4Rensph1u5DByd/E9c+uyR2dCEVig
moyDd7V9AtV/p89gF9QnIde3+hvHKib3EdYv/NdFF/hOWAcir9DH2NaJlx2mNF+w
SWUF8LYnmYzMoJ8+iMTToOzuMaKwmqN2iRmgpTKvPlWm4XdpXmCKAfXv6Q==
-----END CERTIFICATE-----