Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac44a161-07d5-4395-a26c-092d6289d298.roa
File:                     ac44a161-07d5-4395-a26c-092d6289d298.roa (raw, json)
Hash identifier:          DQkJsUs/vZPFqZGREbfRgKideJkT2yZiwIuu14Wg42E=
Subject key identifier:   07:D3:2F:21:C5:52:60:12:0B:28:6A:EC:EA:F3:42:0C:18:7E:F5:E0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10B527172FDC4C16D59C41DA0C33BA1C9D50C001
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac44a161-07d5-4395-a26c-092d6289d298.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.83.224.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:b5:27:17:2f:dc:4c:16:d5:9c:41:da:0c:33:ba:1c:9d:50:c0:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=f9934e444689704082ac4f8ec4da38f5d360e8205d0e749d51fde6d68ce7e33f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:25:81:61:58:2b:65:3c:13:4e:d7:ac:1b:80:
                    a2:df:61:12:18:9d:fd:c9:8e:79:95:f6:e0:9c:df:
                    34:95:88:f7:62:87:1c:2e:97:8e:a9:19:fd:ea:0e:
                    7d:fa:af:bd:97:72:b0:94:5d:9c:43:38:e3:88:43:
                    2c:91:ec:3c:cb:8c:e2:cd:2c:2c:d6:01:fa:88:30:
                    1b:62:2d:f9:67:70:f1:3f:c9:21:2e:d2:ef:dc:ff:
                    b6:c3:06:fa:0e:1e:2c:d9:88:71:fe:1b:ba:9d:68:
                    fa:82:8f:9b:c3:d6:71:d6:75:4f:40:01:2c:7d:d8:
                    41:74:9c:69:ed:c2:d8:8d:0e:3e:58:f9:f8:a9:31:
                    04:ef:99:6d:a3:49:49:6a:6f:c6:17:c8:4d:bf:2d:
                    bb:58:0f:85:7c:cf:2c:6d:21:54:a6:40:c2:53:fe:
                    a5:49:a9:e1:07:38:e8:fd:78:9d:09:f6:d6:b4:73:
                    0b:3c:e7:bf:24:be:f4:c1:e6:2d:ad:b2:06:82:a3:
                    bf:94:6e:51:91:47:34:36:41:8a:64:2e:bd:2a:71:
                    00:6a:1a:c1:6d:16:34:b6:d1:b5:c9:78:18:83:c2:
                    1a:07:50:7c:de:df:76:2d:b7:32:43:d4:28:30:89:
                    e4:fa:ba:36:7f:43:ce:89:ac:cb:eb:09:b2:48:ee:
                    e2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D3:2F:21:C5:52:60:12:0B:28:6A:EC:EA:F3:42:0C:18:7E:F5:E0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ac44a161-07d5-4395-a26c-092d6289d298.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.83.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         d8:a2:c8:e0:e1:2b:02:28:fe:34:bb:e3:61:27:41:e7:a3:e5:
         86:e8:58:98:36:8c:b4:fa:b0:99:dc:4b:52:d1:4f:de:17:69:
         d9:21:4a:cb:38:0a:74:2e:81:8a:21:ca:5c:5c:79:56:c6:59:
         11:98:5a:08:85:21:9f:f8:c4:1b:9c:3e:dc:76:c1:73:00:72:
         77:b5:cd:8a:3e:95:2f:3c:13:b6:e3:84:0a:82:78:ed:cb:fe:
         cb:61:a3:28:4c:2b:49:4f:de:54:af:5b:49:18:9b:42:bb:8a:
         e2:f1:83:94:f9:7d:32:cf:5a:d7:4a:6d:bf:e2:df:33:41:5b:
         a2:46:a8:fe:49:94:8e:6d:46:72:11:ae:d7:af:fe:ca:03:f7:
         35:2b:6b:cd:ef:d6:52:42:a0:0d:d5:8a:da:c0:8d:84:9a:64:
         93:54:83:4e:83:b9:91:1c:bf:ff:bd:af:0d:fc:a2:25:d8:32:
         36:a2:6f:2b:71:4e:80:aa:d9:a6:1b:af:cc:e2:fb:f9:50:57:
         17:b6:fa:f2:ba:a9:d6:bc:81:61:b6:43:78:62:8f:a9:2a:58:
         70:f9:1d:c4:9b:15:03:d7:2b:11:01:8d:f2:be:bf:75:cf:6a:
         ca:ee:65:40:6e:95:fa:b3:18:9c:49:98:b3:b8:2e:38:f9:7f:
         c5:d0:90:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUELUnFy/cTBbVnEHaDDO6HJ1QwAEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTkzNGU0NDQ2ODk3MDQwODJhYzRmOGVjNGRhMzhmNWQz
NjBlODIwNWQwZTc0OWQ1MWZkZTZkNjhjZTdlMzNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeJYFhWCtlPBNO16wbgKLfYRIYnf3JjnmV9uCc3zSViPdi
hxwul46pGf3qDn36r72XcrCUXZxDOOOIQyyR7DzLjOLNLCzWAfqIMBtiLflncPE/
ySEu0u/c/7bDBvoOHizZiHH+G7qdaPqCj5vD1nHWdU9AASx92EF0nGntwtiNDj5Y
+fipMQTvmW2jSUlqb8YXyE2/LbtYD4V8zyxtIVSmQMJT/qVJqeEHOOj9eJ0J9ta0
cws8578kvvTB5i2tsgaCo7+UblGRRzQ2QYpkLr0qcQBqGsFtFjS20bXJeBiDwhoH
UHze33YttzJD1CgwieT6ujZ/Q86JrMvrCbJI7uKLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUB9MvIcVSYBILKGrs6vNCDBh+9eAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FjNDRhMTYxLTA3ZDUtNDM5NS1hMjZjLTA5MmQ2Mjg5ZDI5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXYU+AwDQYJKoZIhvcNAQELBQADggEBANiiyODhKwIo/jS742EnQeej5Ybo
WJg2jLT6sJncS1LRT94XadkhSss4CnQugYohylxceVbGWRGYWgiFIZ/4xBucPtx2
wXMAcne1zYo+lS88E7bjhAqCeO3L/sthoyhMK0lP3lSvW0kYm0K7iuLxg5T5fTLP
WtdKbb/i3zNBW6JGqP5JlI5tRnIRrtev/soD9zUra83v1lJCoA3VitrAjYSaZJNU
g06DuZEcv/+9rw38oiXYMjaibytxToCq2aYbr8zi+/lQVxe2+vK6qda8gWG2Q3hi
j6kqWHD5HcSbFQPXKxEBjfK+v3XPasruZUBulfqzGJxJmLO4Ljj5f8XQkME=
-----END CERTIFICATE-----