Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aefdc279-f833-409e-b85e-d1b67b3e8ef6.roa
File:                     aefdc279-f833-409e-b85e-d1b67b3e8ef6.roa (raw, json)
Hash identifier:          3SEe/BJn9cqdzpltiWNgakarHVZSujVRZeTEnZam+po=
Subject key identifier:   30:0D:0C:28:60:0C:C6:CD:83:74:B0:83:11:6F:93:45:D4:7A:A6:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       639E1234E406CCF98E3F4BEF641A7AA1629D208F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aefdc279-f833-409e-b85e-d1b67b3e8ef6.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        209.159.32.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:9e:12:34:e4:06:cc:f9:8e:3f:4b:ef:64:1a:7a:a1:62:9d:20:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=dad47b3c3ad79e47681f529c90d0a545768a0798e4ac469da80fda81662f3ab2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ce:0d:03:53:96:c6:7f:8d:66:cf:e4:a3:4f:
                    f8:75:e5:ee:11:ed:97:bb:ab:de:d0:1c:4c:bc:84:
                    22:98:32:fd:0b:c5:b5:5e:18:47:a9:f8:c7:71:10:
                    ca:1d:d6:ff:d5:26:0b:98:80:e5:58:04:b3:4c:c2:
                    53:6c:f0:13:31:53:61:06:b4:7a:36:f2:9f:b7:79:
                    86:1e:9b:cd:51:6d:2e:6a:cf:fb:80:b0:8a:b9:48:
                    dd:dc:53:93:a5:3c:92:9d:bb:b6:e6:7a:aa:cd:c7:
                    f0:e2:e3:d9:01:24:b0:7d:19:61:c2:a3:73:73:a6:
                    83:83:01:91:fa:92:5a:e7:27:94:a0:e3:6a:c1:86:
                    fd:87:a4:62:9b:c3:4b:20:95:66:cb:50:9c:52:58:
                    0d:01:8f:8e:11:97:ce:3d:af:82:90:ba:bc:75:f6:
                    e6:ec:f2:2c:5b:b5:55:76:52:f8:4c:16:ef:55:4e:
                    57:b9:e7:e6:f2:f8:46:b5:14:aa:f9:63:e9:96:71:
                    a3:4d:57:ae:ba:34:2a:5a:3b:c7:23:e4:09:35:a5:
                    0c:36:b7:88:7d:c5:43:4a:ac:33:ed:c2:a9:a8:d3:
                    e3:e5:9a:f7:4f:4f:0a:1d:aa:32:11:bb:c5:e5:89:
                    30:d3:1d:e5:d7:2e:59:ac:25:61:cc:62:36:ed:6a:
                    7f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:0D:0C:28:60:0C:C6:CD:83:74:B0:83:11:6F:93:45:D4:7A:A6:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aefdc279-f833-409e-b85e-d1b67b3e8ef6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.159.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1b:c3:58:9a:73:c1:7f:5f:92:1b:2f:68:c7:69:b9:a7:8c:b1:
         a1:a3:ed:b5:5b:a5:8f:78:61:ba:06:67:fd:fd:5c:8c:01:8b:
         4e:c5:f1:ca:2e:39:30:55:37:00:4a:5c:96:6c:b2:a0:d6:38:
         3f:55:99:56:63:e4:19:29:bf:bf:3f:28:b1:ae:80:25:b2:8e:
         b9:43:e7:82:e0:f4:83:8f:41:17:b7:c1:da:d2:45:72:89:93:
         2a:df:59:a6:bd:50:59:9e:d8:93:8a:17:cc:8b:e3:2e:94:39:
         42:aa:c7:99:a5:44:8f:52:f9:8d:28:5a:52:68:09:2d:07:3d:
         c5:7f:0d:be:86:fd:c4:84:fa:be:9a:c6:98:9f:3f:d7:e8:c1:
         0e:96:0c:49:3a:70:25:c3:b9:46:a5:4c:83:4e:bd:8b:e9:77:
         cd:17:bd:a2:2e:0a:9b:64:6c:da:43:31:c8:96:b2:b4:0d:86:
         6a:39:f0:d2:97:f6:5e:31:55:bd:0c:9b:65:84:a9:fa:8d:75:
         e5:77:a1:2d:28:4c:db:fc:d4:61:d6:a1:b1:72:88:1b:4c:31:
         8e:58:ea:2c:b6:e1:83:95:20:ca:5e:b5:ef:15:ca:e1:03:36:
         e8:33:eb:17:05:52:1a:95:67:0d:c6:7e:6a:1c:84:8c:7f:9a:
         46:4b:f4:d8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY54SNOQGzPmOP0vvZBp6oWKdII8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYWQ0N2IzYzNhZDc5ZTQ3NjgxZjUyOWM5MGQwYTU0NTc2
OGEwNzk4ZTRhYzQ2OWRhODBmZGE4MTY2MmYzYWIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBzg0DU5bGf41mz+SjT/h15e4R7Ze7q97QHEy8hCKYMv0L
xbVeGEep+MdxEMod1v/VJguYgOVYBLNMwlNs8BMxU2EGtHo28p+3eYYem81RbS5q
z/uAsIq5SN3cU5OlPJKdu7bmeqrNx/Di49kBJLB9GWHCo3NzpoODAZH6klrnJ5Sg
42rBhv2HpGKbw0sglWbLUJxSWA0Bj44Rl849r4KQurx19ubs8ixbtVV2UvhMFu9V
Tle55+by+Ea1FKr5Y+mWcaNNV666NCpaO8cj5Ak1pQw2t4h9xUNKrDPtwqmo0+Pl
mvdPTwodqjIRu8XliTDTHeXXLlmsJWHMYjbtan/FAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMA0MKGAMxs2DdLCDEW+TRdR6pk8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FlZmRjMjc5LWY4MzMtNDA5ZS1iODVlLWQxYjY3YjNlOGVmNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXRnyAwDQYJKoZIhvcNAQELBQADggEBABvDWJpzwX9fkhsvaMdpuaeMsaGj
7bVbpY94YboGZ/39XIwBi07F8couOTBVNwBKXJZssqDWOD9VmVZj5Bkpv78/KLGu
gCWyjrlD54Lg9IOPQRe3wdrSRXKJkyrfWaa9UFme2JOKF8yL4y6UOUKqx5mlRI9S
+Y0oWlJoCS0HPcV/Db6G/cSE+r6axpifP9fowQ6WDEk6cCXDuUalTINOvYvpd80X
vaIuCptkbNpDMciWsrQNhmo58NKX9l4xVb0Mm2WEqfqNdeV3oS0oTNv81GHWobFy
iBtMMY5Y6iy24YOVIMpete8VyuEDNugz6xcFUhqVZw3GfmochIx/mkZL9Ng=
-----END CERTIFICATE-----