Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b64785d2-8144-4430-8056-d7c8554f200b.roa
File:                     b64785d2-8144-4430-8056-d7c8554f200b.roa (raw, json)
Hash identifier:          swBDT7pwnAXBqLkxuWFEosImXHcx9ScnbMqOYOM06uE=
Subject key identifier:   D6:E8:30:A6:EF:CA:C8:BB:18:0B:53:EA:60:85:46:58:0E:06:F7:C8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       058883896A7257F0BDDBA821BA706812DDAB8EA4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b64785d2-8144-4430-8056-d7c8554f200b.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.210.88.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:88:83:89:6a:72:57:f0:bd:db:a8:21:ba:70:68:12:dd:ab:8e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f7:4d:28:ee:5b:5c:b1:72:c9:2f:f8:07:fc:
                    76:fa:2e:6c:c2:37:3c:b9:fd:ad:51:31:af:59:48:
                    05:a0:48:65:7b:3d:7b:0f:0c:b1:59:91:8b:7a:cd:
                    37:09:53:82:d8:04:ea:c9:b9:30:dd:7d:7d:d9:ba:
                    2d:93:8b:2f:35:c3:1e:96:fa:cf:64:23:15:b8:b6:
                    ee:70:bc:17:34:81:16:db:6e:e0:2d:82:97:4d:89:
                    f8:58:bb:ef:6e:6f:e7:33:1d:37:2f:4f:18:2e:a7:
                    d5:63:b3:4e:e1:2d:fe:c1:3a:5b:02:f7:ca:6b:99:
                    69:cf:de:af:22:17:1f:75:9b:2f:f7:04:37:4d:9c:
                    fc:bb:d9:10:0c:51:a5:fb:43:fb:9a:31:11:d8:1e:
                    7c:a3:14:d8:49:e9:cc:f4:e3:75:62:3d:eb:fa:50:
                    ff:2b:87:40:03:b4:ef:25:a6:06:d4:0f:5d:3f:fd:
                    4a:10:8c:12:cf:72:b3:1c:43:3a:e0:4b:5a:d2:28:
                    2a:d7:1d:65:06:06:87:a6:6b:00:51:a8:a7:dd:2f:
                    7d:b1:2a:fc:a6:83:8b:bb:d8:9c:2f:05:40:63:cb:
                    bd:dc:e0:53:5d:d1:53:4c:52:2d:4f:e1:a2:0b:6a:
                    d2:0c:f2:7b:cf:cd:47:91:a2:d6:6f:9e:e3:37:42:
                    ef:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E8:30:A6:EF:CA:C8:BB:18:0B:53:EA:60:85:46:58:0E:06:F7:C8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b64785d2-8144-4430-8056-d7c8554f200b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.210.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:da:31:54:e4:b9:c5:f7:66:52:55:f6:c1:fd:bb:61:12:55:
         ae:db:5a:0d:eb:a3:59:b2:a0:49:a9:81:da:2a:03:60:32:17:
         2f:b0:40:2b:16:f0:de:20:71:af:cf:fa:0e:3f:61:dc:d6:b0:
         ab:85:5f:c5:a2:03:50:9c:2d:d4:e0:12:a9:f3:65:9f:0a:8d:
         51:5f:9d:54:cb:26:f2:c9:c0:21:ee:69:ea:9c:d2:7a:72:9d:
         1f:b9:94:da:68:ec:38:08:53:3b:57:c1:0c:fe:3a:4c:23:a3:
         68:06:fa:f6:f1:73:ef:86:80:58:9c:4d:ad:21:ed:fd:99:ac:
         61:cc:ed:ee:1c:1f:ee:74:52:f8:26:68:0e:4c:af:57:fa:dc:
         d4:7a:e3:13:6e:8c:2b:d6:41:64:bd:70:44:78:e8:2a:8e:4d:
         6f:ef:73:9f:b9:d6:24:7d:b7:91:e0:9c:ec:36:c7:12:e5:88:
         90:b3:ad:66:69:40:2d:fc:82:dc:75:c1:a7:89:b2:02:4c:f1:
         d0:46:cb:c8:be:93:f7:4a:83:ad:12:be:fe:37:c4:4e:ba:3b:
         36:25:84:d5:29:c3:b1:ae:0d:66:3e:bc:fb:e4:5b:91:00:8e:
         3a:56:43:62:7d:cd:c3:63:3a:09:ee:53:53:4c:a9:0b:3e:b2:
         d6:01:b8:c9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBYiDiWpyV/C926ghunBoEt2rjqQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YmE4NjE2MTA1NjY3MGM5ZmYxYTIyODMxZWVkNDA1YjMx
ZWUyZDFjMjhlMzVkNWY3MGE5ZGU4Y2FhMTkyZjY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd900o7ltcsXLJL/gH/Hb6LmzCNzy5/a1RMa9ZSAWgSGV7
PXsPDLFZkYt6zTcJU4LYBOrJuTDdfX3Zui2Tiy81wx6W+s9kIxW4tu5wvBc0gRbb
buAtgpdNifhYu+9ub+czHTcvTxgup9Vjs07hLf7BOlsC98prmWnP3q8iFx91my/3
BDdNnPy72RAMUaX7Q/uaMRHYHnyjFNhJ6cz043ViPev6UP8rh0ADtO8lpgbUD10/
/UoQjBLPcrMcQzrgS1rSKCrXHWUGBoemawBRqKfdL32xKvymg4u72JwvBUBjy73c
4FNd0VNMUi1P4aILatIM8nvPzUeRotZvnuM3Qu+fAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1ugwpu/KyLsYC1PqYIVGWA4G98gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2NDc4NWQyLTgxNDQtNDQzMC04MDU2LWQ3Yzg1NTRmMjAwYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABF0lgwDQYJKoZIhvcNAQELBQADggEBAAjaMVTkucX3ZlJV9sH9u2ESVa7b
Wg3ro1myoEmpgdoqA2AyFy+wQCsW8N4gca/P+g4/YdzWsKuFX8WiA1CcLdTgEqnz
ZZ8KjVFfnVTLJvLJwCHuaeqc0npynR+5lNpo7DgIUztXwQz+Okwjo2gG+vbxc++G
gFicTa0h7f2ZrGHM7e4cH+50UvgmaA5Mr1f63NR64xNujCvWQWS9cER46CqOTW/v
c5+51iR9t5HgnOw2xxLliJCzrWZpQC38gtx1waeJsgJM8dBGy8i+k/dKg60Svv43
xE66OzYlhNUpw7GuDWY+vPvkW5EAjjpWQ2J9zcNjOgnuU1NMqQs+stYBuMk=
-----END CERTIFICATE-----