Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbbc2612-ccf0-42b7-bf26-d0d263efa041.roa
File:                     bbbc2612-ccf0-42b7-bf26-d0d263efa041.roa (raw, json)
Hash identifier:          2OTY6lJeMbl4pjHZ/F/tJVT7x89+6y446/dMPX4Qb7s=
Subject key identifier:   0D:E4:7C:49:D3:DE:ED:49:DC:D9:B8:E2:34:A9:8A:6E:CB:7C:E0:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01CCA911E5D9B78B91334D6B173616C54DAC8312
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbbc2612-ccf0-42b7-bf26-d0d263efa041.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.136.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:cc:a9:11:e5:d9:b7:8b:91:33:4d:6b:17:36:16:c5:4d:ac:83:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=ee095956a14e8df0fb0511bbba8ec567c7637c55a0a1db10e4e44ec8fd266110, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3f:2f:9d:82:5c:9e:b5:79:4f:72:f6:ba:30:
                    26:22:57:5c:25:c3:6a:af:8a:53:3c:28:61:fa:39:
                    0f:f2:47:51:f6:c1:1c:d6:ce:65:6e:e5:b9:50:5c:
                    ac:3c:0b:71:74:1d:ac:ae:a4:bf:93:86:c4:12:37:
                    34:11:e5:17:e9:aa:57:a3:5f:71:6d:22:bc:fa:8a:
                    2a:60:12:ba:a7:30:79:41:e8:d9:bd:bf:98:72:ac:
                    d6:c1:77:62:09:80:76:f0:0b:7f:0f:6f:55:39:f7:
                    1e:f8:9b:e7:b9:02:ae:2f:93:c4:e8:06:7a:c6:0d:
                    d6:46:ab:d2:48:d7:c9:3b:25:e2:5c:63:9a:32:bd:
                    c8:85:2b:ce:25:19:70:54:e5:f2:a1:6a:82:2e:c9:
                    d5:af:45:4a:fc:0c:cd:2f:be:ba:f0:c2:7f:e5:7a:
                    31:be:13:8f:1b:ba:4e:fd:18:18:92:76:e3:a1:81:
                    43:99:37:f0:9a:49:30:0b:d1:27:5e:5e:b7:73:2b:
                    89:3e:2b:42:a3:4e:e7:fa:9c:34:70:91:ee:c1:c9:
                    ce:87:9a:6e:e7:47:07:c6:e9:98:b9:a7:69:f2:f9:
                    13:ed:f9:63:f7:af:22:2d:6e:46:52:b5:30:33:45:
                    22:5f:24:1e:93:68:2c:12:f8:8d:f4:1f:d0:82:7a:
                    09:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E4:7C:49:D3:DE:ED:49:DC:D9:B8:E2:34:A9:8A:6E:CB:7C:E0:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbbc2612-ccf0-42b7-bf26-d0d263efa041.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.136.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bf:9e:bb:ae:7e:c4:b0:f6:b8:7d:b8:76:92:8a:3b:f9:1b:17:
         6e:a7:9c:c7:ab:e8:d0:95:6d:b0:43:da:6c:0b:95:aa:fc:5c:
         02:7b:75:fd:80:d3:c5:2e:76:f4:88:b4:a0:93:2c:8d:91:89:
         e2:8f:8f:67:43:96:19:19:24:50:49:cb:2a:7c:51:fc:2b:ca:
         71:ee:b1:a0:67:b7:46:c4:a8:59:9f:ad:29:ec:29:dd:cd:7a:
         10:50:cd:d6:ec:ab:c6:96:5d:44:5c:fa:5b:33:46:96:15:bb:
         63:33:b2:4f:49:c0:a8:39:f1:fe:61:9d:e3:72:71:2e:50:b0:
         ca:3a:5e:4b:60:be:45:c9:4f:8d:4a:79:83:9c:7e:ed:e9:ad:
         e1:1e:6f:61:9e:c0:00:27:75:9f:f0:1d:9d:8b:29:37:6a:43:
         5b:b5:3a:bd:b7:79:e2:3b:a9:c5:fc:96:49:0e:33:03:35:17:
         2a:18:2e:2d:e2:d7:4e:05:eb:01:6c:e1:ba:d9:bb:6a:ff:41:
         e1:16:47:9a:43:68:64:42:08:a9:c5:3f:8b:af:de:17:69:fe:
         11:c9:5a:0b:98:78:29:1c:38:36:f6:14:cf:16:db:d8:08:53:
         31:6f:e3:2f:20:6b:22:d6:3a:bc:66:64:a4:17:5a:7e:a3:cb:
         4d:06:d4:e4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAcypEeXZt4uRM01rFzYWxU2sgxIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTA5NTk1NmExNGU4ZGYwZmIwNTExYmJiYThlYzU2N2M3
NjM3YzU1YTBhMWRiMTBlNGU0NGVjOGZkMjY2MTEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpPy+dglyetXlPcva6MCYiV1wlw2qvilM8KGH6OQ/yR1H2
wRzWzmVu5blQXKw8C3F0HayupL+ThsQSNzQR5RfpqlejX3FtIrz6iipgErqnMHlB
6Nm9v5hyrNbBd2IJgHbwC38Pb1U59x74m+e5Aq4vk8ToBnrGDdZGq9JI18k7JeJc
Y5oyvciFK84lGXBU5fKhaoIuydWvRUr8DM0vvrrwwn/lejG+E48buk79GBiSduOh
gUOZN/CaSTAL0SdeXrdzK4k+K0KjTuf6nDRwke7Byc6Hmm7nRwfG6Zi5p2ny+RPt
+WP3ryItbkZStTAzRSJfJB6TaCwS+I30H9CCegmnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDeR8SdPe7Unc2bjiNKmKbst84EowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiYmMyNjEyLWNjZjAtNDJiNy1iZjI2LWQwZDI2M2VmYTA0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2iDANBgkqhkiG9w0BAQsFAAOCAQEAv567rn7EsPa4fbh2koo7+RsXbqec
x6vo0JVtsEPabAuVqvxcAnt1/YDTxS529Ii0oJMsjZGJ4o+PZ0OWGRkkUEnLKnxR
/CvKce6xoGe3RsSoWZ+tKewp3c16EFDN1uyrxpZdRFz6WzNGlhW7YzOyT0nAqDnx
/mGd43JxLlCwyjpeS2C+RclPjUp5g5x+7emt4R5vYZ7AACd1n/AdnYspN2pDW7U6
vbd54jupxfyWSQ4zAzUXKhguLeLXTgXrAWzhutm7av9B4RZHmkNoZEIIqcU/i6/e
F2n+EclaC5h4KRw4NvYUzxbb2AhTMW/jLyBrItY6vGZkpBdafqPLTQbU5A==
-----END CERTIFICATE-----