Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc24592b-b837-4433-a01c-d44a5b7e6a34.roa
File:                     bc24592b-b837-4433-a01c-d44a5b7e6a34.roa (raw, json)
Hash identifier:          oSQdxRW/veucua1cbE5xHTfrk9RKNBmbESiu20WZNn8=
Subject key identifier:   48:D3:9C:10:C6:F8:6A:10:53:B8:8C:F0:88:CB:83:DA:F0:A7:42:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3036BE8A4882F826D07098998F1BD060953121C9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc24592b-b837-4433-a01c-d44a5b7e6a34.roa
Signing time:             Wed 27 Nov 2024 00:00:00 +0000
ROA not before:           Wed 27 Nov 2024 00:00:00 +0000
ROA not after:            Wed 01 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        157.175.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:36:be:8a:48:82:f8:26:d0:70:98:99:8f:1b:d0:60:95:31:21:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 27 00:00:00 2024 GMT
            Not After : Jan  1 23:59:59 2025 GMT
        Subject: serialNumber=64fc9bcedb3884ec85d1a1f35779e5e649c2322256c2bfeb83400ddf2681b943, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3a:07:42:23:f7:68:63:d6:ce:96:f4:33:18:
                    28:98:28:0b:8d:c8:37:d9:71:37:ee:44:71:c9:61:
                    88:28:c0:4d:ba:e0:23:da:78:5e:90:0f:19:bc:96:
                    f7:27:69:5c:a9:a3:ed:6e:a4:d3:29:b2:42:91:69:
                    df:23:5c:cc:64:b0:49:7b:1b:69:f2:eb:f9:6c:97:
                    75:44:b4:c4:84:11:97:e7:24:14:a8:e9:43:45:2c:
                    ec:04:42:a2:af:38:bf:df:18:f4:94:b2:9d:9a:3b:
                    a1:05:e7:4f:d9:9b:8d:91:d6:c2:1f:9e:8d:d5:4f:
                    8b:1d:1a:85:4d:dd:d2:f6:e2:d0:18:3b:b8:e7:58:
                    76:61:b7:eb:8c:b3:99:93:04:e0:21:91:b7:c3:e3:
                    26:dd:17:d1:95:9d:83:50:b8:95:bd:6c:43:f3:51:
                    39:b3:c7:66:61:aa:a5:df:cd:42:b3:5c:0f:45:34:
                    13:62:f1:d8:a1:a1:8a:03:5f:f8:54:13:fb:d4:7e:
                    91:a3:df:de:6d:9e:a5:86:96:5d:e1:26:c1:e9:7d:
                    3d:15:43:52:29:78:12:7a:32:7f:83:8d:ca:7d:8d:
                    45:89:fd:b8:b8:1e:c0:70:e4:33:aa:c6:37:d7:8a:
                    bf:e7:f0:ab:21:cc:77:c6:db:80:cf:85:c4:84:65:
                    52:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D3:9C:10:C6:F8:6A:10:53:B8:8C:F0:88:CB:83:DA:F0:A7:42:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bc24592b-b837-4433-a01c-d44a5b7e6a34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.175.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         94:43:4a:4b:1b:55:45:92:7c:eb:8e:11:19:5e:8c:67:a4:8b:
         56:9d:53:dc:69:b4:be:5d:86:ad:07:93:5a:d4:4e:48:52:c5:
         5f:17:3f:3f:1c:73:27:83:69:67:16:a1:48:0e:75:1a:1d:7a:
         67:d1:42:25:53:fe:e7:55:98:f3:1d:b1:62:50:fa:46:27:67:
         d3:01:2d:81:c6:f8:d7:cf:d0:7a:c8:5d:23:13:c8:b7:83:a6:
         77:21:69:9c:f2:e6:ba:5e:60:41:a9:10:1c:0c:80:b9:92:dd:
         63:27:20:d6:25:09:98:8a:47:26:7a:90:6d:9d:96:46:a1:92:
         b2:a7:58:5c:30:2a:4c:be:51:6b:4a:7e:d4:f1:ed:c2:fd:7e:
         c4:cc:b9:2b:82:89:2d:4d:c4:8d:6d:f2:39:7e:0d:d0:17:f4:
         5d:76:ab:72:66:d8:b8:78:66:fc:d6:07:62:9b:20:a6:c2:b1:
         b1:5d:35:90:7d:69:73:40:ad:a0:26:8d:24:59:b3:b0:56:38:
         4c:3c:60:1e:28:dd:8b:d1:fe:12:5c:50:57:73:09:77:1c:5b:
         17:4c:58:b4:65:a8:ce:44:63:18:d4:dc:b9:2b:38:c5:43:04:
         bf:f5:e3:98:34:43:b2:2f:29:0f:f1:d9:4f:ef:b8:19:5b:03:
         cf:9f:f8:f0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMDa+ikiC+CbQcJiZjxvQYJUxIckwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI3MDAwMDAwWhcNMjUwMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGZjOWJjZWRiMzg4NGVjODVkMWExZjM1Nzc5ZTVlNjQ5
YzIzMjIyNTZjMmJmZWI4MzQwMGRkZjI2ODFiOTQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvOgdCI/doY9bOlvQzGCiYKAuNyDfZcTfuRHHJYYgowE26
4CPaeF6QDxm8lvcnaVypo+1upNMpskKRad8jXMxksEl7G2ny6/lsl3VEtMSEEZfn
JBSo6UNFLOwEQqKvOL/fGPSUsp2aO6EF50/Zm42R1sIfno3VT4sdGoVN3dL24tAY
O7jnWHZht+uMs5mTBOAhkbfD4ybdF9GVnYNQuJW9bEPzUTmzx2ZhqqXfzUKzXA9F
NBNi8dihoYoDX/hUE/vUfpGj395tnqWGll3hJsHpfT0VQ1IpeBJ6Mn+Djcp9jUWJ
/bi4HsBw5DOqxjfXir/n8KshzHfG24DPhcSEZVL/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSNOcEMb4ahBTuIzwiMuD2vCnQoEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjMjQ1OTJiLWI4MzctNDQzMy1hMDFjLWQ0NGE1YjdlNmEzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCdrzANBgkqhkiG9w0BAQsFAAOCAQEAlENKSxtVRZJ8644RGV6MZ6SLVp1T
3Gm0vl2GrQeTWtROSFLFXxc/PxxzJ4NpZxahSA51Gh16Z9FCJVP+51WY8x2xYlD6
Ridn0wEtgcb418/QeshdIxPIt4OmdyFpnPLmul5gQakQHAyAuZLdYycg1iUJmIpH
JnqQbZ2WRqGSsqdYXDAqTL5Ra0p+1PHtwv1+xMy5K4KJLU3EjW3yOX4N0Bf0XXar
cmbYuHhm/NYHYpsgpsKxsV01kH1pc0CtoCaNJFmzsFY4TDxgHijdi9H+ElxQV3MJ
dxxbF0xYtGWozkRjGNTcuSs4xUMEv/XjmDRDsi8pD/HZT++4GVsDz5/48A==
-----END CERTIFICATE-----