Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdba97c4-869c-4278-8fdf-87cf5e334dce.roa
File:                     bdba97c4-869c-4278-8fdf-87cf5e334dce.roa (raw, json)
Hash identifier:          GQuyK9CE5eX4cHEZKlTn1Hy8DiMMWbLo64IXbJgz1RU=
Subject key identifier:   0E:88:59:10:6D:A5:C4:F4:0D:CB:5B:4C:A7:A0:20:AF:AB:62:C8:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7EBB1B480BA72B7922861F49144D8AEDF796272B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdba97c4-869c-4278-8fdf-87cf5e334dce.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.138.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:bb:1b:48:0b:a7:2b:79:22:86:1f:49:14:4d:8a:ed:f7:96:27:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:80:06:a2:da:8a:59:79:37:dc:8a:b6:2d:9d:
                    1b:ab:41:92:1c:0f:70:89:da:8c:eb:f8:b6:99:39:
                    65:d0:a2:8f:3f:b8:20:a8:24:a8:66:38:80:3f:5e:
                    0b:9a:6b:73:39:d6:8f:8a:ed:74:b4:d2:90:6c:58:
                    91:59:09:f8:30:08:86:bb:3c:9d:0d:7d:20:04:b9:
                    e3:78:d1:17:87:a2:a6:4c:29:be:a4:3e:55:f4:61:
                    61:d1:75:8e:ab:10:62:a7:6a:ba:82:01:c2:f7:a9:
                    8a:a9:73:cf:7c:7a:35:2b:e5:3d:e7:5d:66:d7:65:
                    20:ad:56:ff:c2:da:7a:70:7f:44:e0:14:20:10:8f:
                    8f:3f:02:61:f2:48:24:1f:b5:d8:7f:f6:31:60:c9:
                    10:62:53:54:48:d8:aa:21:0b:ef:1c:6f:cb:44:bf:
                    8c:9a:d7:6e:dd:2f:79:82:30:75:c0:db:29:c3:56:
                    2b:e5:51:88:e0:35:6f:75:94:d9:1e:88:5f:f2:8f:
                    7a:d0:ab:cd:fe:56:91:5f:95:92:7f:94:aa:fa:22:
                    0a:4e:04:57:ad:c5:86:04:40:ee:e4:e9:a7:f9:40:
                    32:b2:cd:86:fe:93:cf:c8:f8:b1:d6:75:a4:77:8d:
                    e0:17:6e:06:57:14:67:fc:21:27:29:42:fb:6b:eb:
                    9a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:88:59:10:6D:A5:C4:F4:0D:CB:5B:4C:A7:A0:20:AF:AB:62:C8:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdba97c4-869c-4278-8fdf-87cf5e334dce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.138.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b0:c7:02:fd:80:11:16:67:9b:36:40:20:02:1e:0f:b0:ab:1a:
         4c:d4:33:f3:a4:07:29:d9:e7:21:9f:8b:7a:f0:55:d1:65:96:
         fb:13:e0:4e:b8:14:42:02:d8:be:33:ed:f8:af:75:ec:94:97:
         dd:4c:85:b7:20:41:ec:b2:0b:96:e5:5d:ff:2a:da:08:71:21:
         fa:93:55:10:cf:ed:02:5d:dd:2f:3b:af:a4:dc:5d:f0:11:ce:
         10:cd:48:16:8c:f1:e0:78:d8:26:77:06:c7:78:ba:14:33:fb:
         56:0c:3c:86:40:cd:ad:bf:90:8d:ba:16:d5:b0:96:b4:df:02:
         5d:52:45:7a:ef:b9:e2:7d:f0:33:1f:b6:7b:84:a7:11:46:0d:
         07:a9:01:29:59:92:c7:e6:19:64:00:26:0d:3f:7e:dd:5b:2b:
         09:e5:27:1a:68:2c:5b:56:ce:02:e3:2b:7f:2e:9b:83:65:06:
         54:39:50:3b:58:a7:4d:a6:50:e7:11:4e:4c:70:9b:e8:b5:00:
         b4:80:93:03:d4:f9:33:99:13:b0:b7:ac:c9:45:e5:9c:b7:f6:
         8f:31:cb:fc:e1:17:b1:99:74:b7:20:1b:b4:36:f3:e9:91:a6:
         70:7b:c1:bb:1c:30:9a:6d:98:12:f3:af:f5:6f:18:e2:d3:63:
         39:03:7f:c1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfrsbSAunK3kihh9JFE2K7feWJyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2MTc1ZWQ1M2M0ODM0OTZmNmNjNjIwNGIzYjFhMDViNmM1
YTMxN2VjMDM3ZGQwNWEyMjNhZTAwMTMyZGQzNDczMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9gAai2opZeTfcirYtnRurQZIcD3CJ2ozr+LaZOWXQoo8/
uCCoJKhmOIA/Xguaa3M51o+K7XS00pBsWJFZCfgwCIa7PJ0NfSAEueN40ReHoqZM
Kb6kPlX0YWHRdY6rEGKnarqCAcL3qYqpc898ejUr5T3nXWbXZSCtVv/C2npwf0Tg
FCAQj48/AmHySCQftdh/9jFgyRBiU1RI2KohC+8cb8tEv4ya127dL3mCMHXA2ynD
VivlUYjgNW91lNkeiF/yj3rQq83+VpFflZJ/lKr6IgpOBFetxYYEQO7k6af5QDKy
zYb+k8/I+LHWdaR3jeAXbgZXFGf8IScpQvtr65pBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDohZEG2lxPQNy1tMp6Agr6tiyF0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkYmE5N2M0LTg2OWMtNDI3OC04ZmRmLTg3Y2Y1ZTMzNGRjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2ijANBgkqhkiG9w0BAQsFAAOCAQEAsMcC/YARFmebNkAgAh4PsKsaTNQz
86QHKdnnIZ+LevBV0WWW+xPgTrgUQgLYvjPt+K917JSX3UyFtyBB7LILluVd/yra
CHEh+pNVEM/tAl3dLzuvpNxd8BHOEM1IFozx4HjYJncGx3i6FDP7Vgw8hkDNrb+Q
jboW1bCWtN8CXVJFeu+54n3wMx+2e4SnEUYNB6kBKVmSx+YZZAAmDT9+3VsrCeUn
GmgsW1bOAuMrfy6bg2UGVDlQO1inTaZQ5xFOTHCb6LUAtICTA9T5M5kTsLesyUXl
nLf2jzHL/OEXsZl0tyAbtDbz6ZGmcHvBuxwwmm2YEvOv9W8Y4tNjOQN/wQ==
-----END CERTIFICATE-----