Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf699f53-b5f8-4e08-9d08-c11920f01edb.roa
File:                     bf699f53-b5f8-4e08-9d08-c11920f01edb.roa (raw, json)
Hash identifier:          kal0idhiwmsYn+P/WCYsvu8IxFLQ3vXYuK35vFdQm5w=
Subject key identifier:   E2:15:23:4D:6F:76:F6:C6:6F:17:55:FE:88:77:E3:01:D8:75:2C:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71F375E21AA7999B9D5CE1DC683881527BD1B9C1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf699f53-b5f8-4e08-9d08-c11920f01edb.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        66.219.64.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:f3:75:e2:1a:a7:99:9b:9d:5c:e1:dc:68:38:81:52:7b:d1:b9:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d3:fe:7f:3f:f8:04:f6:a5:d8:62:f9:14:d3:
                    32:4e:46:7a:e1:2f:2a:ae:8a:dd:54:3a:c0:b0:1c:
                    78:f0:a3:50:f8:11:d4:b2:98:c9:ef:bd:33:df:d6:
                    4e:56:66:5a:5e:3e:85:aa:ad:ba:72:34:01:db:80:
                    01:5d:47:d3:aa:f8:d0:5a:07:ab:55:bb:0a:6e:fc:
                    0e:6b:dd:1c:42:88:44:af:25:2a:8a:95:02:4a:e7:
                    64:25:f3:ba:13:be:68:25:98:6e:0b:a6:e4:52:ee:
                    81:1b:83:27:52:57:af:42:af:e3:1f:ce:16:8c:6a:
                    9b:8b:ea:6c:24:a0:c5:e9:16:88:5c:eb:f2:6b:8f:
                    3e:b4:72:34:59:e3:06:d5:44:6a:a4:81:03:de:2d:
                    f0:21:5f:9f:1d:55:13:47:e9:33:07:93:ff:7d:1a:
                    98:72:70:7d:36:e0:88:3d:4c:30:03:fd:5c:41:7d:
                    2a:66:59:6b:e7:99:ef:03:20:13:f6:63:c4:56:6d:
                    b6:2f:f7:e7:89:d4:7c:56:25:35:ac:97:2d:c8:f0:
                    0d:dc:f8:90:ca:b0:ae:19:b3:a3:e7:d2:0e:40:e4:
                    0a:bf:6b:2d:cc:2f:b1:dd:92:db:be:24:27:30:0f:
                    b5:70:1b:95:d3:0c:cd:cd:8f:f0:9d:d4:d2:6b:28:
                    72:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:15:23:4D:6F:76:F6:C6:6F:17:55:FE:88:77:E3:01:D8:75:2C:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bf699f53-b5f8-4e08-9d08-c11920f01edb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.219.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         13:a4:da:c6:ec:d9:46:d7:83:9a:15:1a:b6:b2:44:ee:04:19:
         e0:08:3b:6f:42:74:ed:bd:a1:e9:e8:eb:16:3a:48:a7:72:9d:
         ea:66:94:d9:e9:90:cd:6a:2a:2a:8d:c3:21:17:12:be:10:d8:
         ab:fa:cb:d4:40:66:02:46:67:ad:60:71:3a:fa:ed:63:ca:ee:
         3f:f2:8d:c6:2f:f8:ce:b9:19:78:98:24:1b:99:e0:5d:16:08:
         1e:b8:4b:50:83:47:c2:0e:c3:d3:68:ef:5d:56:f3:2c:b1:ee:
         d8:3d:c9:ce:8d:92:a6:1b:db:6b:d4:8c:33:05:cc:f3:a5:ca:
         6b:bd:0a:32:ae:42:7f:9d:d8:f9:9b:c4:05:3d:c9:55:f2:84:
         8d:85:35:af:0d:3f:4f:4f:21:15:db:f3:8a:e5:a7:99:e9:d5:
         29:06:d2:38:bb:b4:8f:a5:cd:90:3a:c3:97:06:22:3b:fd:2f:
         a1:eb:a0:a4:7d:04:87:93:a2:e8:d8:cf:47:95:f5:dd:a8:54:
         75:38:95:36:c4:3c:2c:96:c5:c8:4e:ba:63:d9:94:90:07:ab:
         cd:d9:df:0c:5c:fd:d6:9a:18:52:22:ba:11:90:da:26:89:d9:
         d0:95:20:1b:55:b4:71:19:2c:84:c7:49:64:34:76:8e:d0:97:
         2b:29:18:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcfN14hqnmZudXOHcaDiBUnvRucEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZjEyMGYyMTJiNzFjNmE5NWU3MmUyZGEzNzNiYWE3MDg1
OGNkOTA3Zjc2Y2ZhNDk5OGFjZWRjY2E4M2M4NWQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDS0/5/P/gE9qXYYvkU0zJORnrhLyquit1UOsCwHHjwo1D4
EdSymMnvvTPf1k5WZlpePoWqrbpyNAHbgAFdR9Oq+NBaB6tVuwpu/A5r3RxCiESv
JSqKlQJK52Ql87oTvmglmG4LpuRS7oEbgydSV69Cr+MfzhaMapuL6mwkoMXpFohc
6/Jrjz60cjRZ4wbVRGqkgQPeLfAhX58dVRNH6TMHk/99GphycH024Ig9TDAD/VxB
fSpmWWvnme8DIBP2Y8RWbbYv9+eJ1HxWJTWsly3I8A3c+JDKsK4Zs6Pn0g5A5Aq/
ay3ML7Hdktu+JCcwD7VwG5XTDM3Nj/Cd1NJrKHIRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4hUjTW929sZvF1X+iHfjAdh1LH4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JmNjk5ZjUzLWI1ZjgtNGUwOC05ZDA4LWMxMTkyMGYwMWVkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVC20AwDQYJKoZIhvcNAQELBQADggEBABOk2sbs2UbXg5oVGrayRO4EGeAI
O29CdO29oeno6xY6SKdynepmlNnpkM1qKiqNwyEXEr4Q2Kv6y9RAZgJGZ61gcTr6
7WPK7j/yjcYv+M65GXiYJBuZ4F0WCB64S1CDR8IOw9No711W8yyx7tg9yc6NkqYb
22vUjDMFzPOlymu9CjKuQn+d2PmbxAU9yVXyhI2FNa8NP09PIRXb84rlp5np1SkG
0ji7tI+lzZA6w5cGIjv9L6HroKR9BIeToujYz0eV9d2oVHU4lTbEPCyWxchOumPZ
lJAHq83Z3wxc/daaGFIiuhGQ2iaJ2dCVIBtVtHEZLITHSWQ0do7QlyspGPg=
-----END CERTIFICATE-----