Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca936afe-73ab-400a-b6cc-2636c1dd0071.roa
File:                     ca936afe-73ab-400a-b6cc-2636c1dd0071.roa (raw, json)
Hash identifier:          KcUFC+S7YpHCEix9viu4GCkjPJx6nnXMHIaBmLXhhBo=
Subject key identifier:   5A:CF:B2:7F:41:70:5A:0B:A4:28:20:DC:CC:55:4B:75:9F:16:1B:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F9D54F672C62052654F5406EABE7CD7B2A9E78F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca936afe-73ab-400a-b6cc-2636c1dd0071.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        69.210.72.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:9d:54:f6:72:c6:20:52:65:4f:54:06:ea:be:7c:d7:b2:a9:e7:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:13:30:00:96:cd:d1:06:1d:80:a2:1b:b3:1e:
                    01:09:05:80:d5:f1:79:4d:59:ad:60:5f:cc:fa:91:
                    9a:59:ca:7c:0d:5f:14:23:c1:63:f9:5c:92:28:d5:
                    c9:93:ff:85:5f:91:84:cf:81:fe:2b:43:df:09:fe:
                    17:df:52:09:d4:8b:b5:58:10:d9:49:cc:6a:a6:ea:
                    0d:6f:51:1f:0e:bc:8d:f2:61:7b:59:36:e4:a0:26:
                    15:54:46:92:0c:77:af:19:a5:30:ca:04:02:ca:43:
                    c6:4f:71:f3:36:e3:54:cb:88:90:5e:a1:13:39:75:
                    e8:95:a6:34:d4:76:ca:03:99:93:2b:f4:a8:5e:8e:
                    eb:69:d8:66:20:f6:ed:f4:68:60:19:f8:a6:05:c7:
                    e5:a9:f6:86:e4:93:61:f7:e2:5f:6f:28:1c:08:95:
                    9a:8d:7a:02:7d:65:52:8c:90:4d:30:8f:50:e2:36:
                    83:b8:0c:21:bb:c7:c5:7f:0e:5e:fb:cc:4d:85:9b:
                    1f:21:e3:1a:64:80:77:87:19:05:27:c5:a5:1f:3c:
                    ce:14:71:05:f3:23:0c:ff:12:57:15:a6:c7:0e:5c:
                    9f:68:4d:69:31:df:a2:98:8a:5d:ff:90:dc:10:ba:
                    15:94:52:0b:e9:34:95:4d:71:13:3d:78:f8:e3:9a:
                    b4:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:CF:B2:7F:41:70:5A:0B:A4:28:20:DC:CC:55:4B:75:9F:16:1B:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ca936afe-73ab-400a-b6cc-2636c1dd0071.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  69.210.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:59:31:e2:07:17:f3:83:35:f6:c8:ff:9a:60:a8:ce:7a:ed:
         f2:98:a3:3a:2b:e1:18:1c:80:89:bf:8f:a5:1e:66:9a:97:ea:
         70:d3:03:5c:a9:e0:28:0c:7d:84:95:48:0c:38:e6:e3:04:e0:
         04:ca:09:b8:de:92:a9:c5:ab:96:ed:16:94:ce:b5:8b:19:bb:
         1e:6e:d8:0e:73:b9:28:14:aa:8e:c7:7e:64:84:52:d9:ed:ce:
         d3:db:0a:18:59:0b:ae:7f:5b:71:b0:ca:07:76:62:b4:3c:48:
         12:8b:de:6a:89:88:a0:a1:05:e1:63:ae:f6:a6:05:f0:6d:90:
         a1:de:46:c4:c0:24:05:2e:f0:e0:c2:c8:23:f4:87:1d:a7:90:
         4b:2e:6c:eb:7c:9f:f6:bd:1c:54:35:03:22:10:81:a1:26:fa:
         6d:3e:be:49:92:68:f6:13:b3:ae:f4:60:6f:0f:0a:3b:f7:55:
         7f:a3:44:ba:bf:25:ce:76:1d:b7:5f:de:8b:21:0a:14:42:d7:
         48:17:1b:29:e7:27:22:d3:12:bf:42:4d:2e:4b:e9:f1:35:f3:
         f5:0d:2e:25:0a:ed:09:b0:f2:85:fe:98:36:a7:9f:7a:ba:ba:
         ac:38:dd:5a:ed:6d:26:10:50:63:10:cb:dc:a6:2f:d8:78:42:
         f3:e0:13:95
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL51U9nLGIFJlT1QG6r5817Kp548wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjNhMzNiMmQ0NjIxZGUwNWU0NTk4Yjg1ZmFlNzllMTA4
NThmYzM2ZWY5ZjZjZjg4MGNiOTg3ZTA4NzcxODkyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7EzAAls3RBh2AohuzHgEJBYDV8XlNWa1gX8z6kZpZynwN
XxQjwWP5XJIo1cmT/4VfkYTPgf4rQ98J/hffUgnUi7VYENlJzGqm6g1vUR8OvI3y
YXtZNuSgJhVURpIMd68ZpTDKBALKQ8ZPcfM241TLiJBeoRM5deiVpjTUdsoDmZMr
9Khejutp2GYg9u30aGAZ+KYFx+Wp9obkk2H34l9vKBwIlZqNegJ9ZVKMkE0wj1Di
NoO4DCG7x8V/Dl77zE2Fmx8h4xpkgHeHGQUnxaUfPM4UcQXzIwz/ElcVpscOXJ9o
TWkx36KYil3/kNwQuhWUUgvpNJVNcRM9ePjjmrRDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWs+yf0FwWgukKCDczFVLdZ8WG5QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhOTM2YWZlLTczYWItNDAwYS1iNmNjLTI2MzZjMWRkMDA3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJF0kgwDQYJKoZIhvcNAQELBQADggEBADpZMeIHF/ODNfbI/5pgqM567fKY
ozor4RgcgIm/j6UeZpqX6nDTA1yp4CgMfYSVSAw45uME4ATKCbjekqnFq5btFpTO
tYsZux5u2A5zuSgUqo7HfmSEUtntztPbChhZC65/W3Gwygd2YrQ8SBKL3mqJiKCh
BeFjrvamBfBtkKHeRsTAJAUu8ODCyCP0hx2nkEsubOt8n/a9HFQ1AyIQgaEm+m0+
vkmSaPYTs670YG8PCjv3VX+jRLq/Jc52Hbdf3oshChRC10gXGynnJyLTEr9CTS5L
6fE18/UNLiUK7Qmw8oX+mDann3q6uqw43VrtbSYQUGMQy9ymL9h4QvPgE5U=
-----END CERTIFICATE-----