Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb0f236d-3d21-4b64-9121-55250c0e93e6.roa
File:                     cb0f236d-3d21-4b64-9121-55250c0e93e6.roa (raw, json)
Hash identifier:          d8rYIopMa57ApZjUufyAnLQFDg0mvndmBmxr2TRvRgU=
Subject key identifier:   D6:69:D9:3A:75:45:88:A8:65:5E:EA:22:6D:1A:CA:FD:0D:72:2D:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CBC4D1E31A74F29CDA3DCCDACF4619912D0B57E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb0f236d-3d21-4b64-9121-55250c0e93e6.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        142.60.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:bc:4d:1e:31:a7:4f:29:cd:a3:dc:cd:ac:f4:61:99:12:d0:b5:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=5fc48e989cde9d8c28a60edb2b0cc886f4d19b6146e119b9c5ff02f6895498bc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:11:4f:30:d5:a2:96:d7:fe:ca:22:09:98:02:
                    e5:5a:b3:8a:02:95:41:a5:f0:af:be:bd:28:ec:2a:
                    c6:cb:58:1e:2e:a4:b0:7e:ed:8d:da:53:86:d0:f7:
                    55:9e:57:a5:46:bb:01:bd:f6:8f:f2:8d:3a:95:bc:
                    29:cc:eb:6e:2f:34:41:74:ca:b1:51:95:33:09:ff:
                    a3:13:4a:99:19:c8:b5:a9:1b:d8:05:23:b9:40:e5:
                    b6:b6:5d:6d:ab:e4:c5:be:87:f8:d9:6c:e1:1f:b8:
                    76:29:75:fb:63:67:74:e9:84:94:c3:82:17:01:53:
                    d5:28:67:8a:a4:39:df:8e:99:93:17:c5:ab:40:45:
                    1f:94:2d:a7:2d:52:24:c7:4a:fc:2e:30:39:0c:34:
                    8d:87:1f:3c:c1:53:60:e5:21:5d:d0:43:51:c7:08:
                    7a:db:63:52:ab:ba:b2:4a:c7:c1:4f:d4:7e:5e:81:
                    d6:9e:22:2e:b1:31:f3:0f:df:37:ae:f0:eb:65:da:
                    62:de:30:ce:11:07:e2:4f:06:3b:01:1f:ff:b8:c1:
                    41:2b:eb:c8:26:54:07:3e:8a:75:83:d2:a7:05:25:
                    d2:0e:dd:4a:c3:79:20:2b:88:b5:74:55:f4:3b:ab:
                    47:28:f9:6e:04:e4:09:ce:34:07:94:84:30:8b:a6:
                    fa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:69:D9:3A:75:45:88:A8:65:5E:EA:22:6D:1A:CA:FD:0D:72:2D:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb0f236d-3d21-4b64-9121-55250c0e93e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  142.60.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b6:27:eb:d8:de:ed:af:c4:53:5b:1e:b6:29:8d:dd:d6:64:39:
         78:ef:88:05:21:13:c6:1f:a6:9c:8c:5a:63:48:42:42:ee:ab:
         5b:02:09:fa:88:98:4d:f0:3e:00:1b:34:17:b8:97:07:32:27:
         e1:72:84:56:89:76:c3:0e:2b:cd:44:0a:ca:68:bd:53:fc:85:
         0f:db:a4:9a:b7:17:57:00:d8:a6:33:5a:af:89:de:de:2a:40:
         d7:83:ae:eb:81:5e:34:72:97:e2:4d:d4:cf:1b:e9:d2:8b:7e:
         44:87:6e:1e:3c:e1:ee:94:57:86:2d:61:79:fe:14:f2:53:3d:
         8e:37:15:09:59:86:f3:a2:ee:8a:39:92:7d:92:86:e3:77:4f:
         d7:da:11:b8:a2:04:18:d0:7d:5f:e4:81:1d:5f:7f:dc:eb:c9:
         c3:a0:98:0d:f9:45:f5:a1:69:89:fb:2c:77:91:8a:ea:63:a2:
         fc:85:81:1c:15:b4:8b:e8:b9:8a:ae:01:f0:a1:01:0d:73:17:
         a5:09:7e:58:ef:2b:f2:b1:db:e6:17:6f:3a:bc:c5:70:82:4a:
         a5:84:30:a8:ab:89:d0:07:fd:ed:59:20:ca:35:b0:c9:3e:e4:
         11:36:7e:5b:06:3d:b8:a4:0f:0a:81:3b:5c:81:98:84:5c:00:
         7e:e8:8a:34
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPLxNHjGnTynNo9zNrPRhmRLQtX4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmM0OGU5ODljZGU5ZDhjMjhhNjBlZGIyYjBjYzg4NmY0
ZDE5YjYxNDZlMTE5YjljNWZmMDJmNjg5NTQ5OGJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeEU8w1aKW1/7KIgmYAuVas4oClUGl8K++vSjsKsbLWB4u
pLB+7Y3aU4bQ91WeV6VGuwG99o/yjTqVvCnM624vNEF0yrFRlTMJ/6MTSpkZyLWp
G9gFI7lA5ba2XW2r5MW+h/jZbOEfuHYpdftjZ3TphJTDghcBU9UoZ4qkOd+OmZMX
xatARR+ULactUiTHSvwuMDkMNI2HHzzBU2DlIV3QQ1HHCHrbY1KrurJKx8FP1H5e
gdaeIi6xMfMP3zeu8Otl2mLeMM4RB+JPBjsBH/+4wUEr68gmVAc+inWD0qcFJdIO
3UrDeSAriLV0VfQ7q0co+W4E5AnONAeUhDCLpvqfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1mnZOnVFiKhlXuoibRrK/Q1yLcUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiMGYyMzZkLTNkMjEtNGI2NC05MTIxLTU1MjUwYzBlOTNlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCOPDANBgkqhkiG9w0BAQsFAAOCAQEAtifr2N7tr8RTWx62KY3d1mQ5eO+I
BSETxh+mnIxaY0hCQu6rWwIJ+oiYTfA+ABs0F7iXBzIn4XKEVol2ww4rzUQKymi9
U/yFD9ukmrcXVwDYpjNar4ne3ipA14Ou64FeNHKX4k3Uzxvp0ot+RIduHjzh7pRX
hi1hef4U8lM9jjcVCVmG86LuijmSfZKG43dP19oRuKIEGNB9X+SBHV9/3OvJw6CY
DflF9aFpifssd5GK6mOi/IWBHBW0i+i5iq4B8KEBDXMXpQl+WO8r8rHb5hdvOrzF
cIJKpYQwqKuJ0Af97VkgyjWwyT7kETZ+WwY9uKQPCoE7XIGYhFwAfuiKNA==
-----END CERTIFICATE-----