Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce3d416d-944c-4b49-aef3-69e376553c88.roa
File:                     ce3d416d-944c-4b49-aef3-69e376553c88.roa (raw, json)
Hash identifier:          HfR4mU9598JgtA9WezO74I99HyU1aLDm15R+G1dU+fo=
Subject key identifier:   E6:7C:8E:83:9B:0C:87:02:8A:4C:77:F3:7B:21:26:27:37:E7:9C:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74AE8AEBCE44D71BAF85AFF264A25B58522F27F3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce3d416d-944c-4b49-aef3-69e376553c88.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.136.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:ae:8a:eb:ce:44:d7:1b:af:85:af:f2:64:a2:5b:58:52:2f:27:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=e9d6f9b21b1beabbb86ac605475b2903fc09b65272150a554b2a1032e2473c96, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4e:84:9a:ed:48:db:95:13:35:2a:45:75:c8:
                    5a:eb:b3:98:e8:57:2a:37:7a:b8:a4:bf:29:7a:d9:
                    07:1a:47:44:10:ee:0e:c4:94:d3:f6:b4:4a:3b:44:
                    55:f9:7f:ca:37:d6:99:3f:a3:85:71:d1:8b:2e:3e:
                    3e:02:1d:14:1b:64:5e:16:18:a3:c6:ce:8e:3f:48:
                    7d:bd:d0:28:21:32:2c:30:ae:97:87:e5:82:7a:9d:
                    f9:fa:79:9d:79:2b:8c:0d:fe:14:66:f3:d6:03:af:
                    2c:66:24:9c:e9:12:94:d8:86:c2:93:dc:1b:88:87:
                    1b:d6:ed:01:be:28:72:a1:69:ec:64:7f:1b:d1:ea:
                    e5:ee:25:24:19:99:ba:66:b1:71:99:7c:e2:b7:a9:
                    a6:b1:11:86:94:5b:61:d3:c6:53:dd:a0:40:53:90:
                    ba:5b:99:58:03:d0:90:79:87:42:c9:1b:1a:2c:49:
                    d5:c3:43:92:f1:fa:61:5f:62:c2:1d:77:e8:5c:6e:
                    c7:ef:89:4c:93:5a:2c:82:e9:23:81:c6:91:0a:93:
                    da:01:38:24:9b:c4:65:3f:63:42:82:d9:86:83:21:
                    c1:c5:69:03:01:d6:2a:0b:66:00:20:2f:d2:8f:ef:
                    8f:2c:01:57:fb:ca:60:75:bd:ed:74:f0:1d:01:ab:
                    92:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7C:8E:83:9B:0C:87:02:8A:4C:77:F3:7B:21:26:27:37:E7:9C:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce3d416d-944c-4b49-aef3-69e376553c88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.136.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         77:8c:cd:75:f5:26:21:2c:0a:dd:8c:1f:32:a5:03:d9:0f:c4:
         13:c0:60:85:8d:56:a4:fd:2d:a8:2d:b8:31:60:cc:8e:04:06:
         24:83:97:7c:8e:ce:6e:99:72:fa:eb:b9:db:b1:93:9a:fc:29:
         c1:a4:7e:f2:ac:fb:2a:e3:88:97:cf:50:2d:27:30:3f:c5:c3:
         57:4c:e0:b9:7a:ed:0c:86:d4:1e:46:fd:85:1e:c1:66:62:4f:
         85:e0:31:06:c1:e0:59:c4:88:cd:40:dc:4d:dd:32:82:0d:86:
         8b:ae:e0:61:ce:8c:83:04:8f:e1:07:94:3d:7d:56:b2:b3:a8:
         d7:58:53:15:c2:22:72:4b:a4:81:c2:ca:29:76:cf:34:1b:95:
         23:f5:31:fc:87:cc:7b:fa:75:88:15:c3:12:f4:a5:e0:0a:b0:
         50:63:01:ed:35:2b:25:d8:5c:47:b7:ba:7e:c6:fe:f6:70:46:
         d1:81:68:58:10:0c:ee:f0:18:8d:f5:e6:87:84:a5:71:2f:fa:
         34:54:bb:7f:35:43:7e:08:27:ce:38:4b:a5:88:39:1a:82:f4:
         12:fc:10:c3:81:cb:e8:1e:4f:10:37:65:a4:cb:5f:39:7f:91:
         91:2d:9e:ed:68:bf:30:66:c2:3d:61:f8:2c:63:58:63:93:0d:
         c7:a8:a8:25
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdK6K685E1xuvha/yZKJbWFIvJ/MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlOWQ2ZjliMjFiMWJlYWJiYjg2YWM2MDU0NzViMjkwM2Zj
MDliNjUyNzIxNTBhNTU0YjJhMTAzMmUyNDczYzk2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPToSa7UjblRM1KkV1yFrrs5joVyo3erikvyl62QcaR0QQ
7g7ElNP2tEo7RFX5f8o31pk/o4Vx0YsuPj4CHRQbZF4WGKPGzo4/SH290CghMiww
rpeH5YJ6nfn6eZ15K4wN/hRm89YDryxmJJzpEpTYhsKT3BuIhxvW7QG+KHKhaexk
fxvR6uXuJSQZmbpmsXGZfOK3qaaxEYaUW2HTxlPdoEBTkLpbmVgD0JB5h0LJGxos
SdXDQ5Lx+mFfYsIdd+hcbsfviUyTWiyC6SOBxpEKk9oBOCSbxGU/Y0KC2YaDIcHF
aQMB1ioLZgAgL9KP748sAVf7ymB1ve108B0Bq5KPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5nyOg5sMhwKKTHfzeyEmJzfnnF4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlM2Q0MTZkLTk0NGMtNGI0OS1hZWYzLTY5ZTM3NjU1M2M4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2iDANBgkqhkiG9w0BAQsFAAOCAQEAd4zNdfUmISwK3YwfMqUD2Q/EE8Bg
hY1WpP0tqC24MWDMjgQGJIOXfI7Obply+uu527GTmvwpwaR+8qz7KuOIl89QLScw
P8XDV0zguXrtDIbUHkb9hR7BZmJPheAxBsHgWcSIzUDcTd0ygg2Gi67gYc6MgwSP
4QeUPX1WsrOo11hTFcIickukgcLKKXbPNBuVI/Ux/IfMe/p1iBXDEvSl4AqwUGMB
7TUrJdhcR7e6fsb+9nBG0YFoWBAM7vAYjfXmh4SlcS/6NFS7fzVDfggnzjhLpYg5
GoL0EvwQw4HL6B5PEDdlpMtfOX+RkS2e7Wi/MGbCPWH4LGNYY5MNx6ioJQ==
-----END CERTIFICATE-----