Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce5b17ab-2db9-44dd-a67b-3054e32ac55c.roa
File:                     ce5b17ab-2db9-44dd-a67b-3054e32ac55c.roa (raw, json)
Hash identifier:          YlAYamJYXX2AcP4z5ZJ9/c6DOrtxnspBomEp81CwgjY=
Subject key identifier:   5B:35:EF:81:27:63:E0:90:C7:D6:B1:62:22:E5:32:6F:0D:16:78:16
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       211D861F3C2691F1F469AB39B2B41A40C7D3E190
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce5b17ab-2db9-44dd-a67b-3054e32ac55c.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        207.223.128.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:1d:86:1f:3c:26:91:f1:f4:69:ab:39:b2:b4:1a:40:c7:d3:e1:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=4929379a95ec2fe5b44e0efff472d374058affb0600fd7453f2673d2650d5974, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:78:32:19:68:c3:ae:a5:82:e9:18:fe:a0:b2:
                    31:f5:0f:cf:c2:d0:df:c8:d1:93:55:e1:c2:7d:6a:
                    30:5f:61:ff:b2:c3:c5:89:48:ff:5b:b7:77:a0:9a:
                    90:31:49:36:1c:46:e5:e2:38:47:9f:63:de:99:b3:
                    f1:73:01:5a:6e:e9:1d:67:c5:be:c0:9f:a7:85:0d:
                    89:01:99:b1:fa:80:5b:46:a2:2d:f0:d3:17:7d:46:
                    ef:4e:bb:97:c8:56:65:46:69:65:4d:65:72:9c:67:
                    ed:43:5c:90:26:49:8d:6c:d1:bc:c0:1f:33:b2:aa:
                    fd:12:b5:cc:6e:8d:83:85:46:99:3c:be:38:64:40:
                    71:0c:0c:04:67:d4:58:5d:f3:1d:bd:ab:10:e7:b9:
                    70:8c:25:5d:4e:aa:70:8d:17:67:b5:d3:17:3f:4c:
                    1f:26:05:c2:99:a0:48:c7:39:92:3b:99:ef:58:e7:
                    bc:37:f0:10:25:d6:21:6d:a4:31:f5:ac:1e:5b:3c:
                    97:00:8c:df:6b:e3:b6:c4:94:6b:cc:e1:8b:52:63:
                    70:41:74:c6:63:a9:31:d8:19:43:a3:9c:74:63:1b:
                    0c:9f:b3:48:62:b5:1e:08:bd:df:e7:5e:7d:d5:54:
                    ba:16:94:11:88:fa:82:25:0a:2e:21:63:7d:c6:8f:
                    a3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:35:EF:81:27:63:E0:90:C7:D6:B1:62:22:E5:32:6F:0D:16:78:16
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ce5b17ab-2db9-44dd-a67b-3054e32ac55c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.223.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         47:d6:30:7e:ff:51:fa:89:6f:6f:1b:97:5b:a7:3f:9b:62:77:
         c5:c0:a0:a3:aa:81:44:f8:86:f0:e5:a6:f6:c9:35:1d:15:fc:
         5c:dd:df:e3:7f:1d:5b:61:83:04:97:53:c9:08:06:fb:fc:46:
         84:eb:f5:46:a2:01:2d:0d:56:05:72:7c:cb:35:f5:e7:07:ca:
         86:dc:01:d9:78:46:07:f3:1b:19:95:e5:e1:26:4d:78:4f:ea:
         f9:b8:33:3b:b0:94:04:86:45:3f:87:dc:1f:f5:fd:87:d2:d9:
         9f:8d:bb:f1:4e:36:58:a8:a4:0f:3c:f7:0b:62:4f:c8:8c:54:
         42:20:38:99:c4:93:36:c7:c0:c3:56:31:0d:27:c2:07:cd:2d:
         56:c9:bb:57:d0:6d:11:32:ee:f3:b0:63:08:0a:c0:e9:80:d7:
         db:50:46:11:1a:4e:f2:72:73:53:d4:c4:a6:24:7e:1b:91:8d:
         00:32:dc:b1:bb:34:50:55:9e:d3:7c:f7:86:25:62:ec:55:2a:
         83:55:5a:9c:6d:b7:3b:15:65:31:7e:5b:bb:ab:70:dc:65:79:
         54:f7:eb:13:e4:25:d1:9f:0e:9b:91:98:25:94:b1:c1:c2:34:
         2e:9e:71:64:94:dc:02:c7:83:09:55:00:36:94:f8:4c:29:22:
         56:d9:13:09
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIR2GHzwmkfH0aas5srQaQMfT4ZAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTI5Mzc5YTk1ZWMyZmU1YjQ0ZTBlZmZmNDcyZDM3NDA1
OGFmZmIwNjAwZmQ3NDUzZjI2NzNkMjY1MGQ1OTc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWeDIZaMOupYLpGP6gsjH1D8/C0N/I0ZNV4cJ9ajBfYf+y
w8WJSP9bt3egmpAxSTYcRuXiOEefY96Zs/FzAVpu6R1nxb7An6eFDYkBmbH6gFtG
oi3w0xd9Ru9Ou5fIVmVGaWVNZXKcZ+1DXJAmSY1s0bzAHzOyqv0StcxujYOFRpk8
vjhkQHEMDARn1Fhd8x29qxDnuXCMJV1OqnCNF2e10xc/TB8mBcKZoEjHOZI7me9Y
57w38BAl1iFtpDH1rB5bPJcAjN9r47bElGvM4YtSY3BBdMZjqTHYGUOjnHRjGwyf
s0hitR4Ivd/nXn3VVLoWlBGI+oIlCi4hY33Gj6NDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWzXvgSdj4JDH1rFiIuUybw0WeBYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NlNWIxN2FiLTJkYjktNDRkZC1hNjdiLTMwNTRlMzJhYzU1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXP34AwDQYJKoZIhvcNAQELBQADggEBAEfWMH7/UfqJb28bl1unP5tid8XA
oKOqgUT4hvDlpvbJNR0V/Fzd3+N/HVthgwSXU8kIBvv8RoTr9UaiAS0NVgVyfMs1
9ecHyobcAdl4RgfzGxmV5eEmTXhP6vm4MzuwlASGRT+H3B/1/YfS2Z+Nu/FONlio
pA889wtiT8iMVEIgOJnEkzbHwMNWMQ0nwgfNLVbJu1fQbREy7vOwYwgKwOmA19tQ
RhEaTvJyc1PUxKYkfhuRjQAy3LG7NFBVntN894YlYuxVKoNVWpxttzsVZTF+W7ur
cNxleVT36xPkJdGfDpuRmCWUscHCNC6ecWSU3ALHgwlVADaU+EwpIlbZEwk=
-----END CERTIFICATE-----