Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0cde8e1-fa51-48b3-ab33-6573586226a9.roa
File:                     d0cde8e1-fa51-48b3-ab33-6573586226a9.roa (raw, json)
Hash identifier:          PB6fJO+uBPZVErdRXMEXDNKTIohPBTGe3Gjum00cfrM=
Subject key identifier:   2A:18:4A:4C:08:E1:85:C4:FC:DF:60:20:71:E2:70:F6:59:41:C3:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C652CDFE8E53DC1B3F7DFB444DC6721BC9BBC5A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0cde8e1-fa51-48b3-ab33-6573586226a9.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        162.213.232.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:65:2c:df:e8:e5:3d:c1:b3:f7:df:b4:44:dc:67:21:bc:9b:bc:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=23af3f4829e7a1e86b68fecce2b47a3d8499e8b1fdf94c4b24c31463eb2e8bfb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:94:16:aa:be:a7:f9:50:fe:43:c4:bc:4d:e6:
                    ac:9f:8d:90:26:51:b6:39:09:a6:5f:04:6c:6c:0d:
                    1d:57:c5:b1:c0:46:e7:b5:88:23:50:17:b7:67:90:
                    d2:c4:a1:1c:44:18:f3:73:85:03:03:6b:97:7c:49:
                    15:95:18:30:20:d3:eb:bb:2a:08:40:8d:58:27:0b:
                    91:08:0b:ae:0d:ab:9e:77:ca:09:64:4b:08:84:32:
                    be:99:61:0d:5b:54:64:03:a2:93:93:42:7d:b7:2f:
                    5e:cc:59:c8:73:54:4f:4a:e4:f6:b6:ea:d1:d8:4e:
                    3a:36:5e:5e:2c:68:5d:5b:62:56:45:82:44:0d:c5:
                    41:72:85:1b:23:61:3f:a2:c1:5d:99:8d:eb:8a:11:
                    55:57:94:bb:91:88:b5:31:81:de:09:fe:96:f4:39:
                    92:e5:f7:bf:6e:8c:3e:1d:30:12:d6:41:97:1b:1e:
                    0b:22:0d:d7:da:d8:ff:1e:fb:08:12:79:7f:6b:63:
                    43:98:33:ad:09:a0:e7:ab:bf:a5:fd:f4:d6:c2:f6:
                    cc:b8:2d:59:ac:f5:48:59:e0:3f:f3:e6:5c:c1:e2:
                    d2:70:04:8c:e4:e5:78:a4:4b:9e:11:b7:18:78:f6:
                    1a:45:a7:c6:37:76:72:8b:2f:c1:78:23:d8:63:2c:
                    59:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:18:4A:4C:08:E1:85:C4:FC:DF:60:20:71:E2:70:F6:59:41:C3:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d0cde8e1-fa51-48b3-ab33-6573586226a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.213.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:4c:93:dd:a8:9d:fd:ff:3c:d8:b3:a1:22:15:25:54:40:ef:
         2c:33:61:9f:f7:dc:ed:ac:66:9d:58:e1:b0:cd:ac:24:04:fd:
         75:00:62:09:0c:08:01:8c:41:20:22:f6:55:84:93:cf:62:ff:
         ed:62:1f:00:47:39:b4:49:ae:95:c3:0b:e6:2c:fc:41:da:a0:
         aa:74:26:b6:45:a4:7c:f0:c0:e7:6a:93:58:51:a5:3f:af:ca:
         8d:09:2f:75:6b:a5:ba:c4:58:9d:65:cb:5f:33:81:63:54:a4:
         37:02:6c:7f:f1:b7:8f:23:c9:46:1b:b6:82:44:7c:da:f9:39:
         50:ba:68:50:f3:f7:42:df:1a:f8:8f:c5:54:be:3f:30:97:38:
         2e:a2:18:05:f1:38:75:7f:b6:8d:94:8d:7f:e4:e1:62:39:8b:
         10:ef:b3:15:32:d5:9e:57:25:f3:bd:28:e1:4b:6e:de:83:de:
         c0:07:f5:17:d2:78:70:5d:d9:9e:c8:12:ba:c7:30:ef:56:03:
         52:1a:fe:c7:84:ea:d3:80:9a:38:56:41:a2:13:f8:b0:bd:f1:
         6f:29:24:0b:e0:f1:cd:1a:9f:8d:4f:e6:f0:6c:5c:c7:3f:b3:
         1d:23:6d:53:49:c5:b1:f6:5d:23:58:d3:57:f9:9e:05:77:18:
         25:94:a2:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPGUs3+jlPcGz99+0RNxnIbybvFowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2FmM2Y0ODI5ZTdhMWU4NmI2OGZlY2NlMmI0N2EzZDg0
OTllOGIxZmRmOTRjNGIyNGMzMTQ2M2ViMmU4YmZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDelBaqvqf5UP5DxLxN5qyfjZAmUbY5CaZfBGxsDR1XxbHA
Rue1iCNQF7dnkNLEoRxEGPNzhQMDa5d8SRWVGDAg0+u7KghAjVgnC5EIC64Nq553
yglkSwiEMr6ZYQ1bVGQDopOTQn23L17MWchzVE9K5Pa26tHYTjo2Xl4saF1bYlZF
gkQNxUFyhRsjYT+iwV2ZjeuKEVVXlLuRiLUxgd4J/pb0OZLl979ujD4dMBLWQZcb
HgsiDdfa2P8e+wgSeX9rY0OYM60JoOerv6X99NbC9sy4LVms9UhZ4D/z5lzB4tJw
BIzk5XikS54Rtxh49hpFp8Y3dnKLL8F4I9hjLFmpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKhhKTAjhhcT832AgceJw9llBw+0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QwY2RlOGUxLWZhNTEtNDhiMy1hYjMzLTY1NzM1ODYyMjZhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKi1egwDQYJKoZIhvcNAQELBQADggEBAGtMk92onf3/PNizoSIVJVRA7ywz
YZ/33O2sZp1Y4bDNrCQE/XUAYgkMCAGMQSAi9lWEk89i/+1iHwBHObRJrpXDC+Ys
/EHaoKp0JrZFpHzwwOdqk1hRpT+vyo0JL3VrpbrEWJ1ly18zgWNUpDcCbH/xt48j
yUYbtoJEfNr5OVC6aFDz90LfGviPxVS+PzCXOC6iGAXxOHV/to2UjX/k4WI5ixDv
sxUy1Z5XJfO9KOFLbt6D3sAH9RfSeHBd2Z7IErrHMO9WA1Ia/seE6tOAmjhWQaIT
+LC98W8pJAvg8c0an41P5vBsXMc/sx0jbVNJxbH2XSNY01f5ngV3GCWUoqE=
-----END CERTIFICATE-----