Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8565160-197a-4008-b4b2-a00776aa71ff.roa
File:                     d8565160-197a-4008-b4b2-a00776aa71ff.roa (raw, json)
Hash identifier:          3Bswd1KLLRb7bgwErWFPtdnelVSHAaSNqddngdCG3fY=
Subject key identifier:   18:37:7F:3B:0C:44:13:CC:53:CD:D9:8E:C1:09:1F:91:6A:C1:3D:8E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09C43E1F9BED1315BEBB306D2714619A85124033
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8565160-197a-4008-b4b2-a00776aa71ff.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        71.141.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c4:3e:1f:9b:ed:13:15:be:bb:30:6d:27:14:61:9a:85:12:40:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=afe65b2ca89e112ac172f5792a89290edef9edd128999149b6abb63cfa9d0e1a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:69:b8:48:2c:a2:9b:dd:d3:83:7f:a0:03:6d:
                    84:72:00:ed:3c:99:fe:80:9d:43:7a:ff:0a:52:79:
                    04:d6:b3:50:f2:da:88:b1:93:b8:73:dd:2c:25:b5:
                    d0:bd:0f:c4:18:e2:0f:4e:82:e1:cc:1c:a4:8c:c3:
                    bd:07:a0:64:95:b2:70:27:78:e2:7e:4c:cf:0d:45:
                    f1:e3:df:1b:0c:ae:66:3d:54:2e:16:40:4e:c4:cb:
                    26:c7:b5:0a:db:ab:9c:27:25:af:76:d4:3e:aa:1a:
                    fd:eb:2c:97:f4:95:4e:f3:55:cd:f0:ed:e7:b7:75:
                    0a:8d:df:38:8a:c5:77:b9:b6:96:ba:3e:12:37:a8:
                    21:01:53:e7:e6:39:61:5b:f4:38:04:8e:5f:b3:48:
                    14:82:ef:34:c3:96:e2:5d:a2:35:28:8b:1b:be:de:
                    38:e8:c2:57:51:a7:3d:07:70:ec:ab:13:13:0e:d0:
                    6d:ea:57:fc:cd:30:bb:2b:96:0b:f7:4c:ce:1d:a2:
                    ab:9a:02:bd:8f:b6:c3:d9:b2:d2:8c:ce:99:bf:d2:
                    7c:9c:e5:e5:50:a3:af:7b:ab:d5:e8:a7:58:13:90:
                    a7:20:55:7c:fc:c9:14:38:57:a7:f1:95:d9:c3:35:
                    cb:08:dd:99:9d:70:76:db:e4:2b:00:fe:d4:12:49:
                    67:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:37:7F:3B:0C:44:13:CC:53:CD:D9:8E:C1:09:1F:91:6A:C1:3D:8E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8565160-197a-4008-b4b2-a00776aa71ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  71.141.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9c:aa:89:a1:b8:ab:06:1d:dd:49:bc:0f:8d:c0:dc:a7:b1:6b:
         84:81:71:4c:1c:9d:43:a8:df:03:75:52:58:fa:48:bf:cf:f2:
         4c:02:3f:94:dd:0b:dd:1e:88:36:b6:59:95:2a:a7:2e:e2:61:
         fe:57:5f:42:8b:04:79:c5:0f:e9:64:5c:f7:ed:8a:80:f0:83:
         d5:71:b8:96:7b:0b:03:ea:48:c7:f6:4a:9a:ff:59:9b:2f:81:
         f4:d2:a4:cb:d2:20:90:75:67:9a:73:e1:98:2e:b8:4f:33:f5:
         61:56:5d:c4:5f:b9:49:30:19:a6:51:8c:67:eb:30:ec:e9:e1:
         60:d7:44:c1:f0:52:53:8a:8c:8b:5d:eb:b7:67:6f:84:79:68:
         7a:f0:80:9d:83:51:98:9d:d1:9c:f1:c3:98:d1:7e:19:07:cd:
         52:50:d9:2f:26:3d:51:a4:6f:fb:79:5c:cd:38:6e:3d:7a:70:
         07:5a:92:4a:8c:55:60:d3:89:84:53:ff:fd:70:d3:87:40:34:
         7d:55:3b:bf:78:e3:8e:cb:ba:74:fb:71:3a:a3:e4:e5:35:7f:
         b7:5b:d6:a7:0d:f6:01:6b:97:b0:e7:14:c4:74:b3:ad:81:9e:
         a7:be:47:ca:ad:30:d4:7c:6b:a6:e0:d5:29:e8:d1:53:d4:bf:
         3b:46:31:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCcQ+H5vtExW+uzBtJxRhmoUSQDMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmU2NWIyY2E4OWUxMTJhYzE3MmY1NzkyYTg5MjkwZWRl
ZjllZGQxMjg5OTkxNDliNmFiYjYzY2ZhOWQwZTFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFabhILKKb3dODf6ADbYRyAO08mf6AnUN6/wpSeQTWs1Dy
2oixk7hz3SwltdC9D8QY4g9OguHMHKSMw70HoGSVsnAneOJ+TM8NRfHj3xsMrmY9
VC4WQE7EyybHtQrbq5wnJa921D6qGv3rLJf0lU7zVc3w7ee3dQqN3ziKxXe5tpa6
PhI3qCEBU+fmOWFb9DgEjl+zSBSC7zTDluJdojUoixu+3jjowldRpz0HcOyrExMO
0G3qV/zNMLsrlgv3TM4doquaAr2PtsPZstKMzpm/0nyc5eVQo697q9Xop1gTkKcg
VXz8yRQ4V6fxldnDNcsI3ZmdcHbb5CsA/tQSSWcTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGDd/OwxEE8xTzdmOwQkfkWrBPY4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NTY1MTYwLTE5N2EtNDAwOC1iNGIyLWEwMDc3NmFhNzFmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZHjYAwDQYJKoZIhvcNAQELBQADggEBAJyqiaG4qwYd3Um8D43A3Kexa4SB
cUwcnUOo3wN1Ulj6SL/P8kwCP5TdC90eiDa2WZUqpy7iYf5XX0KLBHnFD+lkXPft
ioDwg9VxuJZ7CwPqSMf2Spr/WZsvgfTSpMvSIJB1Z5pz4ZguuE8z9WFWXcRfuUkw
GaZRjGfrMOzp4WDXRMHwUlOKjItd67dnb4R5aHrwgJ2DUZid0Zzxw5jRfhkHzVJQ
2S8mPVGkb/t5XM04bj16cAdakkqMVWDTiYRT//1w04dANH1VO794447LunT7cTqj
5OU1f7db1qcN9gFrl7DnFMR0s62Bnqe+R8qtMNR8a6bg1Sno0VPUvztGMf4=
-----END CERTIFICATE-----