Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9f0f335-7b4f-4214-870c-d871c2bede87.roa
File:                     d9f0f335-7b4f-4214-870c-d871c2bede87.roa (raw, json)
Hash identifier:          RzddVgebgP3935f4t1n1ojg+Uez4K41PgueVLxvPmkM=
Subject key identifier:   D8:F9:A3:9B:9E:FF:E7:FC:3E:92:81:7F:6E:0A:C1:69:45:2E:B9:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C01D980CE3BA439060E028061D8F883530FD8DE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9f0f335-7b4f-4214-870c-d871c2bede87.roa
Signing time:             Tue 26 Nov 2024 00:00:00 +0000
ROA not before:           Tue 26 Nov 2024 00:00:00 +0000
ROA not after:            Tue 31 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        162.222.148.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:01:d9:80:ce:3b:a4:39:06:0e:02:80:61:d8:f8:83:53:0f:d8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 26 00:00:00 2024 GMT
            Not After : Dec 31 23:59:59 2024 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:62:e5:fe:04:20:c7:cb:e4:d8:5f:29:0f:89:
                    34:2c:57:bc:ab:6a:33:e0:65:cb:79:04:91:85:72:
                    2e:04:ea:9a:26:e0:0b:b6:ee:73:8a:f0:66:f0:4a:
                    a5:cd:16:57:a6:91:b2:a2:1f:f5:c6:4f:d6:ec:7c:
                    40:7a:3d:d3:3d:3b:c3:01:8d:23:d3:50:18:c8:3d:
                    cf:fb:2a:5d:12:77:63:6d:aa:0b:d1:c5:56:0c:82:
                    3c:b5:c9:4c:36:49:5e:ec:d4:3a:41:18:96:1d:0a:
                    0a:f9:51:8e:95:0b:2d:99:04:39:5a:64:2a:18:a1:
                    0c:d9:07:f2:b1:43:0f:94:ca:4f:54:09:6e:bd:0c:
                    9c:f3:d1:56:66:83:d1:4d:09:16:86:c6:fb:d6:3a:
                    13:c1:ee:83:8e:e3:b8:c0:ce:1a:50:78:fd:ec:57:
                    d9:62:55:4a:d2:aa:d6:07:0a:73:a2:f2:74:25:07:
                    e9:8b:b1:16:cc:e7:89:de:45:4d:fa:f7:65:30:97:
                    15:1f:ff:a7:7e:1a:aa:72:90:47:28:66:05:d9:34:
                    c9:75:d1:30:d9:bf:f9:74:e7:66:7f:68:f6:97:0f:
                    37:d7:b3:5b:2f:11:cd:f3:5d:ad:a0:90:f2:fa:0c:
                    07:1c:dd:40:8a:e6:38:4a:dc:fb:d5:8e:42:a0:75:
                    f1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F9:A3:9B:9E:FF:E7:FC:3E:92:81:7F:6E:0A:C1:69:45:2E:B9:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d9f0f335-7b4f-4214-870c-d871c2bede87.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.222.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:5e:51:e2:72:52:0d:af:eb:b1:5a:51:08:48:a2:07:80:11:
         70:79:26:45:a2:c6:cf:00:7d:d3:7f:08:f1:e3:6a:ac:13:0c:
         9c:34:a5:bb:b7:85:6f:28:51:a8:81:6a:c1:4b:59:83:c0:0d:
         49:0e:f7:00:8f:2f:ae:27:33:1b:d9:56:97:06:df:1d:f6:0a:
         f5:93:92:f3:f0:fd:ea:19:53:de:43:77:a6:38:c0:5d:04:73:
         99:0b:3d:e9:4e:26:06:a1:c9:d3:2f:bb:32:5a:62:68:df:a6:
         6f:ce:4c:ca:5e:b0:18:13:ca:de:2e:8b:17:ac:b4:fc:82:72:
         df:ee:a9:44:cc:a3:31:5d:5d:15:1c:dc:83:d6:b6:93:72:28:
         e1:87:43:a8:78:42:b0:98:e1:2e:6b:bf:81:ce:55:9b:af:d3:
         36:0a:3b:95:a9:c1:d7:e5:9e:78:1b:9f:ee:89:7a:b3:a4:89:
         07:4c:03:5d:87:71:2e:6a:38:f4:5e:2b:06:74:fa:1c:8d:ad:
         d1:1b:29:eb:00:01:30:5a:1d:5f:da:59:ca:f6:a0:6c:8b:24:
         e4:68:12:3b:ee:a1:c3:6f:1e:38:e1:28:2b:36:38:58:08:53:
         91:1a:2e:41:5f:0d:0a:e0:2c:70:58:77:37:8c:c2:52:39:97:
         c7:8e:1b:7e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfAHZgM47pDkGDgKAYdj4g1MP2N4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI2MDAwMDAwWhcNMjQxMjMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZmM1MTUwOTk3NWY3ZjQ0YTYzOTNmNmJjMWUyY2Q0NjMw
ZWRjMWY0YTQ1MTdjYTAxZmRjNGIxZWJmNGU3ZjExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgYuX+BCDHy+TYXykPiTQsV7yrajPgZct5BJGFci4E6pom
4Au27nOK8GbwSqXNFlemkbKiH/XGT9bsfEB6PdM9O8MBjSPTUBjIPc/7Kl0Sd2Nt
qgvRxVYMgjy1yUw2SV7s1DpBGJYdCgr5UY6VCy2ZBDlaZCoYoQzZB/KxQw+Uyk9U
CW69DJzz0VZmg9FNCRaGxvvWOhPB7oOO47jAzhpQeP3sV9liVUrSqtYHCnOi8nQl
B+mLsRbM54neRU3692UwlxUf/6d+GqpykEcoZgXZNMl10TDZv/l052Z/aPaXDzfX
s1svEc3zXa2gkPL6DAcc3UCK5jhK3PvVjkKgdfFNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2Pmjm57/5/w+koF/bgrBaUUuuZgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5ZjBmMzM1LTdiNGYtNDIxNC04NzBjLWQ4NzFjMmJlZGU4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKi3pQwDQYJKoZIhvcNAQELBQADggEBAGFeUeJyUg2v67FaUQhIogeAEXB5
JkWixs8AfdN/CPHjaqwTDJw0pbu3hW8oUaiBasFLWYPADUkO9wCPL64nMxvZVpcG
3x32CvWTkvPw/eoZU95Dd6Y4wF0Ec5kLPelOJgahydMvuzJaYmjfpm/OTMpesBgT
yt4uixestPyCct/uqUTMozFdXRUc3IPWtpNyKOGHQ6h4QrCY4S5rv4HOVZuv0zYK
O5Wpwdflnngbn+6JerOkiQdMA12HcS5qOPReKwZ0+hyNrdEbKesAATBaHV/aWcr2
oGyLJORoEjvuocNvHjjhKCs2OFgIU5EaLkFfDQrgLHBYdzeMwlI5l8eOG34=
-----END CERTIFICATE-----