Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da37b88f-f8e8-4601-b9f8-7396c546a739.roa
File:                     da37b88f-f8e8-4601-b9f8-7396c546a739.roa (raw, json)
Hash identifier:          M5mdxm04ZsK+4pq3GrzmmZXBTtWb0T0aTzcbsrJ6EZY=
Subject key identifier:   19:CE:DA:0D:74:DA:76:92:70:9A:70:CD:14:F6:00:19:C2:F9:10:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74001E59DCFD5762A6C18D17E92A53AFF163CCE1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da37b88f-f8e8-4601-b9f8-7396c546a739.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        45.57.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:00:1e:59:dc:fd:57:62:a6:c1:8d:17:e9:2a:53:af:f1:63:cc:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=c171ece8186b14c148018d97252d53418e6dbcbb128f40c1f577e3068dd5778b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1d:8e:b6:12:2c:3c:4b:40:ab:e5:99:b9:53:
                    a4:9a:e9:71:97:d3:ca:cc:8d:07:d4:8d:f4:15:69:
                    f0:9d:22:f0:0a:65:f3:9f:04:6a:38:9e:e0:39:87:
                    dd:40:50:31:e2:0e:c4:a7:03:ec:05:25:63:fe:a5:
                    5e:ba:02:6f:54:a2:0f:8b:09:d6:9a:89:8b:74:7a:
                    d9:b3:b5:22:84:1e:ee:36:f1:91:8e:75:9e:50:19:
                    75:fe:f8:ab:0a:ae:42:f9:b0:6b:ae:15:22:77:3e:
                    b8:1c:b1:ba:b8:87:31:4b:eb:e5:1a:89:b7:48:8d:
                    36:00:e9:bf:38:45:21:94:56:b6:c6:be:b3:db:b5:
                    e6:84:d8:5b:87:3f:49:34:d9:d4:40:3f:30:43:d5:
                    0d:93:8f:6e:84:bb:58:a3:6c:da:34:61:86:b5:16:
                    b4:f0:13:4f:ab:13:64:b8:95:61:ae:b9:2f:58:be:
                    cb:64:a9:69:09:2c:49:d7:ff:93:62:c5:04:3e:8c:
                    c9:50:26:8b:ec:77:66:e1:62:fa:aa:a8:49:21:5d:
                    5b:df:6a:31:88:72:de:55:2d:c7:56:66:34:0c:22:
                    78:60:9c:db:b7:61:f5:61:fd:a5:f3:c5:11:10:80:
                    00:23:03:d1:dd:6e:53:67:f0:c5:b2:4e:f1:fb:7f:
                    1b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:CE:DA:0D:74:DA:76:92:70:9A:70:CD:14:F6:00:19:C2:F9:10:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da37b88f-f8e8-4601-b9f8-7396c546a739.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.57.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         9b:2b:79:e9:22:5d:53:b5:8c:aa:ac:49:a1:3a:37:1b:93:eb:
         0a:b4:d0:5f:aa:1d:92:d1:2f:73:95:59:90:0c:ef:8a:2e:13:
         01:f4:ce:92:72:27:7c:66:18:4a:ea:b8:7e:91:11:84:e5:f0:
         75:b3:91:85:e8:e3:20:51:d3:70:d9:82:e9:a7:46:1d:ca:02:
         ae:ff:12:80:ba:e5:4b:4e:40:a4:cf:86:8d:73:e5:b2:a8:cc:
         0b:dd:9a:3f:b4:66:56:ca:e4:ca:6d:97:36:26:eb:93:0d:9e:
         e5:ec:37:3d:b6:65:b5:e9:93:7e:a7:0c:f2:b7:75:3e:c6:3e:
         0d:2c:3b:c6:49:50:57:08:48:44:65:eb:7c:b5:d4:ce:83:14:
         4d:aa:25:01:a4:f8:0f:b1:5c:1f:dc:b8:4f:c2:59:a8:ea:74:
         4d:42:b1:aa:fa:7f:68:01:a0:b9:58:81:2a:8c:36:02:e5:4c:
         d3:55:3b:a0:88:94:d2:7e:2a:00:ac:c8:5c:63:92:6e:d4:d6:
         d1:f9:0e:66:f5:03:07:99:57:9e:3c:1f:5c:fd:cb:2f:fc:51:
         7b:a4:b0:20:d5:e2:e7:0d:2c:d0:55:9f:dc:ef:bc:1d:83:c2:
         06:2d:cc:b1:a9:94:29:df:a7:85:89:f6:49:b2:00:4a:9f:9b:
         39:f5:24:ed
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdAAeWdz9V2KmwY0X6SpTr/FjzOEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTcxZWNlODE4NmIxNGMxNDgwMThkOTcyNTJkNTM0MThl
NmRiY2JiMTI4ZjQwYzFmNTc3ZTMwNjhkZDU3NzhiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfHY62Eiw8S0Cr5Zm5U6Sa6XGX08rMjQfUjfQVafCdIvAK
ZfOfBGo4nuA5h91AUDHiDsSnA+wFJWP+pV66Am9Uog+LCdaaiYt0etmztSKEHu42
8ZGOdZ5QGXX++KsKrkL5sGuuFSJ3Prgcsbq4hzFL6+UaibdIjTYA6b84RSGUVrbG
vrPbteaE2FuHP0k02dRAPzBD1Q2Tj26Eu1ijbNo0YYa1FrTwE0+rE2S4lWGuuS9Y
vstkqWkJLEnX/5NixQQ+jMlQJovsd2bhYvqqqEkhXVvfajGIct5VLcdWZjQMInhg
nNu3YfVh/aXzxREQgAAjA9HdblNn8MWyTvH7fxtBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGc7aDXTadpJwmnDNFPYAGcL5EFQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhMzdiODhmLWY4ZTgtNDYwMS1iOWY4LTczOTZjNTQ2YTczOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBActOYAwDQYJKoZIhvcNAQELBQADggEBAJsreekiXVO1jKqsSaE6NxuT6wq0
0F+qHZLRL3OVWZAM74ouEwH0zpJyJ3xmGErquH6REYTl8HWzkYXo4yBR03DZgumn
Rh3KAq7/EoC65UtOQKTPho1z5bKozAvdmj+0ZlbK5MptlzYm65MNnuXsNz22ZbXp
k36nDPK3dT7GPg0sO8ZJUFcISERl63y11M6DFE2qJQGk+A+xXB/cuE/CWajqdE1C
sar6f2gBoLlYgSqMNgLlTNNVO6CIlNJ+KgCsyFxjkm7U1tH5Dmb1AweZV548H1z9
yy/8UXuksCDV4ucNLNBVn9zvvB2DwgYtzLGplCnfp4WJ9kmyAEqfmzn1JO0=
-----END CERTIFICATE-----