Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db6efa89-d2f9-4394-835e-88ed9bc81f37.roa
File:                     db6efa89-d2f9-4394-835e-88ed9bc81f37.roa (raw, json)
Hash identifier:          CTNqtc0U1uOIPC616dLdU1RdiVKo3lElAepwLawg1nY=
Subject key identifier:   88:5D:4A:28:BA:AC:75:BA:E1:71:4F:88:A8:9A:0C:26:A4:41:A7:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       42E6B1C289012448E74A6248D5E86656467075E6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db6efa89-d2f9-4394-835e-88ed9bc81f37.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        130.80.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:e6:b1:c2:89:01:24:48:e7:4a:62:48:d5:e8:66:56:46:70:75:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=04a92277f0f74ce3dc75ba4f70c113fd4692f8e7c8081763c073a70c11603b04, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:88:f2:de:ae:0e:90:80:ba:0f:36:53:a1:f1:
                    e4:44:96:98:03:64:e5:0f:f8:2c:de:7d:d1:40:cb:
                    4a:c0:36:5e:e8:d4:94:dc:f0:a2:80:d0:6d:ea:a5:
                    29:01:09:e1:df:11:89:f4:ae:ca:34:2e:cd:73:5a:
                    14:b8:c0:95:53:dc:ee:89:64:ee:26:ab:87:25:08:
                    46:50:70:60:35:da:fe:72:e7:2c:5f:39:3a:e1:a9:
                    2a:8f:33:7b:14:93:be:06:81:96:94:4e:72:5e:1c:
                    e1:88:eb:97:7b:55:b4:af:04:c3:74:71:78:4b:0d:
                    0f:51:0a:61:32:0a:f2:7e:c8:6f:9a:b3:34:b9:c1:
                    9b:73:a2:6c:1d:d7:9f:97:3e:95:16:54:a5:be:1c:
                    ea:59:25:95:fb:13:ea:77:db:21:ac:6e:fc:11:5d:
                    0b:bf:27:1a:70:19:5c:67:43:a8:a6:a9:8b:54:65:
                    e2:12:c7:2c:04:73:3d:3b:d7:30:b5:e3:33:d3:08:
                    a3:29:21:08:5d:6f:cf:87:e1:42:c8:44:84:8f:59:
                    ed:11:c0:00:d1:75:61:af:85:67:11:b5:a5:bb:cb:
                    fb:31:25:2a:08:55:bb:01:89:b0:c0:6d:16:1d:dc:
                    1a:cc:7a:8c:0b:08:99:a1:f4:06:65:94:d5:21:99:
                    21:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5D:4A:28:BA:AC:75:BA:E1:71:4F:88:A8:9A:0C:26:A4:41:A7:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db6efa89-d2f9-4394-835e-88ed9bc81f37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.80.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         85:0a:0a:99:ac:57:3b:bf:d1:a9:fe:c2:ea:6c:96:46:bf:e7:
         5c:d2:25:96:c3:4e:8a:df:84:9c:a5:a1:33:33:80:bd:ba:66:
         48:77:f0:06:0c:f4:86:3d:ec:ef:7e:a7:d8:b4:1f:48:2d:82:
         b1:4a:08:ce:e9:09:d0:63:5a:61:0a:04:36:7d:72:81:38:e6:
         5c:10:aa:11:ec:e9:a3:34:8f:2d:73:92:20:e4:e0:42:fa:ad:
         1a:f6:99:9e:60:4d:e6:d9:5d:cf:aa:df:cf:7a:91:1a:cd:6e:
         0e:a0:95:d4:cb:d9:fd:83:e0:a9:43:04:26:1b:ae:84:1e:49:
         d9:82:07:ff:7e:88:2b:4d:3f:e7:47:e9:3e:88:b4:8f:4b:66:
         03:6c:ec:e0:e1:ee:85:7f:9e:4c:9b:87:43:36:cb:df:ac:fc:
         d4:fa:b3:5e:88:94:97:e7:20:e3:a9:31:96:f3:f2:ef:51:75:
         cb:cf:79:77:be:5d:cb:a9:9d:e4:c4:29:9a:9b:4c:e0:b8:4e:
         29:a0:3b:70:f5:56:0f:65:87:b3:e7:d3:89:49:d3:ba:8b:35:
         82:d5:63:1a:b6:85:c3:fa:39:18:5d:03:c3:23:ea:8d:06:f1:
         2f:68:2f:3d:82:9b:0d:9a:76:14:df:58:59:76:9a:cb:67:7f:
         fb:04:1b:54
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQuaxwokBJEjnSmJI1ehmVkZwdeYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNGE5MjI3N2YwZjc0Y2UzZGM3NWJhNGY3MGMxMTNmZDQ2
OTJmOGU3YzgwODE3NjNjMDczYTcwYzExNjAzYjA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWiPLerg6QgLoPNlOh8eRElpgDZOUP+CzefdFAy0rANl7o
1JTc8KKA0G3qpSkBCeHfEYn0rso0Ls1zWhS4wJVT3O6JZO4mq4clCEZQcGA12v5y
5yxfOTrhqSqPM3sUk74GgZaUTnJeHOGI65d7VbSvBMN0cXhLDQ9RCmEyCvJ+yG+a
szS5wZtzomwd15+XPpUWVKW+HOpZJZX7E+p32yGsbvwRXQu/JxpwGVxnQ6imqYtU
ZeISxywEcz071zC14zPTCKMpIQhdb8+H4ULIRISPWe0RwADRdWGvhWcRtaW7y/sx
JSoIVbsBibDAbRYd3BrMeowLCJmh9AZllNUhmSEFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiF1KKLqsdbrhcU+IqJoMJqRBpzcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiNmVmYTg5LWQyZjktNDM5NC04MzVlLTg4ZWQ5YmM4MWYzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCCUDANBgkqhkiG9w0BAQsFAAOCAQEAhQoKmaxXO7/Rqf7C6myWRr/nXNIl
lsNOit+EnKWhMzOAvbpmSHfwBgz0hj3s736n2LQfSC2CsUoIzukJ0GNaYQoENn1y
gTjmXBCqEezpozSPLXOSIOTgQvqtGvaZnmBN5tldz6rfz3qRGs1uDqCV1MvZ/YPg
qUMEJhuuhB5J2YIH/36IK00/50fpPoi0j0tmA2zs4OHuhX+eTJuHQzbL36z81Pqz
XoiUl+cg46kxlvPy71F1y895d75dy6md5MQpmptM4LhOKaA7cPVWD2WHs+fTiUnT
uos1gtVjGraFw/o5GF0DwyPqjQbxL2gvPYKbDZp2FN9YWXaay2d/+wQbVA==
-----END CERTIFICATE-----