Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db70529a-6a28-4ed3-bc38-489f2effa0ea.roa
File:                     db70529a-6a28-4ed3-bc38-489f2effa0ea.roa (raw, json)
Hash identifier:          GeDOV1GcrGib2B3YaG1r3mSfp95PDULIGbQKFaI4Rhk=
Subject key identifier:   EC:DE:E8:90:FD:88:C2:EC:36:E1:6D:26:E2:47:30:95:70:1B:54:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49C82926D6F89FFD46BDE0D4C113B780748AAE56
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db70529a-6a28-4ed3-bc38-489f2effa0ea.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        64.252.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:c8:29:26:d6:f8:9f:fd:46:bd:e0:d4:c1:13:b7:80:74:8a:ae:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=902c238b4af15b8412077c2c2ef16d3636826daf5d1f81432c31a5c41bcb47da, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:32:a8:bc:ae:05:30:02:cd:62:91:30:0b:8b:
                    1d:fb:69:f3:5d:33:33:bb:87:09:4a:3d:57:20:81:
                    e6:66:7a:72:4c:51:65:20:c0:68:43:df:87:c3:03:
                    fc:22:15:3b:b7:87:c9:1d:30:cc:cb:95:6d:fe:3a:
                    8a:3d:d3:f5:94:5e:33:10:3a:05:e3:28:3e:36:a7:
                    ba:f4:0d:30:28:9b:08:0a:0f:bd:eb:e0:05:96:81:
                    b5:85:0d:07:86:09:5e:30:8c:df:a1:96:7f:13:d3:
                    b0:6a:5a:fa:54:bc:0b:c5:65:66:aa:e1:bb:ef:ec:
                    23:f8:1a:5a:16:a5:53:83:38:ac:de:dd:6a:dc:4f:
                    14:da:7a:66:97:e0:c3:80:0d:7a:12:ad:5b:da:38:
                    b1:86:a0:7a:cc:23:cd:86:ff:03:a2:2f:f8:22:46:
                    2e:68:77:6c:f6:25:b2:64:d2:8b:6b:87:0f:6c:9f:
                    3c:f5:d3:93:20:63:ba:08:cb:4e:fb:af:d5:fc:dc:
                    c1:3a:eb:9f:9b:ec:1b:b3:f1:52:fc:b4:2c:83:16:
                    5d:95:d1:c7:ec:36:a1:24:38:4c:92:8a:03:e9:3b:
                    3a:68:c4:3b:8e:a6:2a:84:14:70:9a:60:05:d2:70:
                    06:06:9e:e6:1b:26:a6:42:30:6c:cb:6f:77:64:a1:
                    24:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:DE:E8:90:FD:88:C2:EC:36:E1:6D:26:E2:47:30:95:70:1B:54:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db70529a-6a28-4ed3-bc38-489f2effa0ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.252.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         46:2f:87:3c:aa:77:cc:65:f3:6e:b4:b0:10:00:a9:bc:19:4e:
         81:58:3b:e1:7d:91:6f:d9:3b:ef:2f:74:f1:fa:3a:f5:4a:8f:
         e6:1f:2e:5c:85:2a:0e:e6:04:83:bd:82:a9:f0:1e:7d:85:2d:
         47:f5:be:2c:44:7f:26:d4:b8:3f:61:16:30:e2:7b:11:d2:46:
         6e:02:d7:98:0c:bf:ce:9f:7d:2e:e5:53:b4:db:97:94:4f:f3:
         8b:ff:c6:0b:9a:ce:6c:67:27:f4:7d:b0:07:57:61:fa:91:f4:
         cd:e3:10:df:a0:26:9a:76:98:b8:1d:f8:83:31:96:37:0f:38:
         4c:f4:d4:90:6c:14:c2:41:0f:a8:d4:62:2a:62:a3:74:3d:ba:
         bd:ef:cb:d5:35:7c:4b:b4:61:ec:8a:98:8b:5b:8c:09:6e:27:
         a6:bb:9e:ab:a3:a8:79:69:c1:f0:0f:6e:a2:74:31:3a:21:66:
         da:3a:0e:19:3e:48:95:f3:55:6f:f1:49:80:9e:ac:8b:0f:bd:
         36:27:be:86:f2:5a:b7:e6:89:71:1c:66:ec:56:6e:f6:dd:b5:
         af:f4:1e:91:2a:c1:cf:90:95:20:65:36:56:9a:fb:16:14:29:
         ed:8f:c4:7e:ad:25:75:eb:97:89:d8:c1:81:65:c3:f0:39:70:
         28:e4:f9:80
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUScgpJtb4n/1GveDUwRO3gHSKrlYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDJjMjM4YjRhZjE1Yjg0MTIwNzdjMmMyZWYxNmQzNjM2
ODI2ZGFmNWQxZjgxNDMyYzMxYTVjNDFiY2I0N2RhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+Mqi8rgUwAs1ikTALix37afNdMzO7hwlKPVcggeZmenJM
UWUgwGhD34fDA/wiFTu3h8kdMMzLlW3+Ooo90/WUXjMQOgXjKD42p7r0DTAomwgK
D73r4AWWgbWFDQeGCV4wjN+hln8T07BqWvpUvAvFZWaq4bvv7CP4GloWpVODOKze
3WrcTxTaemaX4MOADXoSrVvaOLGGoHrMI82G/wOiL/giRi5od2z2JbJk0otrhw9s
nzz105MgY7oIy077r9X83ME665+b7Buz8VL8tCyDFl2V0cfsNqEkOEySigPpOzpo
xDuOpiqEFHCaYAXScAYGnuYbJqZCMGzLb3dkoSQlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7N7okP2Iwuw24W0m4kcwlXAbVHcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiNzA1MjlhLTZhMjgtNGVkMy1iYzM4LTQ4OWYyZWZmYTBlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZA/EAwDQYJKoZIhvcNAQELBQADggEBAEYvhzyqd8xl8260sBAAqbwZToFY
O+F9kW/ZO+8vdPH6OvVKj+YfLlyFKg7mBIO9gqnwHn2FLUf1vixEfybUuD9hFjDi
exHSRm4C15gMv86ffS7lU7Tbl5RP84v/xguazmxnJ/R9sAdXYfqR9M3jEN+gJpp2
mLgd+IMxljcPOEz01JBsFMJBD6jUYipio3Q9ur3vy9U1fEu0YeyKmItbjAluJ6a7
nqujqHlpwfAPbqJ0MTohZto6Dhk+SJXzVW/xSYCerIsPvTYnvobyWrfmiXEcZuxW
bvbdta/0HpEqwc+QlSBlNlaa+xYUKe2PxH6tJXXrl4nYwYFlw/A5cCjk+YA=
-----END CERTIFICATE-----