Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbde9fa8-e544-4380-8496-afbf5c2fb855.roa
File:                     dbde9fa8-e544-4380-8496-afbf5c2fb855.roa (raw, json)
Hash identifier:          nUAf74ElboCSW7nCCub7hYDvPbUanzhWUNAkIyOrGgI=
Subject key identifier:   F4:D7:19:74:86:2E:0F:17:47:BC:13:80:3E:0E:A2:DC:CB:AF:36:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5322EDDBF2D07D92A9538B078EDE9C15E460AEDB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbde9fa8-e544-4380-8496-afbf5c2fb855.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        188.230.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:22:ed:db:f2:d0:7d:92:a9:53:8b:07:8e:de:9c:15:e4:60:ae:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=cd78fc71c71521bed3057d4e2e0934631316c5ed631b64fd8975a6900768d879, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1e:f4:b0:28:d4:fd:bd:07:c6:14:16:f9:33:
                    5d:00:7a:13:9f:89:cf:f8:17:08:0a:7c:8a:5f:50:
                    16:38:51:b1:8c:0f:f0:58:74:b4:d1:69:49:9b:c5:
                    73:98:91:c2:c4:97:72:b6:81:af:5b:47:b5:ff:16:
                    21:2c:59:c5:b8:47:d2:33:46:e7:94:b6:b2:57:db:
                    77:33:28:d9:9a:b4:fa:ea:2f:a4:36:20:e6:68:b9:
                    29:17:07:15:d8:21:a4:fc:b5:ba:ef:9c:a4:12:b2:
                    c7:7a:39:0b:4b:75:f9:56:bb:35:1f:fa:d9:f8:96:
                    83:5b:0d:8b:e9:7b:ad:ed:3a:a1:0f:53:cb:76:a3:
                    97:9c:5b:26:ec:0d:f5:3b:26:02:2a:32:d7:7e:3f:
                    4f:eb:f7:d3:98:e4:24:68:5e:7e:2b:74:a1:2b:ea:
                    e1:5f:e7:55:6f:33:8c:12:1b:6c:10:3d:e2:48:39:
                    a3:99:9b:40:8d:69:3a:01:06:ba:2c:c0:da:e4:98:
                    d0:b7:5b:e2:fc:b7:69:c0:75:a0:b4:f1:0b:c2:69:
                    10:57:b4:c6:ff:fa:21:6f:06:eb:ee:59:d0:81:7b:
                    db:aa:76:2a:b9:2f:0b:42:f9:05:4a:f0:80:91:db:
                    33:4d:cc:bb:81:5d:bb:5e:fe:54:31:63:ff:ec:d5:
                    80:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:D7:19:74:86:2E:0F:17:47:BC:13:80:3E:0E:A2:DC:CB:AF:36:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dbde9fa8-e544-4380-8496-afbf5c2fb855.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.230.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         50:f5:89:6d:a4:b3:97:72:f2:2d:33:af:c2:3a:4a:a8:69:d2:
         c5:25:99:c0:9e:1e:14:9c:c9:70:4e:af:39:54:0b:96:e7:23:
         39:63:7a:f7:a0:5a:10:56:04:5f:b3:f9:1e:b0:aa:52:40:bb:
         1b:db:9b:72:d7:e1:85:b5:53:e0:59:89:a3:4d:02:1c:9e:fc:
         40:8c:f0:23:14:8a:21:63:14:8a:23:80:eb:fb:ab:45:f4:d6:
         eb:88:3d:39:02:90:75:81:05:e7:15:79:b4:d5:d0:6e:8f:67:
         5c:51:34:53:c1:96:72:df:37:17:70:8c:a0:01:70:f0:cb:a5:
         30:4a:6f:e8:19:1d:b3:fc:cb:88:1c:f0:7b:c6:d4:b3:80:07:
         e0:a4:9d:56:91:88:80:44:66:38:9b:24:4e:66:5c:73:de:92:
         a7:fd:7a:10:71:80:97:bb:b2:bd:7a:7e:05:54:fc:cc:cc:01:
         6b:91:fc:10:ce:ec:4a:46:e7:74:7b:b6:d2:fe:06:30:c3:0c:
         a2:2f:56:94:cf:99:8f:f9:84:8c:50:42:1a:7a:8a:7e:32:8b:
         d1:77:35:3c:63:dc:55:94:72:95:11:96:f1:32:d8:7f:2e:4c:
         ea:34:53:af:3b:76:03:ff:e4:45:5a:61:5d:85:30:48:5b:9a:
         17:7b:6e:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUyLt2/LQfZKpU4sHjt6cFeRgrtswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZDc4ZmM3MWM3MTUyMWJlZDMwNTdkNGUyZTA5MzQ2MzEz
MTZjNWVkNjMxYjY0ZmQ4OTc1YTY5MDA3NjhkODc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOHvSwKNT9vQfGFBb5M10AehOfic/4FwgKfIpfUBY4UbGM
D/BYdLTRaUmbxXOYkcLEl3K2ga9bR7X/FiEsWcW4R9IzRueUtrJX23czKNmatPrq
L6Q2IOZouSkXBxXYIaT8tbrvnKQSssd6OQtLdflWuzUf+tn4loNbDYvpe63tOqEP
U8t2o5ecWybsDfU7JgIqMtd+P0/r99OY5CRoXn4rdKEr6uFf51VvM4wSG2wQPeJI
OaOZm0CNaToBBroswNrkmNC3W+L8t2nAdaC08QvCaRBXtMb/+iFvBuvuWdCBe9uq
diq5LwtC+QVK8ICR2zNNzLuBXbte/lQxY//s1YC5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9NcZdIYuDxdHvBOAPg6i3MuvNkMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiZGU5ZmE4LWU1NDQtNDM4MC04NDk2LWFmYmY1YzJmYjg1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAe85gAwDQYJKoZIhvcNAQELBQADggEBAFD1iW2ks5dy8i0zr8I6Sqhp0sUl
mcCeHhScyXBOrzlUC5bnIzljevegWhBWBF+z+R6wqlJAuxvbm3LX4YW1U+BZiaNN
Ahye/ECM8CMUiiFjFIojgOv7q0X01uuIPTkCkHWBBecVebTV0G6PZ1xRNFPBlnLf
NxdwjKABcPDLpTBKb+gZHbP8y4gc8HvG1LOAB+CknVaRiIBEZjibJE5mXHPekqf9
ehBxgJe7sr16fgVU/MzMAWuR/BDO7EpG53R7ttL+BjDDDKIvVpTPmY/5hIxQQhp6
in4yi9F3NTxj3FWUcpURlvEy2H8uTOo0U687dgP/5EVaYV2FMEhbmhd7bl0=
-----END CERTIFICATE-----