Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e19152f2-cc3c-4ccb-97e0-a35df0db6723.roa
File:                     e19152f2-cc3c-4ccb-97e0-a35df0db6723.roa (raw, json)
Hash identifier:          7yGT8YowiEYFo8PJZ3LUkhMYcPmCZEYDsAC6uVLhf0k=
Subject key identifier:   90:3F:3D:FC:AD:36:58:50:22:C2:88:6F:A7:1C:B3:53:0F:DF:05:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D2A785863354653251B4819880324B659E4889A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e19152f2-cc3c-4ccb-97e0-a35df0db6723.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.231.96.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:2a:78:58:63:35:46:53:25:1b:48:19:88:03:24:b6:59:e4:88:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:31:f5:86:92:f3:7e:49:23:aa:36:32:3f:6d:
                    f7:5e:2d:ad:77:dd:7e:6b:f0:72:3f:ed:83:43:4b:
                    e9:b5:bb:4a:98:0e:10:ca:63:fb:fd:c6:85:89:ea:
                    cd:90:6a:f8:b5:3f:1e:d1:95:ca:5a:9c:e7:39:80:
                    84:2a:9d:20:ed:df:22:51:bb:51:1a:d2:01:46:3e:
                    f2:6c:55:51:53:02:c9:f9:7f:6f:6a:c6:52:56:ec:
                    20:e7:10:d0:aa:85:3f:51:79:29:4b:a4:bf:f3:5f:
                    c1:c2:c7:35:59:82:f4:47:49:50:be:64:67:67:1d:
                    2e:ca:e5:8d:93:20:06:f0:fa:67:5b:5f:ee:0b:dd:
                    e9:a0:e7:58:d4:b3:23:a4:27:c1:0f:08:42:7c:fe:
                    e5:06:81:ee:a0:2e:b2:2d:43:23:b8:ea:75:8f:a4:
                    b5:41:4e:9d:b9:f5:9a:3b:9b:32:21:6a:3c:94:bf:
                    de:43:74:bd:f1:31:dc:0e:ea:31:5c:d2:b6:a0:be:
                    44:21:dd:b1:06:c4:06:fa:e8:76:b9:bc:57:29:c9:
                    90:9e:ee:48:b9:a7:4f:63:7a:e9:b9:06:89:b7:98:
                    b2:e5:6d:ad:16:01:f2:aa:bc:9f:ab:25:20:d0:68:
                    36:dd:19:f4:ec:5c:3a:91:f3:32:0d:f7:d7:62:52:
                    7c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:3F:3D:FC:AD:36:58:50:22:C2:88:6F:A7:1C:B3:53:0F:DF:05:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e19152f2-cc3c-4ccb-97e0-a35df0db6723.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.231.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         7b:0c:8d:07:81:f4:81:d4:8c:bf:17:69:95:ed:bc:1b:73:07:
         7c:3a:ee:91:35:d6:e1:31:8a:b0:f5:18:6e:64:3d:7a:82:f1:
         63:6e:7e:4f:96:9d:30:eb:96:7c:19:6b:57:86:c9:99:35:f5:
         c2:cc:61:f2:4a:09:c1:e2:c2:b9:ef:52:12:2e:0c:45:81:58:
         91:1c:bc:35:b3:c9:7c:1f:50:21:4a:5d:05:b5:63:94:49:a7:
         e0:eb:dd:d8:13:e1:78:1d:1b:a7:d2:fa:f4:43:ad:67:2d:cb:
         be:3a:67:d2:7b:37:a5:aa:73:c4:67:e1:69:b0:d5:24:f9:be:
         12:3c:5b:9e:7d:5f:a7:70:e9:2d:8e:c5:df:5b:5f:70:00:3d:
         e5:4f:55:55:b0:fa:25:70:35:4f:22:de:b2:34:3a:ab:ac:d0:
         f8:ae:ed:a5:21:ff:4b:81:fe:af:8b:81:e4:f2:02:fb:bc:b3:
         d9:e4:0a:ce:26:2f:d7:64:8e:ae:c1:51:37:f0:15:6a:3a:65:
         f3:bb:8d:5d:f1:d2:65:01:c3:f5:81:df:a0:55:53:35:78:94:
         e6:69:6b:98:6a:74:fb:45:ab:28:a3:26:97:54:d2:9e:6a:5a:
         1c:61:a3:21:6e:fd:33:4a:71:81:43:44:e8:53:c1:16:0a:e5:
         1f:ce:44:84
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDSp4WGM1RlMlG0gZiAMktlnkiJowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzEwYzRjNzNiMjIyM2ZlOWRkMDQ1Njk3ZWRlYTlmMmU4
MGQyNjk0OTYyYzYzMjI4Y2ZjMDM1MWJkMjcwNDNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnMfWGkvN+SSOqNjI/bfdeLa133X5r8HI/7YNDS+m1u0qY
DhDKY/v9xoWJ6s2Qavi1Px7RlcpanOc5gIQqnSDt3yJRu1Ea0gFGPvJsVVFTAsn5
f29qxlJW7CDnENCqhT9ReSlLpL/zX8HCxzVZgvRHSVC+ZGdnHS7K5Y2TIAbw+mdb
X+4L3emg51jUsyOkJ8EPCEJ8/uUGge6gLrItQyO46nWPpLVBTp259Zo7mzIhajyU
v95DdL3xMdwO6jFc0ragvkQh3bEGxAb66Ha5vFcpyZCe7ki5p09jeum5Bom3mLLl
ba0WAfKqvJ+rJSDQaDbdGfTsXDqR8zIN99diUnyxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkD89/K02WFAiwohvpxyzUw/fBbYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UxOTE1MmYyLWNjM2MtNGNjYi05N2UwLWEzNWRmMGRiNjcyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXY52AwDQYJKoZIhvcNAQELBQADggEBAHsMjQeB9IHUjL8XaZXtvBtzB3w6
7pE11uExirD1GG5kPXqC8WNufk+WnTDrlnwZa1eGyZk19cLMYfJKCcHiwrnvUhIu
DEWBWJEcvDWzyXwfUCFKXQW1Y5RJp+Dr3dgT4XgdG6fS+vRDrWcty746Z9J7N6Wq
c8Rn4Wmw1ST5vhI8W559X6dw6S2Oxd9bX3AAPeVPVVWw+iVwNU8i3rI0Oqus0Piu
7aUh/0uB/q+LgeTyAvu8s9nkCs4mL9dkjq7BUTfwFWo6ZfO7jV3x0mUBw/WB36BV
UzV4lOZpa5hqdPtFqyijJpdU0p5qWhxhoyFu/TNKcYFDROhTwRYK5R/ORIQ=
-----END CERTIFICATE-----