Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb227c97-7acf-42a8-a0c3-658e0db984fd.roa
File:                     eb227c97-7acf-42a8-a0c3-658e0db984fd.roa (raw, json)
Hash identifier:          s9t3ZTEtHMLr3caRw5PR8QYMh+cKQ/U0FTO3qGvKvx8=
Subject key identifier:   9A:F3:58:97:6C:2F:DA:07:3B:71:DE:ED:D7:8D:ED:A5:FA:77:8B:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3464318A05246882960B2B82A90EDCB7471510B1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb227c97-7acf-42a8-a0c3-658e0db984fd.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        96.0.8.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:64:31:8a:05:24:68:82:96:0b:2b:82:a9:0e:dc:b7:47:15:10:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=c8b009e36bfac129f17f6735dbec59480a6b86ec6cdc6f174e5796862d64e561, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:d5:51:51:31:7e:eb:aa:1b:81:d6:ad:2c:ae:
                    48:c2:42:0b:44:1c:80:67:77:ab:c7:d3:fa:12:95:
                    08:48:f1:19:fb:dd:2b:82:5d:55:d3:df:77:6c:8d:
                    05:7c:c3:ee:3a:6f:f4:14:c4:e7:2c:ee:82:30:30:
                    4c:94:e8:e7:ee:12:92:05:56:5a:88:03:32:e5:46:
                    98:02:a9:e3:85:af:c8:b1:1e:fc:d9:b0:26:fd:de:
                    44:4f:c3:8c:e4:14:d2:dc:13:ed:8c:94:25:73:42:
                    ea:f4:52:b5:0d:e5:62:3a:20:03:9d:0f:8c:c8:d6:
                    55:8e:9f:04:64:47:0a:d3:ef:dd:17:70:f4:3e:b1:
                    bd:2e:ba:a9:36:73:f9:fd:19:be:5e:5c:9d:39:53:
                    41:26:7e:84:f9:22:30:39:1b:86:e7:70:d6:75:c2:
                    92:fb:b5:8e:a4:49:12:13:31:ff:1f:0f:2b:14:e1:
                    f4:e7:c5:6f:57:69:21:90:3f:40:78:f4:9e:02:90:
                    c1:ef:b2:f4:ea:cc:a7:9f:af:76:69:3d:59:75:71:
                    88:44:55:20:e4:80:7e:6e:ca:b5:5b:c1:ef:c6:9f:
                    b4:87:bd:7e:3d:08:b7:8d:6a:2b:5e:92:54:3f:c7:
                    19:d0:55:e2:b8:37:44:be:3e:9c:55:3c:84:4e:37:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:F3:58:97:6C:2F:DA:07:3B:71:DE:ED:D7:8D:ED:A5:FA:77:8B:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eb227c97-7acf-42a8-a0c3-658e0db984fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:94:50:40:11:b7:2d:f8:19:56:53:b1:95:26:8c:1a:b8:89:
         56:e2:31:68:cc:7e:01:03:43:7c:e1:5a:4b:b4:dd:81:81:29:
         f1:b2:53:b2:8b:1c:04:a5:b8:52:6e:e5:7f:6e:89:5a:bd:07:
         4d:03:06:c9:4b:49:f4:87:26:74:c5:d3:fe:d5:dd:ea:0f:e3:
         3c:97:a5:55:92:df:62:9e:77:0a:1e:84:98:4b:f8:c2:56:15:
         0f:16:09:48:78:7f:ad:1c:ec:fd:2f:8d:f4:7d:eb:9d:1b:4c:
         ec:8b:3e:71:5b:ec:9d:c3:21:f5:2f:dc:96:af:95:31:46:2b:
         6f:9a:72:85:45:50:3c:f5:12:37:a5:97:ee:84:c6:50:2c:fe:
         e9:1b:2c:4e:49:d2:2d:3e:56:e6:47:74:19:cb:59:28:39:b0:
         c9:c9:9b:07:0d:98:cf:83:97:52:6e:66:bc:bf:ab:ad:80:fa:
         70:2c:31:68:aa:bc:5d:98:e8:f6:b5:81:89:ba:7f:18:9c:f3:
         fa:66:2a:fd:0b:92:80:64:df:b0:d1:5d:ae:26:0c:22:02:6f:
         3f:74:fa:3b:8e:04:88:2a:c1:38:67:0a:87:24:ea:84:bd:d0:
         94:50:5c:61:1c:73:20:a9:1f:cc:ab:fe:ad:7b:57:04:be:9d:
         63:b9:84:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNGQxigUkaIKWCyuCqQ7ct0cVELEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjOGIwMDllMzZiZmFjMTI5ZjE3ZjY3MzVkYmVjNTk0ODBh
NmI4NmVjNmNkYzZmMTc0ZTU3OTY4NjJkNjRlNTYxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh1VFRMX7rqhuB1q0srkjCQgtEHIBnd6vH0/oSlQhI8Rn7
3SuCXVXT33dsjQV8w+46b/QUxOcs7oIwMEyU6OfuEpIFVlqIAzLlRpgCqeOFr8ix
HvzZsCb93kRPw4zkFNLcE+2MlCVzQur0UrUN5WI6IAOdD4zI1lWOnwRkRwrT790X
cPQ+sb0uuqk2c/n9Gb5eXJ05U0EmfoT5IjA5G4bncNZ1wpL7tY6kSRITMf8fDysU
4fTnxW9XaSGQP0B49J4CkMHvsvTqzKefr3ZpPVl1cYhEVSDkgH5uyrVbwe/Gn7SH
vX49CLeNaiteklQ/xxnQVeK4N0S+PpxVPIRON4dzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmvNYl2wv2gc7cd7t143tpfp3i9cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViMjI3Yzk3LTdhY2YtNDJhOC1hMGMzLTY1OGUwZGI5ODRmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJgAAgwDQYJKoZIhvcNAQELBQADggEBABGUUEARty34GVZTsZUmjBq4iVbi
MWjMfgEDQ3zhWku03YGBKfGyU7KLHASluFJu5X9uiVq9B00DBslLSfSHJnTF0/7V
3eoP4zyXpVWS32KedwoehJhL+MJWFQ8WCUh4f60c7P0vjfR9650bTOyLPnFb7J3D
IfUv3JavlTFGK2+acoVFUDz1Ejell+6ExlAs/ukbLE5J0i0+VuZHdBnLWSg5sMnJ
mwcNmM+Dl1JuZry/q62A+nAsMWiqvF2Y6Pa1gYm6fxic8/pmKv0LkoBk37DRXa4m
DCICbz90+juOBIgqwThnCock6oS90JRQXGEccyCpH8yr/q17VwS+nWO5hOc=
-----END CERTIFICATE-----