Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebcf25c8-ae28-4969-85fc-eaa9dcf8d399.roa
File:                     ebcf25c8-ae28-4969-85fc-eaa9dcf8d399.roa (raw, json)
Hash identifier:          5SAaq0yw/syZr/K77zluvntvA9CkDdiguhz7XVd5xjw=
Subject key identifier:   02:BA:84:DE:43:D1:BB:30:2B:7C:FC:7F:9E:2A:E3:4E:8B:6A:FE:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0A676EDC73B5544E752E1B31CC119F9B04B667B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebcf25c8-ae28-4969-85fc-eaa9dcf8d399.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        107.152.132.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:67:6e:dc:73:b5:54:4e:75:2e:1b:31:cc:11:9f:9b:04:b6:67:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=2cf92459d8165e8867d2133b2a0b15c50c48b208ddb464b7c3ca41e23161c00c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:34:72:54:24:ad:b1:46:83:c6:e2:58:51:6d:
                    0b:d2:0f:f2:bc:9f:07:e1:4c:a0:70:0a:7c:79:4a:
                    4e:70:a7:f8:dc:69:8c:2f:1a:51:33:a7:53:fb:7c:
                    02:34:17:21:78:2c:53:c0:32:f3:0f:fd:43:2e:82:
                    01:dc:93:5b:9e:02:52:a9:bb:10:8d:9c:3a:ec:78:
                    cd:47:33:1f:23:81:59:5b:93:c7:a7:81:74:1b:7d:
                    89:27:0a:eb:bc:b8:d3:f1:5f:19:84:bd:13:39:66:
                    6d:c9:a8:d0:ca:38:5b:9c:fd:f8:ce:91:3b:b0:d4:
                    b8:72:99:b4:33:b3:9d:e6:ba:cb:4d:1c:34:2f:28:
                    d7:3c:4d:b1:ea:7b:e8:d8:e1:a7:0d:6d:80:57:4c:
                    c3:4f:62:60:47:c6:a1:93:18:b5:30:65:80:7e:75:
                    06:37:e5:c3:c3:e0:55:35:54:5e:96:b5:b6:01:c7:
                    c9:89:63:c5:1f:d7:53:76:31:5f:c4:4a:00:f4:0e:
                    5a:ce:47:7b:72:9a:45:f4:15:03:69:42:26:5b:e6:
                    37:15:53:2e:55:00:35:08:2c:98:90:3e:9f:08:31:
                    39:dc:37:82:a6:da:df:23:db:0a:14:18:4b:cd:a4:
                    36:13:0d:08:7c:a0:c3:89:3f:c2:e6:fd:39:9c:cd:
                    d9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:BA:84:DE:43:D1:BB:30:2B:7C:FC:7F:9E:2A:E3:4E:8B:6A:FE:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebcf25c8-ae28-4969-85fc-eaa9dcf8d399.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.152.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:8e:a9:6f:07:37:ec:f2:61:52:75:ae:be:3a:36:9d:19:f3:
         e6:49:43:b5:0b:80:03:79:55:52:b9:0e:44:3d:a1:23:ac:1a:
         0d:d8:35:80:90:ba:45:00:ec:9a:b0:26:93:eb:c0:cf:3d:63:
         65:f3:68:29:64:64:12:cf:0b:84:db:1d:1d:e8:2d:c1:69:24:
         84:be:2d:63:56:cd:6e:d5:57:31:5b:45:26:c3:cd:df:ef:79:
         5e:05:e1:fa:6d:8d:67:dc:ac:4c:f4:cd:a9:10:05:ac:79:59:
         1e:89:88:5d:43:f4:2e:b7:f5:8f:54:68:5d:61:9e:df:57:da:
         c7:a2:3a:15:35:bf:ef:07:a9:27:d6:82:2a:aa:e4:ba:55:b4:
         f5:5c:35:32:d2:c6:e8:1b:00:c4:d8:fe:fb:cf:7d:ee:35:56:
         27:ad:11:b0:eb:72:71:70:08:4a:38:e4:56:b4:7a:36:52:6e:
         42:60:1f:7e:0b:92:37:68:70:b9:34:04:d9:c2:5b:d7:64:3e:
         f4:4c:4d:66:f8:58:f1:9e:2d:33:1c:37:02:71:50:9e:31:85:
         3d:d4:ff:d2:a9:c7:2f:db:46:d2:78:f9:ea:76:eb:66:37:4d:
         ff:38:2d:46:d5:1f:9e:0e:be:dd:43:cb:51:b7:6e:47:89:7a:
         62:e8:b0:eb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCmdu3HO1VE51LhsxzBGfmwS2Z7gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2Y5MjQ1OWQ4MTY1ZTg4NjdkMjEzM2IyYTBiMTVjNTBj
NDhiMjA4ZGRiNDY0YjdjM2NhNDFlMjMxNjFjMDBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtNHJUJK2xRoPG4lhRbQvSD/K8nwfhTKBwCnx5Sk5wp/jc
aYwvGlEzp1P7fAI0FyF4LFPAMvMP/UMuggHck1ueAlKpuxCNnDrseM1HMx8jgVlb
k8engXQbfYknCuu8uNPxXxmEvRM5Zm3JqNDKOFuc/fjOkTuw1LhymbQzs53mustN
HDQvKNc8TbHqe+jY4acNbYBXTMNPYmBHxqGTGLUwZYB+dQY35cPD4FU1VF6WtbYB
x8mJY8Uf11N2MV/ESgD0DlrOR3tymkX0FQNpQiZb5jcVUy5VADUILJiQPp8IMTnc
N4Km2t8j2woUGEvNpDYTDQh8oMOJP8Lm/Tmczdl1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUArqE3kPRuzArfPx/nirjTotq/oYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViY2YyNWM4LWFlMjgtNDk2OS04NWZjLWVhYTlkY2Y4ZDM5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJrmIQwDQYJKoZIhvcNAQELBQADggEBAIWOqW8HN+zyYVJ1rr46Np0Z8+ZJ
Q7ULgAN5VVK5DkQ9oSOsGg3YNYCQukUA7JqwJpPrwM89Y2XzaClkZBLPC4TbHR3o
LcFpJIS+LWNWzW7VVzFbRSbDzd/veV4F4fptjWfcrEz0zakQBax5WR6JiF1D9C63
9Y9UaF1hnt9X2seiOhU1v+8HqSfWgiqq5LpVtPVcNTLSxugbAMTY/vvPfe41Viet
EbDrcnFwCEo45Fa0ejZSbkJgH34LkjdocLk0BNnCW9dkPvRMTWb4WPGeLTMcNwJx
UJ4xhT3U/9Kpxy/bRtJ4+ep262Y3Tf84LUbVH54Ovt1Dy1G3bkeJemLosOs=
-----END CERTIFICATE-----