Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebfc742a-a5ea-454c-832c-b22aab7c935d.roa
File:                     ebfc742a-a5ea-454c-832c-b22aab7c935d.roa (raw, json)
Hash identifier:          UzHII68WKFIX3pdkhEnifmjroRlbhuSXterZrHpimgg=
Subject key identifier:   97:5C:29:2E:DA:06:B7:79:6B:1D:A3:07:CE:C3:C1:06:E8:80:DD:67
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       581D60307D74F88E00E30043518D0F87E22834C4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebfc742a-a5ea-454c-832c-b22aab7c935d.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        15.128.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:1d:60:30:7d:74:f8:8e:00:e3:00:43:51:8d:0f:87:e2:28:34:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=d9f9a190fec847522c04757ed55153e46c8fba70e0ff2da4ae3cb85e49e1a806, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ec:bd:ac:82:13:f4:c3:77:6a:ff:43:21:dd:
                    8e:b9:33:99:1e:e9:9a:07:40:e6:03:d0:1b:17:0f:
                    98:08:99:fa:79:26:44:0f:67:2d:bf:8f:d6:27:9f:
                    14:2d:a0:7d:57:e5:66:de:4b:6a:b8:f2:38:ed:b1:
                    58:e5:19:86:27:2f:5c:22:3c:e3:18:24:f8:a7:15:
                    ee:fb:16:45:c6:f6:f2:2c:d6:1b:4d:b6:ae:a5:f4:
                    5f:ac:d7:1e:bd:0b:3d:01:b2:af:40:c2:c1:5e:c4:
                    21:5f:de:1c:a1:de:8b:c1:c9:b6:c4:c9:28:d4:11:
                    ad:23:1d:4d:70:fb:18:af:60:7c:2c:dd:9a:67:14:
                    e7:76:37:28:8d:c5:de:55:e6:4c:ab:75:db:a5:f2:
                    6e:9b:4a:5f:e9:bf:d0:09:30:c6:6a:8a:9b:f0:8a:
                    c9:5a:62:4a:ee:3d:fb:de:56:7a:c1:30:78:77:19:
                    6e:48:c3:33:a0:e7:41:08:70:b6:09:51:ff:67:61:
                    df:9e:f8:78:1f:13:2e:13:3f:49:7b:bc:2d:96:e9:
                    f7:7c:d9:cf:c1:46:2a:6b:0e:c5:07:9d:e8:e5:dc:
                    5a:01:34:06:76:66:a6:75:0f:b1:7f:f6:41:3c:88:
                    60:79:0d:ec:d8:c5:6b:1a:27:71:0b:70:eb:67:57:
                    33:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:5C:29:2E:DA:06:B7:79:6B:1D:A3:07:CE:C3:C1:06:E8:80:DD:67
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebfc742a-a5ea-454c-832c-b22aab7c935d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8b:ee:e7:0c:2b:48:a5:9d:47:76:ed:e1:b8:8a:6c:6c:04:af:
         4c:34:31:f8:de:4c:d2:31:39:80:77:d4:ea:df:fd:32:e1:c1:
         04:51:6b:32:b6:f1:c8:e3:44:fe:24:58:3f:bc:b9:5d:e6:97:
         0d:52:40:b7:d5:e1:26:bd:f3:a9:2c:74:67:f3:d9:41:d5:c6:
         6b:21:f8:6d:a2:c2:79:3d:cf:e7:1b:82:80:24:c4:45:6e:eb:
         74:ee:62:dd:57:95:c7:c3:da:08:cc:29:14:96:84:98:38:61:
         bb:19:f5:ed:cd:4b:0e:97:68:d7:ce:b6:14:b3:a8:7f:cb:d7:
         52:67:21:a0:ee:a2:13:8b:ad:ce:ec:c1:f3:75:b4:37:96:0d:
         30:23:40:f2:ad:5e:b9:1b:59:8c:61:14:5f:69:98:3a:5a:fd:
         c3:55:a4:8b:ca:66:7d:3a:8d:eb:4c:22:00:c4:b0:01:8d:4d:
         8f:75:f9:54:61:c9:98:39:36:bf:7f:43:92:09:9e:31:f2:9a:
         72:8c:9a:fe:2d:c3:bd:32:af:25:e1:63:22:51:ab:a1:3a:3b:
         94:66:7b:f9:cd:ef:9d:94:16:a9:ec:f9:96:81:58:f8:0f:be:
         10:b4:d6:b8:24:f8:1b:ad:69:c1:37:ec:d6:b5:75:93:08:b4:
         17:bf:f7:32
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWB1gMH10+I4A4wBDUY0Ph+IoNMQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkOWY5YTE5MGZlYzg0NzUyMmMwNDc1N2VkNTUxNTNlNDZj
OGZiYTcwZTBmZjJkYTRhZTNjYjg1ZTQ5ZTFhODA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC37L2sghP0w3dq/0Mh3Y65M5ke6ZoHQOYD0BsXD5gImfp5
JkQPZy2/j9YnnxQtoH1X5WbeS2q48jjtsVjlGYYnL1wiPOMYJPinFe77FkXG9vIs
1htNtq6l9F+s1x69Cz0Bsq9AwsFexCFf3hyh3ovBybbEySjUEa0jHU1w+xivYHws
3ZpnFOd2NyiNxd5V5kyrddul8m6bSl/pv9AJMMZqipvwislaYkruPfveVnrBMHh3
GW5IwzOg50EIcLYJUf9nYd+e+HgfEy4TP0l7vC2W6fd82c/BRiprDsUHnejl3FoB
NAZ2ZqZ1D7F/9kE8iGB5DezYxWsaJ3ELcOtnVzNNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUl1wpLtoGt3lrHaMHzsPBBuiA3WcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViZmM3NDJhLWE1ZWEtNDU0Yy04MzJjLWIyMmFhYjdjOTM1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPgDANBgkqhkiG9w0BAQsFAAOCAQEAi+7nDCtIpZ1Hdu3huIpsbASvTDQx
+N5M0jE5gHfU6t/9MuHBBFFrMrbxyONE/iRYP7y5XeaXDVJAt9XhJr3zqSx0Z/PZ
QdXGayH4baLCeT3P5xuCgCTERW7rdO5i3VeVx8PaCMwpFJaEmDhhuxn17c1LDpdo
1862FLOof8vXUmchoO6iE4utzuzB83W0N5YNMCNA8q1euRtZjGEUX2mYOlr9w1Wk
i8pmfTqN60wiAMSwAY1Nj3X5VGHJmDk2v39DkgmeMfKacoya/i3DvTKvJeFjIlGr
oTo7lGZ7+c3vnZQWqez5loFY+A++ELTWuCT4G61pwTfs1rV1kwi0F7/3Mg==
-----END CERTIFICATE-----