Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecca775f-1728-4ebb-891c-56cb3438e35f.roa
File:                     ecca775f-1728-4ebb-891c-56cb3438e35f.roa (raw, json)
Hash identifier:          N7Brxq5hWtBZf2FkJB42I7NuPan1tz/qYgDNfcL6FXs=
Subject key identifier:   53:52:EB:F6:6B:78:F7:15:39:B3:1F:A2:04:0B:3B:20:50:10:4F:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       033162B4BAE96A7ACB9EFB19408467C906543EC1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecca775f-1728-4ebb-891c-56cb3438e35f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        199.182.240.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:31:62:b4:ba:e9:6a:7a:cb:9e:fb:19:40:84:67:c9:06:54:3e:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:51:9a:e8:4b:fe:4d:52:a2:91:01:d5:a1:12:
                    94:39:a2:88:bf:9f:c3:12:6b:d7:86:f1:a9:c6:72:
                    5d:ed:b4:83:97:c6:72:66:86:dd:0f:69:57:9c:29:
                    eb:12:f0:ff:db:e0:6a:92:2a:90:89:3c:db:eb:fd:
                    df:1e:c1:34:4c:df:f3:46:57:5c:b4:43:6f:89:fa:
                    27:a6:bd:50:72:ce:cb:e3:22:f4:28:4f:fe:68:b7:
                    90:ba:d2:35:33:77:43:59:8a:0e:10:96:16:d7:27:
                    42:1d:3e:ed:24:c7:1a:1d:c0:00:60:e5:43:8b:0c:
                    cf:15:bb:66:a2:b2:a4:32:5a:b7:d0:22:34:62:27:
                    a9:e3:24:08:b2:0b:5d:80:d8:51:c6:43:f3:9f:d0:
                    79:93:3c:c0:75:8a:6b:c6:bd:26:24:c5:83:43:24:
                    85:09:e8:67:22:98:f4:31:57:10:d2:b4:10:97:73:
                    00:b0:e3:c3:fb:74:f3:45:de:da:21:1a:a7:62:19:
                    d7:3c:52:dc:f3:ff:aa:5f:f3:7c:14:d0:32:c7:35:
                    ad:88:c5:2e:f6:34:a7:40:65:13:77:54:b9:01:fe:
                    8c:3a:9d:e9:ef:7a:14:f3:59:e6:72:80:5a:92:cc:
                    92:ed:7f:80:7f:54:6e:68:3d:e0:6f:64:71:2e:7a:
                    e9:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:52:EB:F6:6B:78:F7:15:39:B3:1F:A2:04:0B:3B:20:50:10:4F:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ecca775f-1728-4ebb-891c-56cb3438e35f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.182.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         47:f0:97:fd:05:86:a8:7a:35:eb:9d:7e:24:a6:49:be:74:e9:
         14:8b:0d:b6:a7:f0:c1:1e:9b:d3:6c:b9:1a:33:d4:77:91:d6:
         1c:c3:eb:55:85:cc:07:dc:0c:7f:03:c7:e3:bf:a7:5c:42:e6:
         38:fc:c8:30:2b:17:a0:48:14:1d:ca:54:60:a7:1b:1a:c2:1d:
         4c:18:0b:a1:8d:e9:c9:d1:f7:c0:b2:26:21:ea:b7:45:5b:dd:
         3f:35:36:5e:e1:fb:9b:72:ff:26:42:86:f9:e9:c2:35:31:cd:
         65:3f:7d:ee:0e:81:0b:28:58:63:0f:90:13:23:33:88:ff:68:
         ec:77:4e:c4:0c:58:2b:33:83:6d:73:ac:c2:ff:54:2c:69:5c:
         d2:c6:55:1c:4b:37:e7:dd:1e:9c:a2:68:42:84:7f:59:1e:3a:
         b4:26:9b:35:da:4f:27:3c:82:e1:47:44:12:35:e2:a0:47:0e:
         bd:b6:27:09:f9:b2:5f:91:12:9a:95:6c:2c:1e:42:ce:5e:73:
         ff:5b:aa:f0:73:98:04:97:27:6f:bf:bb:52:6e:5d:6c:3f:ae:
         d3:a8:66:6b:a2:6e:b4:7c:f7:4d:38:63:3c:34:53:4b:51:50:
         6b:69:f0:0b:5a:59:fb:d7:ad:c5:f5:86:c6:63:54:ef:01:9b:
         86:6a:95:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAzFitLrpanrLnvsZQIRnyQZUPsEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmI2MWQ5YzhkOTVlNjMxMGI4NjIxYTcwYzdjZjgzNGUy
YTk0MTVhNTY2MTIzNDJlYzQzMzg2ZmYxMzk1ZGNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyUZroS/5NUqKRAdWhEpQ5ooi/n8MSa9eG8anGcl3ttIOX
xnJmht0PaVecKesS8P/b4GqSKpCJPNvr/d8ewTRM3/NGV1y0Q2+J+iemvVByzsvj
IvQoT/5ot5C60jUzd0NZig4QlhbXJ0IdPu0kxxodwABg5UOLDM8Vu2aisqQyWrfQ
IjRiJ6njJAiyC12A2FHGQ/Of0HmTPMB1imvGvSYkxYNDJIUJ6GcimPQxVxDStBCX
cwCw48P7dPNF3tohGqdiGdc8Utzz/6pf83wU0DLHNa2IxS72NKdAZRN3VLkB/ow6
nenvehTzWeZygFqSzJLtf4B/VG5oPeBvZHEueumjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU1Lr9mt49xU5sx+iBAs7IFAQT4UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjY2E3NzVmLTE3MjgtNGViYi04OTFjLTU2Y2IzNDM4ZTM1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATHtvAwDQYJKoZIhvcNAQELBQADggEBAEfwl/0Fhqh6NeudfiSmSb506RSL
Dban8MEem9NsuRoz1HeR1hzD61WFzAfcDH8Dx+O/p1xC5jj8yDArF6BIFB3KVGCn
GxrCHUwYC6GN6cnR98CyJiHqt0Vb3T81Nl7h+5ty/yZChvnpwjUxzWU/fe4OgQso
WGMPkBMjM4j/aOx3TsQMWCszg21zrML/VCxpXNLGVRxLN+fdHpyiaEKEf1keOrQm
mzXaTyc8guFHRBI14qBHDr22Jwn5sl+REpqVbCweQs5ec/9bqvBzmASXJ2+/u1Ju
XWw/rtOoZmuibrR89004Yzw0U0tRUGtp8AtaWfvXrcX1hsZjVO8Bm4ZqlZA=
-----END CERTIFICATE-----