Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f44932be-f5f7-4c01-bf66-7863d3be3948.roa
File:                     f44932be-f5f7-4c01-bf66-7863d3be3948.roa (raw, json)
Hash identifier:          bbBlXliDRGq8TdOb5v+LD147/9YJnJXZVjCCO3p4tAI=
Subject key identifier:   DF:2F:35:66:54:CF:ED:5B:EE:1B:F6:C4:03:99:94:BA:0D:63:08:71
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       446545E3C8F99B13C501B43DC537A024BA125561
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f44932be-f5f7-4c01-bf66-7863d3be3948.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        65.9.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:65:45:e3:c8:f9:9b:13:c5:01:b4:3d:c5:37:a0:24:ba:12:55:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5e:1f:52:b3:b7:84:23:5e:05:48:49:01:f5:
                    06:33:a7:da:fc:de:e9:40:21:94:0a:76:e5:73:7c:
                    92:54:80:a6:73:65:b3:3c:60:d5:da:76:9c:89:02:
                    46:c1:7b:88:98:ab:84:bf:4b:9f:13:93:06:86:c4:
                    59:3b:31:32:fe:44:7c:94:b7:04:7e:fe:c0:7a:f8:
                    b1:ac:1e:20:c6:25:90:9f:10:c2:0d:21:a1:8f:fb:
                    30:69:c0:19:e0:e5:4f:05:ca:ef:a7:ed:92:99:85:
                    a4:7f:9e:6d:93:1f:b0:2c:79:88:d7:f3:7d:a1:b5:
                    39:b0:b8:f3:d5:e0:17:06:37:c8:ea:8e:93:5f:f7:
                    dc:3c:a3:07:78:10:d7:76:27:e3:aa:14:65:b6:14:
                    9e:4d:4e:dd:6e:00:cb:ff:f7:c5:81:f3:55:70:53:
                    d1:34:61:be:f2:08:c5:45:54:f0:24:a9:49:8d:8f:
                    07:9d:85:af:67:0a:70:4c:4d:3e:af:76:74:ad:1b:
                    80:7b:96:41:80:11:e3:83:7d:dc:5c:b6:67:ed:d4:
                    c3:99:bd:ac:15:59:da:9b:b3:7d:81:0a:e3:71:5f:
                    c5:98:ea:f7:56:99:7a:d2:52:bb:1c:2e:26:a1:7e:
                    7e:e4:ba:12:43:3f:6f:03:ba:15:2e:37:16:6c:65:
                    ac:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:2F:35:66:54:CF:ED:5B:EE:1B:F6:C4:03:99:94:BA:0D:63:08:71
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f44932be-f5f7-4c01-bf66-7863d3be3948.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.9.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         1c:48:39:aa:22:26:52:4e:c0:e1:60:06:77:0d:7d:07:4b:98:
         a5:57:7d:bd:c6:a0:d5:5b:9c:64:39:c0:5d:d8:ec:aa:34:20:
         f1:3f:39:8f:c8:42:3f:66:72:d7:f7:bf:82:c7:d2:e4:99:a4:
         a9:07:52:76:c4:26:94:1a:9b:b3:22:ce:c0:96:35:3d:7f:14:
         90:b7:32:42:c8:50:bb:1d:7b:a6:77:07:f2:16:73:08:0c:a6:
         4e:35:1a:e7:24:bb:e9:17:4b:dd:54:0c:7f:4f:f8:b7:72:16:
         30:3a:92:26:27:c6:3a:26:a7:e1:d4:60:1e:6b:7e:68:ec:d9:
         6b:00:17:26:e9:1d:19:f4:a8:4c:1e:c2:78:52:b7:e8:dd:3f:
         07:46:7e:fc:48:f1:36:5b:dc:19:7e:36:76:83:ec:7e:51:49:
         5b:f8:60:ba:07:3c:71:f4:7f:6d:c3:e3:df:d9:89:6f:6f:76:
         6f:b1:cf:52:ef:06:2e:ee:44:0f:f5:18:2e:fc:41:f4:47:79:
         c6:0e:97:37:dc:a2:c0:18:3a:35:4c:79:06:a9:e7:2c:9a:0d:
         3f:c9:e9:6c:e2:1b:77:c6:ea:4e:ce:0a:ca:04:c8:08:10:28:
         9b:12:24:71:f8:1b:ed:ad:1a:00:07:69:39:fc:73:3f:b9:e2:
         e9:7c:9d:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURGVF48j5mxPFAbQ9xTegJLoSVWEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxY2JhNmFhNTRiOTBlMmU5MTk4NmVhYzNkZjU0ZDViODhi
MzBjYmQxODVkZDJiMmNkMmJjNzk1ODdlZjZhMjlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4Xh9Ss7eEI14FSEkB9QYzp9r83ulAIZQKduVzfJJUgKZz
ZbM8YNXadpyJAkbBe4iYq4S/S58TkwaGxFk7MTL+RHyUtwR+/sB6+LGsHiDGJZCf
EMINIaGP+zBpwBng5U8Fyu+n7ZKZhaR/nm2TH7AseYjX832htTmwuPPV4BcGN8jq
jpNf99w8owd4ENd2J+OqFGW2FJ5NTt1uAMv/98WB81VwU9E0Yb7yCMVFVPAkqUmN
jwedha9nCnBMTT6vdnStG4B7lkGAEeODfdxctmft1MOZvawVWdqbs32BCuNxX8WY
6vdWmXrSUrscLiahfn7kuhJDP28DuhUuNxZsZawbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3y81ZlTP7VvuG/bEA5mUug1jCHEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y0NDkzMmJlLWY1ZjctNGMwMS1iZjY2LTc4NjNkM2JlMzk0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZBCYAwDQYJKoZIhvcNAQELBQADggEBABxIOaoiJlJOwOFgBncNfQdLmKVX
fb3GoNVbnGQ5wF3Y7Ko0IPE/OY/IQj9mctf3v4LH0uSZpKkHUnbEJpQam7MizsCW
NT1/FJC3MkLIULsde6Z3B/IWcwgMpk41Gucku+kXS91UDH9P+LdyFjA6kiYnxjom
p+HUYB5rfmjs2WsAFybpHRn0qEwewnhSt+jdPwdGfvxI8TZb3Bl+NnaD7H5RSVv4
YLoHPHH0f23D49/ZiW9vdm+xz1LvBi7uRA/1GC78QfRHecYOlzfcosAYOjVMeQap
5yyaDT/J6WziG3fG6k7OCsoEyAgQKJsSJHH4G+2tGgAHaTn8cz+54ul8nYk=
-----END CERTIFICATE-----