Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8323e23-44d9-4456-98f9-272a41e01241.roa
File:                     f8323e23-44d9-4456-98f9-272a41e01241.roa (raw, json)
Hash identifier:          QfnAu6w74Yu6ol5dzO2VKfcUE5SIjA+hKsVXhQfxvQ0=
Subject key identifier:   32:9A:6D:04:3E:87:22:C2:7D:4B:0C:29:D3:DF:DD:99:5C:F9:33:0D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F3ADAE22E21E7B92B80F548DC94303F4A65AABD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8323e23-44d9-4456-98f9-272a41e01241.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        192.157.64.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:3a:da:e2:2e:21:e7:b9:2b:80:f5:48:dc:94:30:3f:4a:65:aa:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=d52958464079d8110ebe36e006b92484e7d47d8457b997811d82afb94c071121, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5d:53:05:9f:95:a2:84:45:e0:79:c7:f6:cf:
                    6a:87:e0:e2:58:5f:84:7f:da:a4:a2:ff:57:4c:91:
                    21:49:88:85:44:68:65:d1:8d:97:70:ea:f4:d5:d6:
                    64:3d:da:e0:9c:80:24:42:47:12:b3:4b:65:5c:4b:
                    d6:37:e3:c4:3c:a2:7b:8f:d8:d0:8b:5d:64:c8:a2:
                    d2:36:c6:86:a9:ad:b2:a5:90:19:50:3d:43:24:ee:
                    c8:bf:9e:f6:29:98:9a:a1:29:87:ce:07:42:b4:ee:
                    57:ef:58:9e:c6:fb:c9:63:b6:bf:cb:14:c3:c8:b5:
                    6c:d0:e5:01:1f:d4:44:31:c8:ca:5d:14:57:a7:b9:
                    ce:f8:41:71:f8:c7:57:da:05:19:68:ee:c4:11:b8:
                    46:3c:f0:31:9e:d9:7e:83:6f:e3:ea:5a:f3:7b:8b:
                    45:45:fc:c2:fe:b8:db:14:73:ae:d2:f1:29:7b:68:
                    db:2e:8c:1c:8c:4e:c8:4b:a3:18:1d:e1:45:a2:92:
                    d3:24:19:46:2e:6e:ef:fb:1d:92:f3:f3:9a:2f:96:
                    87:f2:33:9b:b4:4e:8b:c2:0e:fa:6b:46:a6:ce:c6:
                    fa:f5:a7:7b:55:ae:d6:be:06:f8:1a:c8:02:fa:ca:
                    5a:85:be:a7:18:7b:ce:ef:f2:bf:26:c3:b3:c3:27:
                    c2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:9A:6D:04:3E:87:22:C2:7D:4B:0C:29:D3:DF:DD:99:5C:F9:33:0D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8323e23-44d9-4456-98f9-272a41e01241.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.157.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:01:5e:2a:91:d7:09:3f:9c:99:da:b4:5c:ad:4f:85:10:63:
         ec:c7:c0:78:78:90:00:88:8a:e0:07:9f:e6:2e:d0:79:eb:cb:
         99:a6:d9:75:51:4b:b0:08:b1:43:b3:f9:cd:d5:64:03:09:40:
         09:06:b5:ad:4f:ce:71:4e:84:b5:8e:ef:a6:d3:87:ed:d2:75:
         eb:81:02:4c:4a:b0:ac:b9:6d:c1:97:22:3e:03:c8:e9:4c:72:
         0e:28:6f:f1:ed:35:58:47:5d:16:c2:79:82:d1:38:ac:61:19:
         9a:77:56:94:6e:7f:e0:82:a3:aa:57:34:a6:a8:e7:83:2b:a8:
         00:4e:9b:1e:fc:39:52:cc:c9:9a:03:20:33:67:3e:f7:d4:c5:
         79:ba:a6:a5:6d:82:06:42:f7:77:40:0f:5f:04:7f:b1:79:aa:
         c8:c4:a4:25:bd:30:f4:58:f1:bd:c0:8c:e6:73:88:49:97:6c:
         8d:ef:3d:8b:0a:72:5a:79:80:db:d2:12:2c:9e:57:6b:c6:6b:
         19:c8:f5:6d:4f:f7:61:94:bd:cc:c4:d0:b8:40:96:10:51:f7:
         45:74:ea:a2:77:e5:69:46:8a:82:ed:22:9c:00:a9:d6:3b:22:
         95:91:00:6e:3c:e8:32:07:f5:63:af:f5:43:4c:8e:4a:66:53:
         40:45:95:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDzra4i4h57krgPVI3JQwP0plqr0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTI5NTg0NjQwNzlkODExMGViZTM2ZTAwNmI5MjQ4NGU3
ZDQ3ZDg0NTdiOTk3ODExZDgyYWZiOTRjMDcxMTIxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtXVMFn5WihEXgecf2z2qH4OJYX4R/2qSi/1dMkSFJiIVE
aGXRjZdw6vTV1mQ92uCcgCRCRxKzS2VcS9Y348Q8onuP2NCLXWTIotI2xoaprbKl
kBlQPUMk7si/nvYpmJqhKYfOB0K07lfvWJ7G+8ljtr/LFMPItWzQ5QEf1EQxyMpd
FFenuc74QXH4x1faBRlo7sQRuEY88DGe2X6Db+PqWvN7i0VF/ML+uNsUc67S8Sl7
aNsujByMTshLoxgd4UWiktMkGUYubu/7HZLz85ovlofyM5u0TovCDvprRqbOxvr1
p3tVrta+BvgayAL6ylqFvqcYe87v8r8mw7PDJ8ITAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMpptBD6HIsJ9Swwp09/dmVz5Mw0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4MzIzZTIzLTQ0ZDktNDQ1Ni05OGY5LTI3MmE0MWUwMTI0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPAnUAwDQYJKoZIhvcNAQELBQADggEBACsBXiqR1wk/nJnatFytT4UQY+zH
wHh4kACIiuAHn+Yu0Hnry5mm2XVRS7AIsUOz+c3VZAMJQAkGta1PznFOhLWO76bT
h+3SdeuBAkxKsKy5bcGXIj4DyOlMcg4ob/HtNVhHXRbCeYLROKxhGZp3VpRuf+CC
o6pXNKao54MrqABOmx78OVLMyZoDIDNnPvfUxXm6pqVtggZC93dAD18Ef7F5qsjE
pCW9MPRY8b3AjOZziEmXbI3vPYsKclp5gNvSEiyeV2vGaxnI9W1P92GUvczE0LhA
lhBR90V06qJ35WlGioLtIpwAqdY7IpWRAG486DIH9WOv9UNMjkpmU0BFlWc=
-----END CERTIFICATE-----