Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f90e4f5b-5243-4975-9d18-d2b74e0b7d4f.roa
File:                     f90e4f5b-5243-4975-9d18-d2b74e0b7d4f.roa (raw, json)
Hash identifier:          vfCvXYrgKpQdfzosDzKKMkc1ZmO3ArMcwLFgCEN4vw8=
Subject key identifier:   92:9F:A8:9F:EE:A2:FF:67:A0:95:B0:EC:EA:A4:AF:9D:B2:1B:16:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       64CE2EB775ABD1E73D0E497E7768F8F1AE856498
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f90e4f5b-5243-4975-9d18-d2b74e0b7d4f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        136.2.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:ce:2e:b7:75:ab:d1:e7:3d:0e:49:7e:77:68:f8:f1:ae:85:64:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=f077862ad3d11827a4bd332c8976510ac87373d1608bfc59851f105bd86ab2ab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:c8:95:c8:ff:7e:b6:03:49:04:59:eb:e8:15:
                    09:cd:cf:d0:d1:6c:86:db:ca:17:84:81:09:c7:fb:
                    fa:b4:c0:b3:8d:8b:c4:cd:de:d0:49:1a:3e:43:d5:
                    00:91:32:99:74:ac:0a:e3:8f:2d:1f:63:81:0e:df:
                    7b:a7:55:d2:01:34:5a:62:7d:ba:95:3a:84:d5:bb:
                    96:34:b1:6d:25:ed:9e:57:ed:71:60:f4:b1:aa:d1:
                    f7:9d:68:49:03:e9:31:47:8b:dd:c7:3e:93:11:51:
                    2d:98:fe:66:d9:fc:0a:a6:5b:a7:fd:5d:9c:78:e5:
                    47:9a:bf:9f:ac:03:ab:d6:83:85:2f:1d:29:e2:0f:
                    0e:e4:66:02:a8:6b:6b:86:a4:e5:af:85:e1:b8:27:
                    b7:57:2b:70:e4:7d:de:f8:0b:60:a9:a0:18:fe:28:
                    1d:d8:08:f9:1a:8b:19:22:9a:56:c6:e7:ea:bb:9e:
                    46:33:b6:29:36:48:ac:34:a2:b9:f6:e3:2c:f1:a0:
                    43:8e:ae:65:f8:28:cc:92:59:8a:8e:84:6b:77:b4:
                    35:7c:b6:45:cf:ad:92:70:f1:13:dc:88:90:ac:96:
                    19:be:db:0c:0d:06:d9:ea:78:ca:42:6e:2d:00:f0:
                    92:6b:0c:d0:bc:ca:cb:42:a6:f6:b9:9e:2e:58:cd:
                    02:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:9F:A8:9F:EE:A2:FF:67:A0:95:B0:EC:EA:A4:AF:9D:B2:1B:16:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f90e4f5b-5243-4975-9d18-d2b74e0b7d4f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.2.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1a:56:f3:25:6c:bf:34:5d:31:4a:44:03:49:af:12:88:06:8d:
         dd:f3:f2:47:c7:18:c9:ba:d6:ae:4f:9d:51:6d:9d:8a:23:67:
         33:41:90:a6:d0:a8:e1:6d:68:83:e5:8f:92:e8:80:37:08:5e:
         11:cb:87:37:cb:24:a9:26:d8:a4:72:fe:7a:46:c5:9b:b3:0f:
         df:2e:73:59:27:4c:3f:0a:ac:cd:96:58:4f:cd:d5:da:b8:f0:
         c5:6b:84:2c:ae:5d:0e:7f:31:e0:5c:52:72:7b:97:31:86:a3:
         c9:28:7c:8c:ca:11:cc:ab:0d:f4:4b:c8:b0:b8:13:1e:4f:23:
         46:12:07:b6:7a:d5:e8:96:16:84:2d:d9:d1:57:78:ee:78:5b:
         75:b3:35:b7:11:ce:3c:79:92:2a:3d:91:93:33:bb:8e:77:d6:
         ff:77:4d:33:2c:6d:fb:03:c4:81:d6:d1:c0:c5:be:30:f9:3b:
         54:4d:f3:1c:dd:cd:35:c0:69:74:f0:e4:40:b3:0b:21:5c:8d:
         cc:f9:c4:38:ed:e6:1e:c6:27:6e:07:ed:d2:a1:c6:70:c5:23:
         18:bc:d6:9d:8d:67:20:ef:76:fb:4f:78:0b:70:f6:4c:06:ec:
         8e:23:53:5c:02:8a:2b:30:e9:bf:73:9f:4b:89:fa:53:ea:0a:
         f9:a1:13:38
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZM4ut3Wr0ec9Dkl+d2j48a6FZJgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDc3ODYyYWQzZDExODI3YTRiZDMzMmM4OTc2NTEwYWM4
NzM3M2QxNjA4YmZjNTk4NTFmMTA1YmQ4NmFiMmFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkyJXI/362A0kEWevoFQnNz9DRbIbbyheEgQnH+/q0wLON
i8TN3tBJGj5D1QCRMpl0rArjjy0fY4EO33unVdIBNFpifbqVOoTVu5Y0sW0l7Z5X
7XFg9LGq0fedaEkD6TFHi93HPpMRUS2Y/mbZ/AqmW6f9XZx45Ueav5+sA6vWg4Uv
HSniDw7kZgKoa2uGpOWvheG4J7dXK3Dkfd74C2CpoBj+KB3YCPkaixkimlbG5+q7
nkYztik2SKw0orn24yzxoEOOrmX4KMySWYqOhGt3tDV8tkXPrZJw8RPciJCslhm+
2wwNBtnqeMpCbi0A8JJrDNC8ystCpva5ni5YzQJ7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkp+on+6i/2eglbDs6qSvnbIbFrwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5MGU0ZjViLTUyNDMtNDk3NS05ZDE4LWQyYjc0ZTBiN2Q0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIAjANBgkqhkiG9w0BAQsFAAOCAQEAGlbzJWy/NF0xSkQDSa8SiAaN3fPy
R8cYybrWrk+dUW2diiNnM0GQptCo4W1og+WPkuiANwheEcuHN8skqSbYpHL+ekbF
m7MP3y5zWSdMPwqszZZYT83V2rjwxWuELK5dDn8x4FxScnuXMYajySh8jMoRzKsN
9EvIsLgTHk8jRhIHtnrV6JYWhC3Z0Vd47nhbdbM1txHOPHmSKj2RkzO7jnfW/3dN
Myxt+wPEgdbRwMW+MPk7VE3zHN3NNcBpdPDkQLMLIVyNzPnEOO3mHsYnbgft0qHG
cMUjGLzWnY1nIO92+094C3D2TAbsjiNTXAKKKzDpv3OfS4n6U+oK+aETOA==
-----END CERTIFICATE-----