Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02c9d30d-9ff3-4559-8c33-ceaf819ef908.roa
File:                     02c9d30d-9ff3-4559-8c33-ceaf819ef908.roa (raw, json)
Hash identifier:          JnUocHoXnA+sbJJupQTllAhaVaYDMYKHP3C9Fxb5tkA=
Subject key identifier:   40:9F:81:A9:EF:5D:2C:38:30:FA:A8:44:18:BB:CE:19:05:0B:F9:A3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AFB5E6CD45CE51357AF4559F052CC6605974A0C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02c9d30d-9ff3-4559-8c33-ceaf819ef908.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        66.109.64.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:fb:5e:6c:d4:5c:e5:13:57:af:45:59:f0:52:cc:66:05:97:4a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=5fe28d0c8370d0eda779ec0c942275d2ddbe746868d822088a2b3c69501ab29b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cd:d7:7e:29:36:ab:b7:a8:25:61:ce:24:32:
                    8f:b4:0a:96:2d:ab:a8:4f:4d:26:b2:4d:11:0b:11:
                    16:0f:32:6e:a0:65:5a:29:36:3f:3d:2a:a6:b3:95:
                    2d:69:43:f0:16:14:9b:11:e7:3c:4d:49:9a:50:0d:
                    50:2c:28:bc:22:3e:61:3d:a4:1f:31:c0:5f:7d:1f:
                    88:fc:f2:df:4a:3e:cb:49:5c:9f:39:34:1f:18:72:
                    35:a3:1a:90:d8:35:4d:2a:f4:56:50:4e:5b:4f:af:
                    ed:8b:03:48:f2:55:72:89:b1:e8:0d:d7:9d:3a:f3:
                    6f:bc:ab:cb:3a:65:fa:36:d5:1a:cb:b0:c6:b7:72:
                    9d:be:e7:ed:e0:07:32:61:8c:d7:4a:1e:ec:87:93:
                    8c:fe:46:96:52:04:0a:cf:f5:1e:8c:ae:11:67:34:
                    f5:0f:24:77:9a:9c:9f:89:94:e1:ec:ec:d9:94:da:
                    2e:25:aa:e6:4c:40:c6:17:98:39:ec:47:36:60:a0:
                    1e:2e:c1:60:50:98:20:9f:cf:f0:49:62:79:aa:57:
                    62:fd:92:50:09:17:2e:ca:62:25:63:3e:ad:f3:8d:
                    15:97:9c:e0:44:f9:17:9f:aa:72:ab:6a:3b:49:8f:
                    f6:bf:84:e1:8c:d1:e4:2e:c2:5b:49:d3:d8:3c:ba:
                    33:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:9F:81:A9:EF:5D:2C:38:30:FA:A8:44:18:BB:CE:19:05:0B:F9:A3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02c9d30d-9ff3-4559-8c33-ceaf819ef908.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.109.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d9:3a:3a:a5:2f:fa:d0:d8:18:a9:05:57:8a:5c:b1:2f:d9:ef:
         89:94:fe:9c:d3:f6:17:80:8f:43:0d:2c:88:74:4b:d0:2a:07:
         a1:7d:f0:7b:94:a1:44:96:39:58:d0:84:c1:8f:28:df:5c:4d:
         08:f4:c5:d4:0e:3c:5b:ac:60:39:da:12:91:d5:a1:e9:8a:54:
         a8:b5:bc:99:8d:59:7e:5b:be:9e:c4:f6:ad:b6:2e:b7:2e:ab:
         ee:0b:85:e8:df:0e:26:b5:18:f5:da:0a:3c:fe:f4:5d:49:35:
         77:68:0f:46:d0:17:37:c0:06:71:c1:b9:d1:41:b5:e4:c7:b8:
         73:a4:b8:7a:e1:66:9c:e0:af:bc:4e:d9:da:98:0c:bb:1f:70:
         da:e7:4f:49:fc:f6:29:2d:1b:52:2c:db:e6:39:fa:66:11:ac:
         64:d8:78:e1:35:41:6e:02:87:a3:50:0a:26:45:23:2d:31:b6:
         e6:0e:a3:80:60:e7:73:f6:18:48:af:d3:46:62:45:a2:5e:c0:
         02:c7:6f:36:51:79:71:ff:5a:03:c0:96:67:64:70:07:63:27:
         b2:32:ac:bb:fc:94:44:4a:18:eb:45:8f:51:b1:93:e4:b9:40:
         65:80:f4:7f:42:9a:0f:b5:6e:1d:bc:01:4a:3d:e1:9c:15:e5:
         2d:9c:3d:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUevtebNRc5RNXr0VZ8FLMZgWXSgwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZmUyOGQwYzgzNzBkMGVkYTc3OWVjMGM5NDIyNzVkMmRk
YmU3NDY4NjhkODIyMDg4YTJiM2M2OTUwMWFiMjliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTzdd+KTart6glYc4kMo+0CpYtq6hPTSayTRELERYPMm6g
ZVopNj89KqazlS1pQ/AWFJsR5zxNSZpQDVAsKLwiPmE9pB8xwF99H4j88t9KPstJ
XJ85NB8YcjWjGpDYNU0q9FZQTltPr+2LA0jyVXKJsegN150682+8q8s6Zfo21RrL
sMa3cp2+5+3gBzJhjNdKHuyHk4z+RpZSBArP9R6MrhFnNPUPJHeanJ+JlOHs7NmU
2i4lquZMQMYXmDnsRzZgoB4uwWBQmCCfz/BJYnmqV2L9klAJFy7KYiVjPq3zjRWX
nOBE+RefqnKrajtJj/a/hOGM0eQuwltJ09g8ujMLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQJ+Bqe9dLDgw+qhEGLvOGQUL+aMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyYzlkMzBkLTlmZjMtNDU1OS04YzMzLWNlYWY4MTllZjkwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARCbUAwDQYJKoZIhvcNAQELBQADggEBANk6OqUv+tDYGKkFV4pcsS/Z74mU
/pzT9heAj0MNLIh0S9AqB6F98HuUoUSWOVjQhMGPKN9cTQj0xdQOPFusYDnaEpHV
oemKVKi1vJmNWX5bvp7E9q22Lrcuq+4LhejfDia1GPXaCjz+9F1JNXdoD0bQFzfA
BnHBudFBteTHuHOkuHrhZpzgr7xO2dqYDLsfcNrnT0n89iktG1Is2+Y5+mYRrGTY
eOE1QW4Ch6NQCiZFIy0xtuYOo4Bg53P2GEiv00ZiRaJewALHbzZReXH/WgPAlmdk
cAdjJ7IyrLv8lERKGOtFj1Gxk+S5QGWA9H9Cmg+1bh28AUo94ZwV5S2cPXs=
-----END CERTIFICATE-----