Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11113e05-0b43-4464-a812-d485ae07d5bb.roa
File:                     11113e05-0b43-4464-a812-d485ae07d5bb.roa (raw, json)
Hash identifier:          zwJfVp8b6zMGa6zT9ci7tXoF21mMFDZAY7/X7gSHEgo=
Subject key identifier:   E4:A1:8E:F6:67:69:C1:02:5B:EB:E7:F0:E3:59:A9:13:D5:1E:20:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57A3F0AF34F403B48D693CA41F190D11434BFBC3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11113e05-0b43-4464-a812-d485ae07d5bb.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        136.18.24.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a3:f0:af:34:f4:03:b4:8d:69:3c:a4:1f:19:0d:11:43:4b:fb:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=cb02d9f152a19a18f1217788040c6bee3f3cdcd8b7bc2e322e650850c5025c4c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:53:fc:15:ff:1d:91:d8:a9:ca:c8:83:dd:0f:
                    04:e7:d5:7d:91:ae:c1:09:b7:41:ec:ad:d5:9b:62:
                    d6:14:d1:bd:bf:b3:40:09:90:25:1e:dc:12:6a:cc:
                    b9:49:86:6d:64:52:bf:77:6e:76:a9:05:ca:9e:a9:
                    42:4c:d9:04:ca:c7:26:c6:67:5f:a2:7f:71:61:50:
                    eb:4f:7b:e6:fe:59:0f:e4:d9:68:73:51:46:b6:0f:
                    5a:40:06:db:2a:e2:4c:d9:88:34:7c:84:e0:2b:cd:
                    1a:38:98:6f:61:cf:cb:a6:19:6c:bd:29:f0:3e:4c:
                    3b:a0:60:66:b4:b0:87:60:5a:e1:d4:21:1a:31:d5:
                    f9:cb:e3:f8:91:ee:7f:a1:88:18:8b:85:43:74:a6:
                    a8:f1:a2:55:43:45:a3:51:8d:18:f4:79:b9:75:68:
                    26:26:6a:bb:54:f1:93:2e:31:1c:d1:f0:38:ec:14:
                    84:42:38:ce:11:46:fd:a8:aa:4e:6b:47:b0:8d:41:
                    2a:cf:28:f3:13:1c:f6:a3:a3:f1:c5:7b:4c:29:55:
                    c9:ec:a6:46:5e:22:62:88:e4:4d:42:0d:15:f3:e6:
                    80:84:7f:79:52:15:42:7e:a6:1b:21:ef:86:cc:c4:
                    40:88:e5:2e:c0:1f:17:8d:57:54:d4:e2:70:d7:06:
                    cc:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:A1:8E:F6:67:69:C1:02:5B:EB:E7:F0:E3:59:A9:13:D5:1E:20:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/11113e05-0b43-4464-a812-d485ae07d5bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         22:fb:bc:d4:f5:4a:78:55:af:7f:56:cf:2c:33:48:52:1e:35:
         11:90:e1:8a:8e:c3:2c:3a:fa:ab:db:c3:c7:0f:fc:25:ec:0b:
         2e:32:37:d2:62:d5:dd:90:8c:d2:6d:8a:e0:72:a7:44:67:85:
         02:7d:43:e0:df:91:de:d5:f1:bd:bd:f2:05:41:b3:16:af:f6:
         d3:c6:5e:cd:d0:a9:de:17:6d:92:99:3a:01:7b:d0:c0:c1:86:
         c6:8f:71:45:60:90:45:e3:9b:c4:1e:7d:2f:39:d2:fb:e0:b9:
         49:aa:66:e7:16:2c:66:db:e0:8f:7e:d8:92:88:14:8a:ee:a8:
         83:26:02:50:57:c6:7a:d9:2e:c7:80:40:52:00:b4:1b:7e:25:
         d8:a0:17:36:c0:79:ab:a9:6e:7f:54:9d:a5:fa:ee:97:9c:35:
         c7:90:ad:35:55:4f:19:1d:3e:19:66:00:92:bf:98:f4:d3:56:
         59:37:6d:9a:84:e8:d1:d0:65:36:71:b7:cc:da:ba:cf:69:fc:
         51:1e:39:7b:23:b8:1e:fc:31:35:9e:59:a3:cf:a4:f4:d1:6c:
         08:26:85:69:7d:db:01:e0:82:97:ba:59:95:a8:ee:70:54:28:
         0e:4a:cd:0c:55:43:9c:b8:f6:f5:f7:5c:7a:8e:86:71:d8:fd:
         28:dc:cb:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV6PwrzT0A7SNaTykHxkNEUNL+8MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjAyZDlmMTUyYTE5YTE4ZjEyMTc3ODgwNDBjNmJlZTNm
M2NkY2Q4YjdiYzJlMzIyZTY1MDg1MGM1MDI1YzRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEU/wV/x2R2KnKyIPdDwTn1X2RrsEJt0HsrdWbYtYU0b2/
s0AJkCUe3BJqzLlJhm1kUr93bnapBcqeqUJM2QTKxybGZ1+if3FhUOtPe+b+WQ/k
2WhzUUa2D1pABtsq4kzZiDR8hOArzRo4mG9hz8umGWy9KfA+TDugYGa0sIdgWuHU
IRox1fnL4/iR7n+hiBiLhUN0pqjxolVDRaNRjRj0ebl1aCYmartU8ZMuMRzR8Djs
FIRCOM4RRv2oqk5rR7CNQSrPKPMTHPajo/HFe0wpVcnspkZeImKI5E1CDRXz5oCE
f3lSFUJ+phsh74bMxECI5S7AHxeNV1TU4nDXBswvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5KGO9mdpwQJb6+fw41mpE9UeIAMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzExMTEzZTA1LTBiNDMtNDQ2NC1hODEyLWQ0ODVhZTA3ZDViYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOIEhgwDQYJKoZIhvcNAQELBQADggEBACL7vNT1SnhVr39WzywzSFIeNRGQ
4YqOwyw6+qvbw8cP/CXsCy4yN9Ji1d2QjNJtiuByp0RnhQJ9Q+Dfkd7V8b298gVB
sxav9tPGXs3Qqd4XbZKZOgF70MDBhsaPcUVgkEXjm8QefS850vvguUmqZucWLGbb
4I9+2JKIFIruqIMmAlBXxnrZLseAQFIAtBt+JdigFzbAeaupbn9UnaX67pecNceQ
rTVVTxkdPhlmAJK/mPTTVlk3bZqE6NHQZTZxt8zaus9p/FEeOXsjuB78MTWeWaPP
pPTRbAgmhWl92wHggpe6WZWo7nBUKA5KzQxVQ5y49vX3XHqOhnHY/Sjcyyc=
-----END CERTIFICATE-----