Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/204aa188-9a8b-48c8-b764-0e231e92e7a4.roa
File:                     204aa188-9a8b-48c8-b764-0e231e92e7a4.roa (raw, json)
Hash identifier:          g5+TjqFDEm2mQmcAQ7f6J9ORGS6PhuDFNvYri/1MoAk=
Subject key identifier:   31:B7:A9:A9:AC:3C:CD:4C:FB:CD:C2:D4:E3:D0:36:3B:E4:06:6C:74
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24B2EA070767EFE883951782B5132A4B14D35B03
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/204aa188-9a8b-48c8-b764-0e231e92e7a4.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        209.163.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:b2:ea:07:07:67:ef:e8:83:95:17:82:b5:13:2a:4b:14:d3:5b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=4879b33862beb260d1575d1b54febfaa1ea2ddf4c4d62283c94441fe2ba00be0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d5:3d:65:6f:90:2f:ab:a5:2f:50:ca:f1:19:
                    23:e2:e4:fb:06:fc:8d:34:ec:4a:70:3d:6c:ac:b7:
                    38:ce:c0:a8:c3:14:ff:85:c1:9c:c4:ac:d9:3c:d9:
                    4f:24:b5:60:dc:5a:3d:58:67:ff:26:1e:a4:af:d6:
                    d7:02:2c:56:0b:a2:aa:b5:b3:2d:c3:43:39:d2:7a:
                    ea:af:0b:e9:4e:c3:3e:8e:a6:5f:1e:65:ee:ad:e1:
                    a6:7f:73:64:9f:86:e9:41:9d:f7:17:33:09:56:9e:
                    82:76:09:16:93:e8:9b:a4:f1:8b:30:e2:c4:b2:86:
                    6a:8f:b4:4f:47:37:0a:5e:d9:8f:8d:af:67:e2:b6:
                    0c:db:c5:70:81:49:e2:2a:9f:f1:4f:d8:88:be:f5:
                    42:64:77:df:a4:35:b7:92:f8:b6:cb:c1:5a:fc:82:
                    5b:53:cd:4f:36:d4:70:dc:fa:3a:26:0b:3c:e0:2b:
                    bb:02:60:19:f1:ae:d1:86:1f:a8:6b:38:c6:3b:bb:
                    54:65:6b:03:a6:36:ed:1d:87:3f:2b:3c:9c:31:0c:
                    7b:1b:a0:09:7e:6b:e3:cb:d8:32:52:58:ed:50:5f:
                    00:41:e7:af:6e:03:05:43:c0:c3:16:e9:b9:8f:42:
                    dd:76:7d:61:07:da:7e:aa:44:9e:b4:1f:e0:ae:d0:
                    0a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:B7:A9:A9:AC:3C:CD:4C:FB:CD:C2:D4:E3:D0:36:3B:E4:06:6C:74
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/204aa188-9a8b-48c8-b764-0e231e92e7a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.163.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         18:fa:55:e5:ff:e3:1c:d5:75:e8:3e:60:63:89:35:91:d4:44:
         37:51:cc:25:13:8a:51:74:54:2b:f8:19:74:56:84:c3:0e:8b:
         44:28:51:89:78:27:80:62:ed:0e:ce:eb:76:27:ba:f2:5c:83:
         6b:e6:b8:f8:f3:55:9e:90:14:16:74:fa:03:7e:2e:2d:63:ed:
         7f:e9:79:81:25:de:25:b4:77:5d:14:86:56:67:b0:6f:aa:00:
         9b:15:e2:5e:80:36:14:1f:88:b5:43:74:f8:f0:67:ab:40:68:
         c2:a6:6b:6b:71:23:b7:37:9c:bb:96:63:54:7b:bc:69:db:de:
         31:dc:b0:3c:42:30:6e:61:9d:0d:17:ff:b6:c1:b7:07:ff:c5:
         0a:a6:7c:74:d2:82:16:3a:66:cc:0b:3c:53:2e:da:ce:11:50:
         8d:4e:ef:2b:50:fb:a7:f8:45:cc:ed:87:b5:d0:18:f1:4f:44:
         3f:44:b0:d6:98:39:55:07:0d:d0:78:88:b0:ab:22:ad:e0:35:
         15:d8:25:5d:9a:36:a6:7a:36:bf:e2:9e:e3:ef:7a:a1:70:bc:
         2e:26:ba:ab:d4:29:7c:d2:99:b0:db:3f:03:6a:22:34:f5:08:
         bd:a6:c4:64:19:3b:b4:10:25:2f:24:e4:92:a1:b2:74:3c:2f:
         57:91:9b:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJLLqBwdn7+iDlReCtRMqSxTTWwMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODc5YjMzODYyYmViMjYwZDE1NzVkMWI1NGZlYmZhYTFl
YTJkZGY0YzRkNjIyODNjOTQ0NDFmZTJiYTAwYmUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC61T1lb5Avq6UvUMrxGSPi5PsG/I007EpwPWystzjOwKjD
FP+FwZzErNk82U8ktWDcWj1YZ/8mHqSv1tcCLFYLoqq1sy3DQznSeuqvC+lOwz6O
pl8eZe6t4aZ/c2SfhulBnfcXMwlWnoJ2CRaT6Juk8Ysw4sSyhmqPtE9HNwpe2Y+N
r2fitgzbxXCBSeIqn/FP2Ii+9UJkd9+kNbeS+LbLwVr8gltTzU821HDc+jomCzzg
K7sCYBnxrtGGH6hrOMY7u1RlawOmNu0dhz8rPJwxDHsboAl+a+PL2DJSWO1QXwBB
569uAwVDwMMW6bmPQt12fWEH2n6qRJ60H+Cu0Ao3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMbepqaw8zUz7zcLU49A2O+QGbHQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwNGFhMTg4LTlhOGItNDhjOC1iNzY0LTBlMjMxZTkyZTdhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbRowAwDQYJKoZIhvcNAQELBQADggEBABj6VeX/4xzVdeg+YGOJNZHURDdR
zCUTilF0VCv4GXRWhMMOi0QoUYl4J4Bi7Q7O63YnuvJcg2vmuPjzVZ6QFBZ0+gN+
Li1j7X/peYEl3iW0d10UhlZnsG+qAJsV4l6ANhQfiLVDdPjwZ6tAaMKma2txI7c3
nLuWY1R7vGnb3jHcsDxCMG5hnQ0X/7bBtwf/xQqmfHTSghY6ZswLPFMu2s4RUI1O
7ytQ+6f4Rczth7XQGPFPRD9EsNaYOVUHDdB4iLCrIq3gNRXYJV2aNqZ6Nr/inuPv
eqFwvC4muqvUKXzSmbDbPwNqIjT1CL2mxGQZO7QQJS8k5JKhsnQ8L1eRm5I=
-----END CERTIFICATE-----