Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/206bcf63-0d5d-4555-92e7-2e686ddc4a63.roa
File:                     206bcf63-0d5d-4555-92e7-2e686ddc4a63.roa (raw, json)
Hash identifier:          3I7KFm+hvGcNwqV+kqR+OCGSjsVRiTWp6DIX26DqYqQ=
Subject key identifier:   03:1B:0F:3A:A6:F8:E8:C9:DF:8C:FE:45:DA:6F:2F:DB:E8:A3:C7:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5D8FBAC1D693AEC6F35DC011FA412575FD92A2AF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/206bcf63-0d5d-4555-92e7-2e686ddc4a63.roa
Signing time:             Fri 14 Mar 2025 00:40:21 +0000
ROA not before:           Fri 14 Mar 2025 00:40:21 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     19047
IP address blocks:        70.130.209.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:8f:ba:c1:d6:93:ae:c6:f3:5d:c0:11:fa:41:25:75:fd:92:a2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:40:21 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=6a10c3c524e5650c9917d81c0398f8cfec635be2363b89b8081cd9ef3117c459, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:0d:45:47:b9:0e:cf:fb:99:be:89:95:1b:9a:
                    0d:0c:1e:13:bd:52:55:12:12:f6:3a:04:e5:69:39:
                    22:3c:03:65:f9:ea:a0:f4:be:b4:e9:bf:db:30:a1:
                    b9:44:f9:6e:3c:65:1b:93:15:c5:98:e5:36:b4:43:
                    c0:33:4b:c1:3f:db:ff:48:31:ae:09:d9:9e:50:fa:
                    85:c0:5f:a8:40:53:dc:6e:e0:21:bd:91:6c:ad:11:
                    f2:8b:91:fd:34:ff:fc:4e:1a:82:88:a3:95:7b:ae:
                    0a:de:d9:d3:25:81:a3:62:e2:6f:d1:d8:af:79:fe:
                    d6:e2:03:30:c0:1b:a9:6e:93:f0:ce:0c:1a:1d:ce:
                    a3:86:0b:ad:04:45:70:94:72:ed:73:18:33:f0:5c:
                    ca:73:d0:51:5e:68:4b:f7:7f:c9:f5:7f:f8:52:01:
                    ca:7e:d8:00:1f:8d:97:9e:7f:e0:b7:f0:6d:f4:f1:
                    eb:36:ea:cb:a1:e9:f0:56:d8:0d:3c:d4:4e:ec:51:
                    f2:d7:9b:05:f4:3b:3a:b3:22:f1:ee:37:5f:51:d1:
                    f8:21:3c:d3:47:69:cd:e8:05:19:1a:a0:70:cb:55:
                    5f:ef:3e:e3:ac:6c:58:32:83:83:65:ef:95:24:0a:
                    75:af:5b:ee:19:15:97:6e:f4:b7:f8:70:3b:4e:06:
                    cb:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:1B:0F:3A:A6:F8:E8:C9:DF:8C:FE:45:DA:6F:2F:DB:E8:A3:C7:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/206bcf63-0d5d-4555-92e7-2e686ddc4a63.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.130.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:d3:93:fd:03:e9:6e:54:ec:4f:ce:5a:7d:1d:02:f4:01:b6:
         c2:92:5e:71:d8:d8:1c:c1:01:48:03:34:a7:ae:bc:b0:ea:a9:
         c4:ca:ff:ff:41:b4:1c:85:c2:25:f2:de:0f:03:b4:d2:33:2d:
         9f:32:ae:40:16:29:fe:2b:7c:3a:91:25:15:ef:61:49:00:03:
         f5:3e:ce:33:7f:f7:6e:b0:f3:5a:c8:18:4c:b3:67:f2:7e:b2:
         70:a6:b8:b6:9c:3b:19:5b:c1:1f:bf:8f:c9:d9:3e:ad:a6:ec:
         52:9d:8e:81:c1:1a:6d:c0:ac:fe:b9:ab:63:ac:0a:9a:65:11:
         fd:21:21:80:23:79:3c:e3:9b:72:25:45:7f:ca:f5:b0:54:cf:
         d0:71:77:79:d8:04:42:7a:39:49:55:f4:12:ac:df:62:81:89:
         da:49:25:d4:67:4d:f7:4e:8a:e4:89:31:27:b6:a2:44:94:da:
         4f:23:65:ec:57:0e:fe:eb:69:75:92:07:1a:ce:34:9d:2c:c4:
         fe:35:da:93:f4:b6:0f:17:dd:e3:6f:67:8d:a5:d6:b7:bb:a1:
         5c:fd:f8:da:04:8f:51:f6:58:a1:6e:a0:eb:69:36:79:fc:ec:
         9d:3e:6b:84:8a:d9:88:fd:77:14:ff:06:50:e2:a4:36:fb:a2:
         84:2b:30:b3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXY+6wdaTrsbzXcAR+kEldf2Soq8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDA0MDIxWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTEwYzNjNTI0ZTU2NTBjOTkxN2Q4MWMwMzk4ZjhjZmVj
NjM1YmUyMzYzYjg5YjgwODFjZDllZjMxMTdjNDU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoDUVHuQ7P+5m+iZUbmg0MHhO9UlUSEvY6BOVpOSI8A2X5
6qD0vrTpv9swoblE+W48ZRuTFcWY5Ta0Q8AzS8E/2/9IMa4J2Z5Q+oXAX6hAU9xu
4CG9kWytEfKLkf00//xOGoKIo5V7rgre2dMlgaNi4m/R2K95/tbiAzDAG6luk/DO
DBodzqOGC60ERXCUcu1zGDPwXMpz0FFeaEv3f8n1f/hSAcp+2AAfjZeef+C38G30
8es26suh6fBW2A081E7sUfLXmwX0OzqzIvHuN19R0fghPNNHac3oBRkaoHDLVV/v
PuOsbFgyg4Nl75UkCnWvW+4ZFZdu9Lf4cDtOBsubAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAxsPOqb46MnfjP5F2m8v2+ijx/0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwNmJjZjYzLTBkNWQtNDU1NS05MmU3LTJlNjg2ZGRjNGE2My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGgtEwDQYJKoZIhvcNAQELBQADggEBAJ/Tk/0D6W5U7E/OWn0dAvQBtsKS
XnHY2BzBAUgDNKeuvLDqqcTK//9BtByFwiXy3g8DtNIzLZ8yrkAWKf4rfDqRJRXv
YUkAA/U+zjN/926w81rIGEyzZ/J+snCmuLacOxlbwR+/j8nZPq2m7FKdjoHBGm3A
rP65q2OsCpplEf0hIYAjeTzjm3IlRX/K9bBUz9Bxd3nYBEJ6OUlV9BKs32KBidpJ
JdRnTfdOiuSJMSe2okSU2k8jZexXDv7raXWSBxrONJ0sxP412pP0tg8X3eNvZ42l
1re7oVz9+NoEj1H2WKFuoOtpNnn87J0+a4SK2Yj9dxT/BlDipDb7ooQrMLM=
-----END CERTIFICATE-----