Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f540a64-fa52-4776-a30a-869e939e9a85.roa
File:                     3f540a64-fa52-4776-a30a-869e939e9a85.roa (raw, json)
Hash identifier:          LTvxo/Tsyl5egZsIxJ2rrJmim8fK6sCNblTBLKVR+SA=
Subject key identifier:   89:AC:7B:D3:18:8C:5F:61:92:C7:8B:65:13:57:F8:87:C8:0D:E0:41
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75E79E8CD2ECE98CCD9927ED9ED7311E4AF2FDB4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f540a64-fa52-4776-a30a-869e939e9a85.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        162.73.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:e7:9e:8c:d2:ec:e9:8c:cd:99:27:ed:9e:d7:31:1e:4a:f2:fd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=ad1e2f857e3d9fc85da1fe6bca325574aef458de0a73f42bfe0e46c3be01a202, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0a:cd:8d:50:b4:7e:9c:d1:6e:ba:8a:a9:43:
                    77:7b:79:d2:14:e7:11:56:66:5a:cd:a3:54:de:04:
                    59:2a:c0:64:e3:cb:0e:fd:85:b1:d3:a5:e3:fb:06:
                    de:32:19:e4:16:84:74:d7:66:4c:7b:cd:e1:4b:68:
                    8c:f5:d5:94:17:40:48:51:71:71:4b:5d:30:a0:d1:
                    74:53:72:6c:14:97:fe:43:97:c4:bb:48:ed:e1:56:
                    96:ee:dd:b1:81:f4:59:1e:02:cb:33:16:19:d5:65:
                    b8:73:da:f7:35:97:c2:f1:93:dd:f2:ed:5d:95:2c:
                    6e:a1:cc:0f:56:a5:10:be:58:15:d7:17:b8:30:bc:
                    6b:78:29:51:19:7b:78:0e:45:53:2a:1a:73:9c:23:
                    5e:d1:43:87:91:b7:82:be:7c:ad:93:4f:2a:87:4a:
                    45:44:f7:f9:53:57:30:c4:5b:f2:4d:bd:49:d7:00:
                    b5:63:d0:93:e3:38:e9:74:43:db:64:8a:67:5f:d9:
                    00:43:02:97:9e:5b:6d:21:96:4e:4c:bb:18:39:ee:
                    f2:cb:c3:de:a2:d7:4f:22:80:c5:4b:85:62:76:2c:
                    cb:83:a8:8d:f5:ad:5c:10:3a:e6:57:43:35:bb:82:
                    f0:c3:55:ba:8c:6e:88:aa:e9:72:86:92:59:be:be:
                    e9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:AC:7B:D3:18:8C:5F:61:92:C7:8B:65:13:57:F8:87:C8:0D:E0:41
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f540a64-fa52-4776-a30a-869e939e9a85.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2a:d3:76:85:91:9f:e2:91:61:f1:24:a5:7b:79:0b:05:a6:ad:
         8e:2c:70:e0:92:c2:1b:81:0f:b5:af:cf:88:a9:97:73:d3:dd:
         9f:d6:e2:09:ad:a1:24:0c:3c:99:c9:b2:c4:0c:9c:c6:73:28:
         33:c1:89:bd:ba:50:bd:cf:f9:68:61:51:dc:a3:b9:6d:2d:c2:
         83:cc:b9:ba:33:da:04:b6:4e:fd:f1:68:31:df:9d:25:a4:9a:
         ec:14:a9:72:39:3c:3f:3e:b0:8e:8e:30:19:d7:aa:45:d2:7c:
         dd:d4:7c:2f:8d:92:5a:17:1e:89:86:0f:a7:64:a2:81:f8:e6:
         9f:85:90:c9:bf:8c:75:87:8a:17:9c:5b:7a:8e:13:94:73:2a:
         45:6d:7d:a6:d1:84:6f:97:a4:ec:ff:46:22:d3:d1:fa:c0:59:
         94:38:14:ae:2f:cf:7c:3a:6e:68:e4:ea:fb:76:ef:42:c3:c4:
         e1:c0:6d:e0:88:97:83:58:8d:f8:aa:6a:c3:bf:e0:66:27:5c:
         6a:b0:4a:66:a5:96:94:b5:d0:d1:28:86:f9:a9:da:79:bf:e7:
         9b:35:9c:6d:77:a0:1f:63:4b:40:da:d6:e1:02:6c:7b:b2:bb:
         17:42:0f:61:48:e0:c5:67:af:b8:c9:39:44:ca:56:08:e5:ae:
         6c:28:5f:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdeeejNLs6YzNmSftntcxHkry/bQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDFlMmY4NTdlM2Q5ZmM4NWRhMWZlNmJjYTMyNTU3NGFl
ZjQ1OGRlMGE3M2Y0MmJmZTBlNDZjM2JlMDFhMjAyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKCs2NULR+nNFuuoqpQ3d7edIU5xFWZlrNo1TeBFkqwGTj
yw79hbHTpeP7Bt4yGeQWhHTXZkx7zeFLaIz11ZQXQEhRcXFLXTCg0XRTcmwUl/5D
l8S7SO3hVpbu3bGB9FkeAsszFhnVZbhz2vc1l8Lxk93y7V2VLG6hzA9WpRC+WBXX
F7gwvGt4KVEZe3gORVMqGnOcI17RQ4eRt4K+fK2TTyqHSkVE9/lTVzDEW/JNvUnX
ALVj0JPjOOl0Q9tkimdf2QBDApeeW20hlk5Muxg57vLLw96i108igMVLhWJ2LMuD
qI31rVwQOuZXQzW7gvDDVbqMboiq6XKGklm+vumDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiax70xiMX2GSx4tlE1f4h8gN4EEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmNTQwYTY0LWZhNTItNDc3Ni1hMzBhLTg2OWU5MzllOWE4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCiSTANBgkqhkiG9w0BAQsFAAOCAQEAKtN2hZGf4pFh8SSle3kLBaatjixw
4JLCG4EPta/PiKmXc9Pdn9biCa2hJAw8mcmyxAycxnMoM8GJvbpQvc/5aGFR3KO5
bS3Cg8y5ujPaBLZO/fFoMd+dJaSa7BSpcjk8Pz6wjo4wGdeqRdJ83dR8L42SWhce
iYYPp2Sigfjmn4WQyb+MdYeKF5xbeo4TlHMqRW19ptGEb5ek7P9GItPR+sBZlDgU
ri/PfDpuaOTq+3bvQsPE4cBt4IiXg1iN+Kpqw7/gZidcarBKZqWWlLXQ0SiG+ana
eb/nmzWcbXegH2NLQNrW4QJse7K7F0IPYUjgxWevuMk5RMpWCOWubChfbg==
-----END CERTIFICATE-----