Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4123cdbe-af41-4ec0-8f50-2451dbd8253f.roa
File:                     4123cdbe-af41-4ec0-8f50-2451dbd8253f.roa (raw, json)
Hash identifier:          WS4jhXxTZzINvbSEDztlDHBCtGIuEsm+NS0jSQqmZMs=
Subject key identifier:   08:9D:C9:FF:1D:3A:68:83:6E:90:C2:EF:9F:FA:6B:38:13:46:9C:C9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       44C6B6E37624BB7A4ADF25B5C3C92BB940A373CF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4123cdbe-af41-4ec0-8f50-2451dbd8253f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        205.147.212.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:c6:b6:e3:76:24:bb:7a:4a:df:25:b5:c3:c9:2b:b9:40:a3:73:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=4a213df4dbc4cb92274557b1f5dd1a0251a53d5d258e8cc64697505e205ca57b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e4:0b:20:71:e3:5d:d8:4f:b1:82:44:b5:2b:
                    f7:3a:60:48:fe:b3:0d:ca:8a:c7:bb:15:b5:9f:89:
                    d6:c6:72:49:f1:ca:0f:e3:1b:78:77:b2:9b:c6:f5:
                    83:af:8c:5b:1e:00:07:96:8b:ce:60:fd:e6:b4:84:
                    25:a1:2d:b3:f0:f5:25:47:87:a3:cd:4a:60:9c:4e:
                    ef:fd:64:e3:4f:54:a5:1c:ff:12:05:33:5c:60:6d:
                    ea:1d:4c:77:e3:77:04:0e:38:26:9a:94:74:6a:64:
                    d9:31:70:64:92:14:57:eb:91:b7:42:7c:9d:34:f5:
                    96:8e:10:d3:2a:ba:ec:c8:0f:ef:5b:43:82:a7:a6:
                    cf:f0:7c:d3:a7:1e:f7:50:53:87:e0:a8:03:1c:3e:
                    2e:3f:82:16:30:9c:72:e6:05:90:c2:e6:d7:e7:2c:
                    fb:16:9c:35:6f:74:77:f5:71:ce:a7:7a:51:55:05:
                    69:fa:e6:d2:03:56:79:12:72:e8:78:e6:8a:df:11:
                    ab:f6:c6:ca:00:c4:d8:34:84:7c:e8:56:4c:5e:af:
                    68:fa:5a:3f:e3:9e:f6:8b:be:53:c9:26:e7:87:f8:
                    df:4a:5f:7e:0f:b7:3b:69:0e:b9:4b:8a:44:83:dd:
                    c3:94:52:17:b2:97:c8:cb:2b:fa:8b:7a:9f:35:42:
                    57:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:9D:C9:FF:1D:3A:68:83:6E:90:C2:EF:9F:FA:6B:38:13:46:9C:C9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4123cdbe-af41-4ec0-8f50-2451dbd8253f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.147.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:d4:24:49:93:46:62:58:96:ca:e0:c0:d3:3c:41:b6:fa:ca:
         54:6a:64:b7:fa:9c:32:b0:f7:6c:eb:a0:1c:58:5a:0d:e9:f2:
         72:71:43:dc:d2:b7:a6:3e:5c:91:d5:1b:80:ea:a4:87:73:95:
         85:9f:f6:97:9b:03:6c:3b:a1:67:be:63:ae:eb:78:47:09:ac:
         da:57:6b:c8:70:f5:c0:ac:d6:3c:3d:70:9f:e0:6c:0d:1c:70:
         f4:43:00:3c:3f:88:f0:d3:aa:41:48:9d:9e:25:70:57:75:75:
         97:14:0d:aa:00:62:77:d6:6d:85:f7:59:74:54:ac:af:ef:3e:
         c2:77:db:b4:3a:a9:61:60:17:81:69:00:c6:41:aa:8f:ae:a1:
         82:89:0a:47:50:68:f0:84:d4:b6:78:a6:f1:b7:a5:22:73:85:
         87:a8:f9:63:4e:06:f5:5c:1a:1e:f0:97:bb:d2:8e:11:59:5b:
         0c:a2:9a:81:44:50:ce:e4:2e:15:3d:4d:7f:02:a7:15:ce:75:
         b4:a1:93:81:c4:68:de:0e:19:7f:b9:bc:3e:33:bf:dc:1e:6d:
         a7:0f:26:05:1f:e8:c1:a1:a4:49:90:d7:f3:cd:04:3e:ef:a8:
         55:82:5e:35:77:f2:de:c2:93:71:0f:24:75:e9:7e:e8:d9:40:
         a7:8f:58:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURMa243Yku3pK3yW1w8kruUCjc88wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTIxM2RmNGRiYzRjYjkyMjc0NTU3YjFmNWRkMWEwMjUx
YTUzZDVkMjU4ZThjYzY0Njk3NTA1ZTIwNWNhNTdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH5AsgceNd2E+xgkS1K/c6YEj+sw3Kise7FbWfidbGcknx
yg/jG3h3spvG9YOvjFseAAeWi85g/ea0hCWhLbPw9SVHh6PNSmCcTu/9ZONPVKUc
/xIFM1xgbeodTHfjdwQOOCaalHRqZNkxcGSSFFfrkbdCfJ009ZaOENMquuzID+9b
Q4Knps/wfNOnHvdQU4fgqAMcPi4/ghYwnHLmBZDC5tfnLPsWnDVvdHf1cc6nelFV
BWn65tIDVnkScuh45orfEav2xsoAxNg0hHzoVkxer2j6Wj/jnvaLvlPJJueH+N9K
X34PtztpDrlLikSD3cOUUheyl8jLK/qLep81QlfvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCJ3J/x06aINukMLvn/prOBNGnMkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQxMjNjZGJlLWFmNDEtNGVjMC04ZjUwLTI0NTFkYmQ4MjUzZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBALNk9QwDQYJKoZIhvcNAQELBQADggEBAAjUJEmTRmJYlsrgwNM8Qbb6ylRq
ZLf6nDKw92zroBxYWg3p8nJxQ9zSt6Y+XJHVG4DqpIdzlYWf9pebA2w7oWe+Y67r
eEcJrNpXa8hw9cCs1jw9cJ/gbA0ccPRDADw/iPDTqkFInZ4lcFd1dZcUDaoAYnfW
bYX3WXRUrK/vPsJ327Q6qWFgF4FpAMZBqo+uoYKJCkdQaPCE1LZ4pvG3pSJzhYeo
+WNOBvVcGh7wl7vSjhFZWwyimoFEUM7kLhU9TX8CpxXOdbShk4HEaN4OGX+5vD4z
v9webacPJgUf6MGhpEmQ1/PNBD7vqFWCXjV38t7Ck3EPJHXpfujZQKePWJc=
-----END CERTIFICATE-----