Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50d3f7d1-fddf-4e46-967c-6684b22b30e5.roa
File:                     50d3f7d1-fddf-4e46-967c-6684b22b30e5.roa (raw, json)
Hash identifier:          cSUR/eFEGstjgYShZ8bLOJ+QdvWBqUIMryye1OOoJIE=
Subject key identifier:   21:69:2A:63:C0:20:41:50:41:4C:F9:90:D0:92:6F:1E:78:C5:A8:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       58B195E7E6B30D1520944B89DF7E1ED22D0947FD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50d3f7d1-fddf-4e46-967c-6684b22b30e5.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        164.152.200.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:b1:95:e7:e6:b3:0d:15:20:94:4b:89:df:7e:1e:d2:2d:09:47:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=c58b900cdc96780afeff3189a90528cf41ddcb942c028c9912063a20dae20c8c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:30:99:d8:08:8d:0f:ea:15:ac:c6:f9:13:
                    31:0c:bd:eb:76:ad:73:24:78:35:78:c8:57:9a:fb:
                    c0:c7:1d:84:f2:de:55:a3:15:55:0a:74:98:7f:9a:
                    49:f8:b6:9f:53:28:d1:d7:ec:e1:bc:91:d4:51:15:
                    2b:a7:58:75:6a:02:ed:c7:30:5b:14:53:2d:dc:10:
                    41:63:5f:1a:17:80:88:8b:ae:04:46:57:70:98:5a:
                    c8:d9:0e:37:29:77:09:bc:dc:bf:8a:28:19:b2:a5:
                    af:5d:e7:81:6f:18:3e:95:99:58:dc:35:ed:ff:3b:
                    ad:c3:2a:0d:db:f2:d1:0c:f6:e1:e3:f4:32:80:b3:
                    cb:69:76:f5:b6:9a:6f:fe:5c:fd:a3:72:5b:ac:02:
                    44:b9:00:aa:e1:46:b0:92:5d:fa:52:57:df:f9:66:
                    04:86:d0:9a:a1:d7:a5:4c:c4:fc:d0:9f:ba:11:30:
                    6d:e4:9f:a3:04:9e:8a:fb:61:61:41:03:3a:95:04:
                    2d:75:8a:16:ef:ff:e9:26:9b:34:4d:0e:e5:0b:81:
                    2b:91:66:9c:e0:0a:59:78:89:7b:f1:dc:7c:b9:9f:
                    21:27:a0:58:7c:ee:23:7d:0c:50:02:7f:a0:91:94:
                    f5:e9:3b:ea:bc:a5:6e:a4:e7:bf:d3:dc:a7:8a:ee:
                    37:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:69:2A:63:C0:20:41:50:41:4C:F9:90:D0:92:6F:1E:78:C5:A8:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/50d3f7d1-fddf-4e46-967c-6684b22b30e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:2f:cc:6a:8d:23:2b:79:f8:2b:a3:9e:1e:eb:f9:70:64:16:
         38:16:07:a1:f3:e3:ca:8d:fd:c2:46:2e:33:97:32:29:57:4e:
         15:9d:93:90:40:f1:50:58:5f:b3:7c:6d:25:aa:8d:f3:6e:4e:
         df:74:03:c3:85:ac:a1:cd:4f:b3:21:52:27:99:2b:e0:61:20:
         ba:50:11:55:eb:1d:90:a5:1d:25:af:2d:a0:91:36:de:b4:bc:
         6f:c2:9a:be:43:fc:1c:c0:d4:b7:40:22:5a:79:b0:ad:a3:6a:
         eb:ba:5b:e1:3a:3c:e1:f2:ee:95:10:99:8b:40:ed:1d:f3:c7:
         7f:e0:e4:c9:16:3f:1c:43:e8:32:0c:82:c3:94:f4:8d:1e:3b:
         4a:60:3c:5b:83:36:a6:81:80:82:5a:06:f4:7f:d6:7f:ed:96:
         dc:9e:10:19:70:41:6e:8a:cd:d3:bb:ab:70:6c:73:27:33:df:
         e9:22:4b:00:3f:ad:b5:12:e1:8a:9d:8d:3e:09:79:ba:26:8f:
         87:09:b4:d4:66:45:be:0e:1d:79:c6:a9:0e:ca:82:6e:38:ed:
         aa:b1:44:0c:1b:3f:e1:cd:73:86:f0:0d:83:9f:23:2c:61:ae:
         7d:e0:45:62:09:fa:a2:f7:c1:47:eb:b7:b4:07:3f:ba:33:fc:
         90:d4:47:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWLGV5+azDRUglEuJ334e0i0JR/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNThiOTAwY2RjOTY3ODBhZmVmZjMxODlhOTA1MjhjZjQx
ZGRjYjk0MmMwMjhjOTkxMjA2M2EyMGRhZTIwYzhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtojCZ2AiND+oVrMb5EzEMvet2rXMkeDV4yFea+8DHHYTy
3lWjFVUKdJh/mkn4tp9TKNHX7OG8kdRRFSunWHVqAu3HMFsUUy3cEEFjXxoXgIiL
rgRGV3CYWsjZDjcpdwm83L+KKBmypa9d54FvGD6VmVjcNe3/O63DKg3b8tEM9uHj
9DKAs8tpdvW2mm/+XP2jclusAkS5AKrhRrCSXfpSV9/5ZgSG0Jqh16VMxPzQn7oR
MG3kn6MEnor7YWFBAzqVBC11ihbv/+kmmzRNDuULgSuRZpzgCll4iXvx3Hy5nyEn
oFh87iN9DFACf6CRlPXpO+q8pW6k57/T3KeK7jcLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIWkqY8AgQVBBTPmQ0JJvHnjFqIQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUwZDNmN2QxLWZkZGYtNGU0Ni05NjdjLTY2ODRiMjJiMzBlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKkmMgwDQYJKoZIhvcNAQELBQADggEBAAIvzGqNIyt5+Cujnh7r+XBkFjgW
B6Hz48qN/cJGLjOXMilXThWdk5BA8VBYX7N8bSWqjfNuTt90A8OFrKHNT7MhUieZ
K+BhILpQEVXrHZClHSWvLaCRNt60vG/Cmr5D/BzA1LdAIlp5sK2jauu6W+E6POHy
7pUQmYtA7R3zx3/g5MkWPxxD6DIMgsOU9I0eO0pgPFuDNqaBgIJaBvR/1n/tltye
EBlwQW6KzdO7q3Bscycz3+kiSwA/rbUS4YqdjT4Jebomj4cJtNRmRb4OHXnGqQ7K
gm447aqxRAwbP+HNc4bwDYOfIyxhrn3gRWIJ+qL3wUfrt7QHP7oz/JDURwo=
-----END CERTIFICATE-----