Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53962056-e7a3-41c0-a210-c72f154e7fc9.roa
File:                     53962056-e7a3-41c0-a210-c72f154e7fc9.roa (raw, json)
Hash identifier:          FpGIldmJ6ikYp//3wmHJx4p66zpeTIRR/KGlzzqo5Bk=
Subject key identifier:   09:A3:E1:A6:CE:51:C2:42:3D:6A:0B:92:22:60:6E:F1:2B:E6:86:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EFCECE9BD830B43BF070DA60BF188DA5B948268
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53962056-e7a3-41c0-a210-c72f154e7fc9.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        185.212.200.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:fc:ec:e9:bd:83:0b:43:bf:07:0d:a6:0b:f1:88:da:5b:94:82:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=7ea1e982c341996f92619f25dfd87d23beed89fa6d4aa696dadd722f026c0a36, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:73:af:1c:d4:72:17:68:9e:b9:43:b0:b5:66:
                    fe:98:21:7f:39:72:f4:a2:e9:89:ba:8c:77:87:6e:
                    e2:bc:fd:da:07:b2:d8:29:2e:76:66:c7:9c:42:2f:
                    d2:e1:fe:9c:7a:b4:dc:06:9b:39:6d:d1:30:4e:ab:
                    c7:55:8e:f2:c7:0d:ab:c7:72:03:5f:e7:93:ca:d1:
                    b7:b8:97:1c:ea:ce:a1:ed:40:0a:04:1b:7d:9d:be:
                    96:0c:46:d1:5d:39:2b:49:4b:22:10:0d:cd:75:1a:
                    05:d7:6c:ad:73:8d:07:1b:c9:b9:2e:02:71:07:8d:
                    6f:7c:22:6e:af:eb:d2:84:7b:f2:5a:36:bb:1d:cd:
                    6f:dd:d7:62:87:d6:45:44:00:63:11:41:99:56:83:
                    64:21:62:f5:00:0c:16:bd:9c:53:b5:d4:e7:eb:e5:
                    7c:26:a9:38:f7:41:a6:a2:08:9a:e6:3a:72:70:89:
                    fa:04:ec:a9:cd:c3:79:1d:82:8b:12:04:a9:81:fc:
                    58:49:1a:70:01:f3:a8:28:f0:a2:b6:50:3e:78:ca:
                    e9:15:40:67:e2:32:0d:f7:76:cc:b6:6f:74:ef:6b:
                    07:30:06:98:85:ee:2a:4f:7b:60:60:3d:69:6c:0a:
                    43:36:cb:b6:0f:b3:14:2f:bb:9f:dd:97:3b:8e:89:
                    f2:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:A3:E1:A6:CE:51:C2:42:3D:6A:0B:92:22:60:6E:F1:2B:E6:86:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/53962056-e7a3-41c0-a210-c72f154e7fc9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:70:98:d4:bb:40:9f:15:1e:44:e7:ee:94:45:65:6d:f2:3c:
         23:7d:d5:9b:08:d2:d8:9e:b7:74:a5:2d:a3:e9:ff:75:0c:a5:
         1d:9b:c8:d8:fe:37:2c:5e:37:71:b2:7c:54:65:e9:e3:23:57:
         78:55:36:c3:91:df:bc:a0:08:1a:c0:5e:50:03:de:b6:ae:39:
         ab:67:37:cb:dc:95:1d:ac:37:9d:4f:69:a8:05:90:b0:b3:97:
         56:b4:3e:16:7c:95:ad:7f:71:8f:b2:b1:6f:4a:28:53:ac:e2:
         e0:e5:fb:ad:c8:ed:85:19:be:cd:0e:ad:82:f4:44:9e:56:d2:
         cb:fc:1d:9d:02:9b:4e:02:4b:ff:77:2e:05:31:05:d3:4b:69:
         63:ac:55:b9:77:31:19:3d:7e:b1:d6:e6:9e:75:b4:6d:6e:47:
         49:7c:47:94:a3:91:de:ab:de:f5:b0:4d:4b:ee:17:30:65:ed:
         c3:a5:d8:d2:a3:82:bc:68:5a:4d:d5:24:7e:f7:72:2e:19:12:
         bd:fa:99:ac:82:e4:eb:25:cd:b2:45:87:ab:5c:e8:6c:57:6f:
         3c:ae:c3:79:75:c7:2c:26:33:f2:5f:b1:a6:65:79:27:c8:0f:
         0d:06:87:e2:7b:9a:47:f4:f4:72:9c:dc:5e:27:5f:6d:84:9f:
         0a:72:da:44
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTvzs6b2DC0O/Bw2mC/GI2luUgmgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZWExZTk4MmMzNDE5OTZmOTI2MTlmMjVkZmQ4N2QyM2Jl
ZWQ4OWZhNmQ0YWE2OTZkYWRkNzIyZjAyNmMwYTM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzc68c1HIXaJ65Q7C1Zv6YIX85cvSi6Ym6jHeHbuK8/doH
stgpLnZmx5xCL9Lh/px6tNwGmzlt0TBOq8dVjvLHDavHcgNf55PK0be4lxzqzqHt
QAoEG32dvpYMRtFdOStJSyIQDc11GgXXbK1zjQcbybkuAnEHjW98Im6v69KEe/Ja
NrsdzW/d12KH1kVEAGMRQZlWg2QhYvUADBa9nFO11Ofr5XwmqTj3QaaiCJrmOnJw
ifoE7KnNw3kdgosSBKmB/FhJGnAB86go8KK2UD54yukVQGfiMg33dsy2b3Tvawcw
BpiF7ipPe2BgPWlsCkM2y7YPsxQvu5/dlzuOifJNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCaPhps5RwkI9aguSImBu8SvmhmowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUzOTYyMDU2LWU3YTMtNDFjMC1hMjEwLWM3MmYxNTRlN2ZjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAK51MgwDQYJKoZIhvcNAQELBQADggEBADRwmNS7QJ8VHkTn7pRFZW3yPCN9
1ZsI0tiet3SlLaPp/3UMpR2byNj+NyxeN3GyfFRl6eMjV3hVNsOR37ygCBrAXlAD
3rauOatnN8vclR2sN51PaagFkLCzl1a0PhZ8la1/cY+ysW9KKFOs4uDl+63I7YUZ
vs0OrYL0RJ5W0sv8HZ0Cm04CS/93LgUxBdNLaWOsVbl3MRk9frHW5p51tG1uR0l8
R5Sjkd6r3vWwTUvuFzBl7cOl2NKjgrxoWk3VJH73ci4ZEr36mayC5OslzbJFh6tc
6GxXbzyuw3l1xywmM/JfsaZleSfIDw0Gh+J7mkf09HKc3F4nX22Enwpy2kQ=
-----END CERTIFICATE-----