Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58e6e6b3-516e-4db6-ab44-8a2fc712af11.roa
File:                     58e6e6b3-516e-4db6-ab44-8a2fc712af11.roa (raw, json)
Hash identifier:          TyADXY9O5MKddTaQgeiTV9d5nfj3SzCzYyY0B4Qs78Y=
Subject key identifier:   F4:9B:C1:28:E0:42:8C:17:46:34:F6:B9:3E:B1:3B:27:84:2B:9D:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B91815BA917DE4D6D39EECE79EC12011A520268
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58e6e6b3-516e-4db6-ab44-8a2fc712af11.roa
Signing time:             Fri 14 Mar 2025 00:10:23 +0000
ROA not before:           Fri 14 Mar 2025 00:10:23 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        209.109.48.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:91:81:5b:a9:17:de:4d:6d:39:ee:ce:79:ec:12:01:1a:52:02:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:10:23 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=abaf277d6d5bfb30d0d86cfce029957518f6c0bdbfd3fdd9d945696f9a8caca7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:0d:d6:db:36:79:32:15:79:1a:17:8d:2f:5a:
                    21:83:82:47:3d:9d:97:61:a9:93:2a:d8:d9:91:ca:
                    fb:22:5d:de:c1:a9:4c:fc:14:7d:aa:f3:88:ba:f2:
                    fc:a3:87:0c:c1:4a:af:c6:c1:b2:dc:8b:4c:e2:ef:
                    fb:56:e5:a7:ca:77:c7:ac:5f:21:85:5d:86:a5:bd:
                    2f:ad:c2:29:07:2f:dd:8f:fa:89:36:69:e6:d6:bb:
                    64:83:c2:de:70:55:36:6b:08:c9:45:6e:09:e8:15:
                    7e:26:60:64:a0:04:b4:d7:d3:1c:9d:07:ea:40:56:
                    86:f0:d7:1e:7f:e7:3e:4a:30:b4:08:4b:06:0f:56:
                    06:40:37:92:91:7f:a8:fc:91:c1:96:70:ec:92:40:
                    ff:08:1b:5c:db:d6:38:a8:dc:e7:05:da:b2:a7:c2:
                    60:77:09:32:0d:44:31:05:3c:0b:eb:6c:38:c1:24:
                    e4:5f:06:82:88:95:2c:b5:a5:b6:03:aa:5b:7b:05:
                    63:21:74:6c:43:e8:5b:ba:f6:1b:c5:39:a1:b3:cb:
                    a3:e2:da:5e:ad:b7:7e:7e:aa:93:9e:2a:44:b1:08:
                    73:b3:9e:dd:ad:d7:c0:e9:25:a6:2e:e2:36:09:83:
                    cc:d4:98:02:1d:3b:6c:91:7b:b6:c3:5b:87:3f:48:
                    16:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:9B:C1:28:E0:42:8C:17:46:34:F6:B9:3E:B1:3B:27:84:2B:9D:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58e6e6b3-516e-4db6-ab44-8a2fc712af11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.109.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:03:c7:9f:88:00:eb:21:4e:38:3b:b1:16:27:7c:2e:54:0d:
         da:b3:31:6d:d3:e9:da:c1:44:2a:a9:c8:58:84:68:4c:1c:52:
         06:e9:01:d5:52:12:d7:c3:d1:4e:1d:c2:41:5d:cf:b1:c9:56:
         f9:d1:93:13:12:7f:87:ff:14:69:f2:74:12:dd:12:d7:70:ab:
         36:91:09:b6:a5:51:89:ac:03:61:fc:ab:ec:0f:bc:62:6b:70:
         a8:c3:ff:d3:e0:c6:96:8f:1b:24:f5:c1:5b:00:32:86:f8:47:
         47:42:13:ee:07:10:9f:4e:8f:ec:fe:e3:bc:2d:92:98:c1:8c:
         ac:6d:63:ef:b8:c1:0c:81:0f:e8:9e:09:cb:65:81:a6:da:38:
         90:cb:2c:53:fc:5c:77:ac:04:17:60:58:6a:1e:c7:54:3e:d4:
         31:f8:f8:97:22:18:08:e9:c9:b5:37:b8:c0:8e:e2:d0:bf:a9:
         b8:a8:e6:e5:ca:c2:a9:11:4b:a5:f5:a7:59:b1:80:a1:e7:07:
         2a:df:56:7c:c1:5b:02:47:f7:4d:ff:b1:b4:56:f8:84:9a:ed:
         fe:0d:63:f0:e4:37:58:5f:8a:fc:45:17:82:00:fa:66:a2:8b:
         ca:00:50:7a:0b:74:07:66:40:d7:19:a9:cd:bc:3d:cf:22:b4:
         7c:27:33:8d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe5GBW6kX3k1tOe7OeewSARpSAmgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAxMDIzWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYmFmMjc3ZDZkNWJmYjMwZDBkODZjZmNlMDI5OTU3NTE4
ZjZjMGJkYmZkM2ZkZDlkOTQ1Njk2ZjlhOGNhY2E3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcDdbbNnkyFXkaF40vWiGDgkc9nZdhqZMq2NmRyvsiXd7B
qUz8FH2q84i68vyjhwzBSq/GwbLci0zi7/tW5afKd8esXyGFXYalvS+twikHL92P
+ok2aebWu2SDwt5wVTZrCMlFbgnoFX4mYGSgBLTX0xydB+pAVobw1x5/5z5KMLQI
SwYPVgZAN5KRf6j8kcGWcOySQP8IG1zb1jio3OcF2rKnwmB3CTINRDEFPAvrbDjB
JORfBoKIlSy1pbYDqlt7BWMhdGxD6Fu69hvFOaGzy6Pi2l6tt35+qpOeKkSxCHOz
nt2t18DpJaYu4jYJg8zUmAIdO2yRe7bDW4c/SBZTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9JvBKOBCjBdGNPa5PrE7J4QrnVcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4ZTZlNmIzLTUxNmUtNGRiNi1hYjQ0LThhMmZjNzEyYWYxMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATRbTAwDQYJKoZIhvcNAQELBQADggEBABYDx5+IAOshTjg7sRYnfC5UDdqz
MW3T6drBRCqpyFiEaEwcUgbpAdVSEtfD0U4dwkFdz7HJVvnRkxMSf4f/FGnydBLd
EtdwqzaRCbalUYmsA2H8q+wPvGJrcKjD/9PgxpaPGyT1wVsAMob4R0dCE+4HEJ9O
j+z+47wtkpjBjKxtY++4wQyBD+ieCctlgabaOJDLLFP8XHesBBdgWGoex1Q+1DH4
+JciGAjpybU3uMCO4tC/qbio5uXKwqkRS6X1p1mxgKHnByrfVnzBWwJH903/sbRW
+ISa7f4NY/DkN1hfivxFF4IA+maii8oAUHoLdAdmQNcZqc28Pc8itHwnM40=
-----END CERTIFICATE-----