Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6841f35d-e699-48f4-8906-c095b14f2079.roa
File:                     6841f35d-e699-48f4-8906-c095b14f2079.roa (raw, json)
Hash identifier:          mIGoUsJ1ioR0V0qvUkNKs3tl+OgV3zFpj6f8oSLV2iA=
Subject key identifier:   77:44:08:C0:CD:22:59:56:36:C7:99:58:7C:2E:05:FD:55:39:38:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       654F3137F9E851F233B6C4509BCA917F92DFAD32
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6841f35d-e699-48f4-8906-c095b14f2079.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        192.251.141.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:4f:31:37:f9:e8:51:f2:33:b6:c4:50:9b:ca:91:7f:92:df:ad:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=8e2726e7a8665121348e9909862483ece4080a9bda16d4a6fc890592967aeae7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:32:41:a1:9d:d3:17:7d:82:03:90:03:30:22:
                    c5:7d:c2:f5:6d:60:4d:80:8d:a8:d3:d9:3f:1f:0c:
                    43:56:b5:3b:c8:37:8c:ed:45:68:8a:47:97:a1:a4:
                    e9:13:6d:5b:e7:9d:d0:8d:b4:f0:70:50:4e:4c:57:
                    b8:f8:21:fd:b3:5b:8e:97:e5:26:57:ac:46:bf:cb:
                    7d:ef:23:d4:7d:c5:83:9b:7c:66:56:07:9c:32:3f:
                    4b:f7:ff:56:44:b0:5d:cf:4d:4f:5b:66:68:6d:41:
                    21:63:ad:2a:f0:47:4a:d6:66:99:a1:73:72:aa:19:
                    ac:6e:b4:7c:48:00:6d:65:eb:63:44:11:50:b8:51:
                    03:e3:ae:65:2c:36:45:9d:0e:fb:5b:d9:95:b0:0d:
                    fa:73:f0:46:dc:20:af:2b:de:57:9e:cd:4b:8c:72:
                    49:96:39:8b:c7:b7:d3:55:43:d4:fb:e5:64:13:29:
                    c2:95:21:06:5f:1c:f1:fa:17:53:be:9f:05:41:f8:
                    9d:81:cd:d0:e7:83:41:39:fc:72:16:65:8e:1c:14:
                    64:fb:5d:df:1c:e9:3b:64:06:28:c0:15:d7:e8:9c:
                    e1:c5:f2:db:04:50:09:d7:51:0f:44:e4:cc:53:7a:
                    2d:3f:f1:fe:89:3c:c1:21:84:4e:55:6a:15:00:4f:
                    89:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:44:08:C0:CD:22:59:56:36:C7:99:58:7C:2E:05:FD:55:39:38:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6841f35d-e699-48f4-8906-c095b14f2079.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.251.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:2e:4d:76:c4:4a:fa:9e:c1:6f:68:32:70:55:c4:22:b3:9a:
         e5:a3:3d:89:eb:64:3f:af:42:b4:67:16:62:13:42:82:45:7f:
         8c:3d:83:f5:e7:a8:80:c9:18:57:41:51:a4:6d:3a:56:5a:18:
         76:ec:1f:0e:f1:a5:1d:12:65:32:52:08:ae:3c:2e:14:f5:f5:
         c0:7c:2d:7e:89:d3:ee:b0:3f:f3:8c:58:7a:0d:9e:08:e9:76:
         38:c6:5f:57:5a:8d:d3:20:82:89:6a:58:6c:0d:91:9c:67:c2:
         28:e7:e0:da:a1:3f:54:ed:92:e1:b6:82:2a:24:17:40:7b:80:
         4b:e8:f3:9e:66:c9:a3:28:ac:0b:f8:98:89:cd:1b:47:64:a4:
         f1:cd:81:38:f8:8e:ec:55:dc:39:76:2b:93:1a:ff:b7:b1:92:
         b8:81:fe:4f:5c:33:94:64:69:5d:f6:a8:24:01:41:25:e5:f7:
         76:a3:cc:97:5f:38:5c:be:57:8e:25:6d:27:9d:9a:dd:6a:ac:
         00:c4:d0:68:13:30:44:75:8e:2e:95:8c:31:43:70:b2:b0:2e:
         ea:92:b1:51:0d:a0:41:70:3d:65:03:5e:07:b1:d3:2c:bf:3d:
         b8:da:53:d7:d9:bd:34:5e:3d:52:c7:48:a6:03:37:57:46:91:
         6b:cc:ea:cc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZU8xN/noUfIztsRQm8qRf5LfrTIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTI3MjZlN2E4NjY1MTIxMzQ4ZTk5MDk4NjI0ODNlY2U0
MDgwYTliZGExNmQ0YTZmYzg5MDU5Mjk2N2FlYWU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMMkGhndMXfYIDkAMwIsV9wvVtYE2AjajT2T8fDENWtTvI
N4ztRWiKR5ehpOkTbVvnndCNtPBwUE5MV7j4If2zW46X5SZXrEa/y33vI9R9xYOb
fGZWB5wyP0v3/1ZEsF3PTU9bZmhtQSFjrSrwR0rWZpmhc3KqGaxutHxIAG1l62NE
EVC4UQPjrmUsNkWdDvtb2ZWwDfpz8EbcIK8r3leezUuMckmWOYvHt9NVQ9T75WQT
KcKVIQZfHPH6F1O+nwVB+J2BzdDng0E5/HIWZY4cFGT7Xd8c6TtkBijAFdfonOHF
8tsEUAnXUQ9E5MxTei0/8f6JPMEhhE5VahUAT4mNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd0QIwM0iWVY2x5lYfC4F/VU5OJcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4NDFmMzVkLWU2OTktNDhmNC04OTA2LWMwOTViMTRmMjA3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADA+40wDQYJKoZIhvcNAQELBQADggEBAJ8uTXbESvqewW9oMnBVxCKzmuWj
PYnrZD+vQrRnFmITQoJFf4w9g/XnqIDJGFdBUaRtOlZaGHbsHw7xpR0SZTJSCK48
LhT19cB8LX6J0+6wP/OMWHoNngjpdjjGX1dajdMggolqWGwNkZxnwijn4NqhP1Tt
kuG2giokF0B7gEvo855myaMorAv4mInNG0dkpPHNgTj4juxV3Dl2K5Ma/7exkriB
/k9cM5RkaV32qCQBQSXl93ajzJdfOFy+V44lbSedmt1qrADE0GgTMER1ji6VjDFD
cLKwLuqSsVENoEFwPWUDXgex0yy/PbjaU9fZvTRePVLHSKYDN1dGkWvM6sw=
-----END CERTIFICATE-----