Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69033226-566d-43df-9b20-b46eb5430e34.roa
File:                     69033226-566d-43df-9b20-b46eb5430e34.roa (raw, json)
Hash identifier:          kvsRGUc1ozMaxpreqH+/tchggPO4lRh7kJ3PJ0cdSbw=
Subject key identifier:   FC:23:1B:82:FE:C5:5C:31:80:9B:3C:42:2A:8D:17:37:1A:EA:63:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       08AD8768B1A55CE682B097D8C8AF5F048C28017D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69033226-566d-43df-9b20-b46eb5430e34.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        209.86.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ad:87:68:b1:a5:5c:e6:82:b0:97:d8:c8:af:5f:04:8c:28:01:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=3a354666ddebe0f1927c102f78ef8c961bdb46410fa7206d6fa36c82351ad1a4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f7:25:b4:82:a0:00:ba:1f:7d:a2:30:88:86:
                    45:4a:0e:86:f4:d8:c8:a1:cf:ae:df:d8:a8:59:fc:
                    44:ad:f3:2d:aa:c0:ae:e3:8b:18:ec:64:6a:6f:74:
                    01:11:57:c6:ce:83:45:b6:88:10:fc:74:02:a5:9a:
                    d7:10:29:7a:0d:d9:5a:40:95:ae:7e:ab:8f:fe:45:
                    56:29:68:75:0b:54:9c:82:a7:9f:79:c0:ed:0b:fb:
                    02:70:03:de:48:3a:36:a4:8a:28:27:4b:c9:78:da:
                    cc:e2:e5:8b:d1:87:d6:05:d4:73:de:15:f1:d1:0d:
                    13:e2:36:1f:d6:93:42:26:bd:17:6f:26:aa:ad:38:
                    25:41:39:23:05:53:d4:5d:0c:64:7d:32:82:3d:89:
                    2f:05:ae:49:32:23:ac:32:44:8a:2e:34:12:ed:ec:
                    f2:de:e9:53:f8:33:1b:84:8f:57:ff:c9:04:78:27:
                    ec:8a:dd:2a:1c:c6:39:81:45:f0:71:5c:30:0a:43:
                    89:84:a9:22:62:1c:16:4a:62:b4:c1:f7:eb:15:9d:
                    e7:b8:c6:5d:43:6e:ea:5b:bf:17:8b:39:15:e5:72:
                    2b:a3:4f:50:b6:62:13:12:90:66:10:ae:c9:af:89:
                    ad:65:d3:fa:b7:a3:6d:f7:d8:43:a0:49:70:a4:08:
                    cf:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:23:1B:82:FE:C5:5C:31:80:9B:3C:42:2A:8D:17:37:1A:EA:63:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69033226-566d-43df-9b20-b46eb5430e34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.86.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         83:32:b1:7f:b9:9b:77:1d:23:66:81:9e:21:f3:81:d5:96:8f:
         58:7e:17:d3:4f:5a:7a:0e:a3:bf:f3:3d:db:7c:08:7c:ed:8f:
         ee:77:25:8f:3e:3b:f7:ec:21:ca:7e:8d:ed:8b:34:22:19:f5:
         e2:0d:67:8d:f2:22:34:9b:60:1b:e3:99:8f:77:ff:3a:17:b1:
         62:f3:a3:81:69:a5:1f:d6:a4:0b:a8:e7:89:1a:b1:c5:7c:42:
         5d:b9:77:1e:b9:37:af:ce:90:d8:5e:48:60:0d:4f:27:0c:df:
         69:36:ce:21:0a:89:2c:a2:de:c3:49:89:a7:ce:39:df:6f:22:
         58:29:15:f6:ca:2c:87:67:01:38:a3:38:cd:76:bf:a1:20:40:
         ec:4b:ff:cb:67:75:fe:cd:3e:1e:19:05:b0:c1:01:1f:de:1d:
         e5:28:62:d7:0f:6b:e6:47:9d:db:03:aa:db:e7:c2:46:cd:54:
         44:fc:a6:3e:ff:0b:10:2e:0a:02:b9:3c:fb:c4:ab:61:27:39:
         61:85:0a:05:f5:a0:ad:cc:d7:c6:82:83:89:3f:e9:eb:85:09:
         d0:ea:2d:bd:bf:ca:a8:26:61:d2:28:ec:75:c4:3c:c5:21:48:
         15:48:61:f4:cf:df:96:73:10:b4:fd:f0:1b:7b:f5:fc:95:74:
         09:bb:07:d2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCK2HaLGlXOaCsJfYyK9fBIwoAX0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTM1NDY2NmRkZWJlMGYxOTI3YzEwMmY3OGVmOGM5NjFi
ZGI0NjQxMGZhNzIwNmQ2ZmEzNmM4MjM1MWFkMWE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr9yW0gqAAuh99ojCIhkVKDob02Mihz67f2KhZ/ESt8y2q
wK7jixjsZGpvdAERV8bOg0W2iBD8dAKlmtcQKXoN2VpAla5+q4/+RVYpaHULVJyC
p595wO0L+wJwA95IOjakiignS8l42szi5YvRh9YF1HPeFfHRDRPiNh/Wk0ImvRdv
JqqtOCVBOSMFU9RdDGR9MoI9iS8FrkkyI6wyRIouNBLt7PLe6VP4MxuEj1f/yQR4
J+yK3SocxjmBRfBxXDAKQ4mEqSJiHBZKYrTB9+sVnee4xl1DbupbvxeLORXlciuj
T1C2YhMSkGYQrsmvia1l0/q3o2332EOgSXCkCM/jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/CMbgv7FXDGAmzxCKo0XNxrqY/cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY5MDMzMjI2LTU2NmQtNDNkZi05YjIwLWI0NmViNTQzMGUzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDRVjANBgkqhkiG9w0BAQsFAAOCAQEAgzKxf7mbdx0jZoGeIfOB1ZaPWH4X
009aeg6jv/M923wIfO2P7ncljz479+whyn6N7Ys0Ihn14g1njfIiNJtgG+OZj3f/
OhexYvOjgWmlH9akC6jniRqxxXxCXbl3Hrk3r86Q2F5IYA1PJwzfaTbOIQqJLKLe
w0mJp845328iWCkV9sosh2cBOKM4zXa/oSBA7Ev/y2d1/s0+HhkFsMEBH94d5Shi
1w9r5ked2wOq2+fCRs1URPymPv8LEC4KArk8+8SrYSc5YYUKBfWgrczXxoKDiT/p
64UJ0Ootvb/KqCZh0ijsdcQ8xSFIFUhh9M/flnMQtP3wG3v1/JV0CbsH0g==
-----END CERTIFICATE-----