Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7da04612-ec35-4d17-8677-5758ae73efe9.roa
File:                     7da04612-ec35-4d17-8677-5758ae73efe9.roa (raw, json)
Hash identifier:          JNpvBia16Cgbvsj7vzG8ypot0gPNsFrqswoTjtPegcw=
Subject key identifier:   09:83:1C:CD:E9:59:1E:0F:91:5D:C6:6F:9A:B7:3B:B7:4D:AE:AF:D8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54B8D7B599D75A42CB70F01E2ECFA6E6E6E03EAE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7da04612-ec35-4d17-8677-5758ae73efe9.roa
Signing time:             Thu 02 Jan 2025 00:00:00 +0000
ROA not before:           Thu 02 Jan 2025 00:00:00 +0000
ROA not after:            Thu 06 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        63.254.144.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:b8:d7:b5:99:d7:5a:42:cb:70:f0:1e:2e:cf:a6:e6:e6:e0:3e:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  2 00:00:00 2025 GMT
            Not After : Feb  6 23:59:59 2025 GMT
        Subject: serialNumber=74702e9dd2f9766a8dc204f2e3460c0365baf0f2b1175dde0ed77b65857af2e0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9f:f3:5b:91:f9:4d:f2:7f:14:54:a0:ca:d5:
                    86:52:ae:a8:b7:e8:83:b0:3c:40:48:3d:d4:83:87:
                    54:af:a2:06:e1:e8:57:69:e1:9a:c5:ea:a0:ea:37:
                    d7:25:d2:ed:72:6b:bc:68:7e:2d:ea:77:97:cb:a3:
                    3e:eb:d0:75:48:1e:bf:85:89:4f:d7:b2:ba:34:75:
                    db:ef:85:ef:c5:0a:07:a0:f3:a3:10:80:f9:90:f0:
                    a7:39:10:f0:6d:3f:07:2a:a1:5c:f8:4e:84:37:6e:
                    b9:4b:df:d3:4d:c7:b7:2b:00:cf:69:c0:aa:12:06:
                    cc:29:0a:36:cd:ab:a3:e6:fd:3c:0e:9a:69:f6:b1:
                    e4:48:4b:82:4b:26:27:c5:32:b1:fc:f9:09:24:19:
                    b0:28:d3:58:c7:dd:0f:21:bc:b2:5e:bd:c9:65:79:
                    20:10:25:e7:34:b1:a7:31:86:cd:c5:77:92:27:01:
                    e9:14:39:a9:e4:8f:11:a8:33:09:c8:33:9c:d8:8d:
                    e9:89:b0:72:e6:4b:16:1c:e1:ff:75:d5:3c:e7:19:
                    f4:cb:f5:28:69:f9:56:1f:d5:5e:d0:c4:46:a4:0c:
                    2d:93:2a:67:80:83:03:80:67:d7:14:36:bc:79:8a:
                    ba:e5:dc:b2:ba:5d:cb:8c:2e:53:d4:66:08:c4:53:
                    67:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:83:1C:CD:E9:59:1E:0F:91:5D:C6:6F:9A:B7:3B:B7:4D:AE:AF:D8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7da04612-ec35-4d17-8677-5758ae73efe9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  63.254.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:51:94:28:97:33:73:d5:7a:5a:7f:f4:62:f8:5f:f1:a2:51:
         9a:96:88:a0:12:1b:4d:dc:f1:d4:ff:cb:80:eb:91:7a:a8:0b:
         5a:60:01:d0:a3:0f:13:37:a8:94:8f:46:06:14:aa:00:5b:82:
         f1:fd:29:d5:2d:e8:5b:01:86:6d:b8:a8:2d:e1:32:4b:39:0f:
         46:e0:83:28:bf:10:87:7c:71:31:4f:c2:bd:8f:be:a3:f4:8c:
         56:da:86:44:cc:47:e1:34:77:ee:f6:a9:29:45:ba:65:26:aa:
         3e:dd:e8:a0:fa:22:94:c4:c3:2a:50:b8:93:04:89:10:64:13:
         d0:d9:e7:db:6d:30:f3:aa:c8:d4:0e:19:7b:5e:91:56:c2:f9:
         7d:11:38:90:58:4a:68:25:c9:76:2c:cf:5d:cb:b7:a7:b0:03:
         b2:26:30:12:d5:e0:d1:2f:b2:02:1f:cb:a7:af:d3:49:57:52:
         9c:ce:9d:b1:51:3d:c7:10:2e:5b:39:7b:dd:dc:b0:da:e1:68:
         4e:77:0a:45:34:2c:20:c3:db:75:50:34:cf:07:6d:30:2b:4b:
         77:1e:dd:e6:85:8d:4f:74:49:8c:2a:04:3e:07:68:74:37:cb:
         f4:99:ec:d6:8b:37:1b:a6:7d:01:9a:aa:e4:58:9d:52:26:57:
         f6:f0:08:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVLjXtZnXWkLLcPAeLs+m5ubgPq4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAyMDAwMDAwWhcNMjUwMjA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDcwMmU5ZGQyZjk3NjZhOGRjMjA0ZjJlMzQ2MGMwMzY1
YmFmMGYyYjExNzVkZGUwZWQ3N2I2NTg1N2FmMmUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8n/NbkflN8n8UVKDK1YZSrqi36IOwPEBIPdSDh1Svogbh
6Fdp4ZrF6qDqN9cl0u1ya7xofi3qd5fLoz7r0HVIHr+FiU/Xsro0ddvvhe/FCgeg
86MQgPmQ8Kc5EPBtPwcqoVz4ToQ3brlL39NNx7crAM9pwKoSBswpCjbNq6Pm/TwO
mmn2seRIS4JLJifFMrH8+QkkGbAo01jH3Q8hvLJevclleSAQJec0sacxhs3Fd5In
AekUOankjxGoMwnIM5zYjemJsHLmSxYc4f911TznGfTL9Shp+VYf1V7QxEakDC2T
KmeAgwOAZ9cUNrx5irrl3LK6XcuMLlPUZgjEU2dvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCYMczelZHg+RXcZvmrc7t02ur9gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdkYTA0NjEyLWVjMzUtNGQxNy04Njc3LTU3NThhZTczZWZlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM//pAwDQYJKoZIhvcNAQELBQADggEBACtRlCiXM3PVelp/9GL4X/GiUZqW
iKASG03c8dT/y4DrkXqoC1pgAdCjDxM3qJSPRgYUqgBbgvH9KdUt6FsBhm24qC3h
Mks5D0bggyi/EId8cTFPwr2PvqP0jFbahkTMR+E0d+72qSlFumUmqj7d6KD6IpTE
wypQuJMEiRBkE9DZ59ttMPOqyNQOGXtekVbC+X0ROJBYSmglyXYsz13Lt6ewA7Im
MBLV4NEvsgIfy6ev00lXUpzOnbFRPccQLls5e93csNrhaE53CkU0LCDD23VQNM8H
bTArS3ce3eaFjU90SYwqBD4HaHQ3y/SZ7NaLNxumfQGaquRYnVImV/bwCGI=
-----END CERTIFICATE-----