Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/855be271-32e6-46b4-a42b-f4b30f28bb5b.roa
File:                     855be271-32e6-46b4-a42b-f4b30f28bb5b.roa (raw, json)
Hash identifier:          3Se9ds3BdpWDFiy5cVALBumHiRd13EJ6oLnlGfALd24=
Subject key identifier:   5F:6B:27:02:6A:1A:5D:ED:59:CF:EF:AE:2E:2C:08:9C:72:DB:C4:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DBB4547E3E62FC7E95E7395D755A9F6C4FEBFDC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/855be271-32e6-46b4-a42b-f4b30f28bb5b.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        66.152.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:bb:45:47:e3:e6:2f:c7:e9:5e:73:95:d7:55:a9:f6:c4:fe:bf:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=f65968a40bd58d7c176f3afbe8aa621833d2a295c5f38d8bbd3497c5bfe4015b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:66:b7:40:2a:97:3f:e5:2d:fa:48:9a:d9:
                    f9:5b:87:5a:bb:7b:25:a4:4a:b6:e0:30:32:34:28:
                    9e:f0:dd:72:87:df:1a:40:04:89:d6:eb:3f:48:4d:
                    7b:38:a4:ab:5b:52:92:38:2f:cc:24:72:f0:a4:9c:
                    13:ef:b2:7a:1d:ef:6f:f0:17:44:97:83:c0:d4:ad:
                    cb:a6:d2:c2:c2:96:0a:7d:03:88:cb:f1:8e:2f:ef:
                    d9:f2:cd:a1:17:e7:ae:13:a4:0e:4c:f8:cf:e0:25:
                    50:56:6d:c5:e5:d5:e6:12:46:3d:08:ee:a5:f9:5e:
                    a1:4d:6a:ef:c7:f8:36:ed:dd:04:8a:9f:39:9e:dc:
                    f7:20:bb:0f:7f:28:9b:5a:d2:f0:64:f4:e3:2e:ec:
                    78:8a:b1:64:e7:c8:86:fa:71:2a:22:9c:f5:ab:e3:
                    b3:b7:3f:83:3c:f5:55:2a:6c:76:4d:ac:e5:20:8c:
                    c3:f9:70:17:03:c7:88:f0:4a:f2:2b:ed:f0:ac:8e:
                    3c:bc:d2:fa:6a:4d:d9:16:65:ed:09:89:06:0b:a6:
                    da:fd:b4:0f:00:98:77:97:3a:fe:40:18:49:17:ae:
                    8d:9a:8d:71:f2:ab:1c:79:6b:76:fd:9a:53:e1:56:
                    e1:31:d8:18:e2:e0:4e:8d:e7:28:0a:fe:f5:35:08:
                    59:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:6B:27:02:6A:1A:5D:ED:59:CF:EF:AE:2E:2C:08:9C:72:DB:C4:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/855be271-32e6-46b4-a42b-f4b30f28bb5b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.152.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d7:b6:b0:cf:fb:fe:9d:c7:81:41:e9:35:6d:29:da:2d:dc:78:
         32:1b:97:70:91:16:b8:41:66:73:22:f9:f3:91:73:4a:ec:7c:
         19:90:c4:71:2c:55:8d:b4:36:1b:1e:48:eb:0c:f1:a6:46:4e:
         09:44:37:df:3e:af:fe:e3:10:30:0c:89:04:b6:fd:4f:ec:da:
         7a:27:c6:ce:a9:b9:36:19:c9:bf:bd:30:11:05:04:e9:b2:ef:
         c4:5b:c4:ca:f1:c7:ea:e2:27:ed:bb:a3:44:e5:e2:85:3b:91:
         82:43:00:e7:54:0a:df:4b:38:d2:87:98:9d:40:a8:30:36:52:
         bc:ed:b2:f3:48:73:83:6e:78:7f:cd:38:a8:0d:65:81:cf:36:
         aa:0c:4f:b0:e0:6f:b0:d3:92:05:95:3a:c2:d5:2a:2a:9d:14:
         73:d1:ed:c5:14:03:cc:8a:db:90:79:87:05:b5:0b:03:e1:19:
         fa:a8:4e:4a:48:97:17:c2:2c:29:cc:2e:15:13:19:c6:56:fb:
         59:58:73:cb:85:8a:f8:43:91:49:5e:1d:bf:9a:93:7f:c9:d1:
         1e:04:74:31:24:48:da:84:10:eb:b3:95:d3:e1:dc:52:e2:37:
         ca:59:e6:6c:e5:f5:6a:7b:da:82:bb:b9:84:64:cd:5d:e3:63:
         46:0e:ee:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDbtFR+PmL8fpXnOV11Wp9sT+v9wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNjU5NjhhNDBiZDU4ZDdjMTc2ZjNhZmJlOGFhNjIxODMz
ZDJhMjk1YzVmMzhkOGJiZDM0OTdjNWJmZTQwMTViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCi4Ga3QCqXP+Ut+kia2flbh1q7eyWkSrbgMDI0KJ7w3XKH
3xpABInW6z9ITXs4pKtbUpI4L8wkcvCknBPvsnod72/wF0SXg8DUrcum0sLClgp9
A4jL8Y4v79nyzaEX564TpA5M+M/gJVBWbcXl1eYSRj0I7qX5XqFNau/H+Dbt3QSK
nzme3Pcguw9/KJta0vBk9OMu7HiKsWTnyIb6cSoinPWr47O3P4M89VUqbHZNrOUg
jMP5cBcDx4jwSvIr7fCsjjy80vpqTdkWZe0JiQYLptr9tA8AmHeXOv5AGEkXro2a
jXHyqxx5a3b9mlPhVuEx2Bji4E6N5ygK/vU1CFlrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUX2snAmoaXe1Zz++uLiwInHLbxCcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1NWJlMjcxLTMyZTYtNDZiNC1hNDJiLWY0YjMwZjI4YmI1Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZCmAAwDQYJKoZIhvcNAQELBQADggEBANe2sM/7/p3HgUHpNW0p2i3ceDIb
l3CRFrhBZnMi+fORc0rsfBmQxHEsVY20NhseSOsM8aZGTglEN98+r/7jEDAMiQS2
/U/s2nonxs6puTYZyb+9MBEFBOmy78RbxMrxx+riJ+27o0Tl4oU7kYJDAOdUCt9L
ONKHmJ1AqDA2UrztsvNIc4NueH/NOKgNZYHPNqoMT7Dgb7DTkgWVOsLVKiqdFHPR
7cUUA8yK25B5hwW1CwPhGfqoTkpIlxfCLCnMLhUTGcZW+1lYc8uFivhDkUleHb+a
k3/J0R4EdDEkSNqEEOuzldPh3FLiN8pZ5mzl9Wp72oK7uYRkzV3jY0YO7pY=
-----END CERTIFICATE-----