Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8aa61184-ad56-497c-b8e4-e70f368cbeef.roa
File:                     8aa61184-ad56-497c-b8e4-e70f368cbeef.roa (raw, json)
Hash identifier:          vx1r1XBx5JNggJO1XS8CP87J0AiiqvO59RpHhMT1KSs=
Subject key identifier:   54:E3:B9:83:EE:4E:A6:C2:D7:B4:AB:E9:27:8B:A9:E2:BE:4B:40:6D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33DFA8499BF3238B26C01DA0FDB1F2F9B3AB342B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8aa61184-ad56-497c-b8e4-e70f368cbeef.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        104.223.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:df:a8:49:9b:f3:23:8b:26:c0:1d:a0:fd:b1:f2:f9:b3:ab:34:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=20f5766b06de04f9dab6d48067ccdba2f4336cd9fd5f3e12a20cfbb09555c720, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:40:6a:69:44:a9:1b:2b:41:8b:50:b9:0e:95:
                    20:e0:8d:cc:5f:83:2f:c5:db:b4:c8:21:da:b3:47:
                    a4:a1:65:08:bc:2a:cd:6c:0d:6d:e4:62:1f:6a:9f:
                    9f:cd:7a:9e:54:e1:01:5d:02:8e:ed:7f:b3:8b:13:
                    77:ac:e5:88:4f:1f:6a:dd:cf:d1:07:ba:f8:dd:b6:
                    7b:e4:15:72:33:1d:1d:43:07:e0:67:12:9b:1b:90:
                    39:93:d2:95:b8:de:27:d1:e6:4a:f4:e6:38:86:61:
                    15:c8:41:d1:68:fa:1f:20:20:6e:a9:12:4c:65:12:
                    d5:f5:fe:ac:1c:99:01:55:e7:41:9c:ea:22:dc:58:
                    51:f4:d7:84:63:cc:53:a3:ee:4b:c2:cd:20:ea:e2:
                    9b:ec:fa:e8:e2:a7:b7:a2:0e:12:db:99:d0:11:94:
                    6e:a2:2c:4c:89:84:35:1e:97:5e:b0:fb:21:9d:eb:
                    27:76:35:e7:e7:4e:e0:74:74:5a:2c:83:8f:16:04:
                    e9:85:4c:24:4f:cc:4c:d8:b8:cd:91:ed:d9:2d:54:
                    52:44:99:07:ed:4c:5e:1a:88:2d:f2:70:55:e9:fd:
                    8c:df:8e:08:2a:b7:c9:39:62:b2:20:27:e2:49:4c:
                    ec:6a:2b:a6:21:ff:ed:c3:87:04:e0:cd:0a:94:96:
                    7a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:E3:B9:83:EE:4E:A6:C2:D7:B4:AB:E9:27:8B:A9:E2:BE:4B:40:6D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8aa61184-ad56-497c-b8e4-e70f368cbeef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.223.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         31:c2:e8:5e:ef:12:79:8a:e8:6c:67:4a:41:f2:0b:b3:4f:8e:
         a9:38:c2:35:c8:83:77:57:7e:95:a0:71:a7:5e:d3:87:19:74:
         61:7c:8a:c1:a0:31:84:30:8d:f4:4f:01:35:5a:55:79:0e:8d:
         dd:15:fc:fb:ac:4a:4c:ab:0d:cf:3a:c3:4c:21:71:60:b0:85:
         bf:3f:a1:eb:1f:c9:22:1b:1c:6f:fe:48:ee:4d:05:cf:2a:a9:
         4f:82:fa:8d:a3:a6:6a:e7:28:d1:e9:cb:5c:05:65:ff:f3:1e:
         99:f1:7d:e0:b6:bd:c7:65:a9:d3:46:cf:c5:80:c0:89:7c:51:
         26:88:88:4f:40:09:98:5f:82:d6:8c:57:49:a1:4e:4a:28:f6:
         4b:87:70:6c:a2:b7:14:e8:1e:11:0a:eb:e6:b3:73:1d:5c:2c:
         d2:ac:a2:3b:63:da:0f:54:41:0e:60:67:5f:c7:da:7c:f9:2d:
         2e:8a:20:43:5e:73:28:58:ac:62:dc:b4:74:1a:3a:66:94:80:
         9d:27:3d:cb:fe:77:99:22:95:17:c9:e6:9b:75:ba:be:7e:c7:
         e9:c9:27:ff:71:e1:dc:5d:fd:34:b5:c9:00:e3:89:7a:3b:c8:
         d3:de:2a:5c:f3:ca:7d:6e:c2:c7:cd:88:d5:71:80:a2:87:a4:
         24:0b:55:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM9+oSZvzI4smwB2g/bHy+bOrNCswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMGY1NzY2YjA2ZGUwNGY5ZGFiNmQ0ODA2N2NjZGJhMmY0
MzM2Y2Q5ZmQ1ZjNlMTJhMjBjZmJiMDk1NTVjNzIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqQGppRKkbK0GLULkOlSDgjcxfgy/F27TIIdqzR6ShZQi8
Ks1sDW3kYh9qn5/Nep5U4QFdAo7tf7OLE3es5YhPH2rdz9EHuvjdtnvkFXIzHR1D
B+BnEpsbkDmT0pW43ifR5kr05jiGYRXIQdFo+h8gIG6pEkxlEtX1/qwcmQFV50Gc
6iLcWFH014RjzFOj7kvCzSDq4pvs+ujip7eiDhLbmdARlG6iLEyJhDUel16w+yGd
6yd2NefnTuB0dFosg48WBOmFTCRPzEzYuM2R7dktVFJEmQftTF4aiC3ycFXp/Yzf
jggqt8k5YrIgJ+JJTOxqK6Yh/+3DhwTgzQqUlnq1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVOO5g+5OpsLXtKvpJ4up4r5LQG0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhhYTYxMTg0LWFkNTYtNDk3Yy1iOGU0LWU3MGYzNjhjYmVlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdo34AwDQYJKoZIhvcNAQELBQADggEBADHC6F7vEnmK6GxnSkHyC7NPjqk4
wjXIg3dXfpWgcade04cZdGF8isGgMYQwjfRPATVaVXkOjd0V/PusSkyrDc86w0wh
cWCwhb8/oesfySIbHG/+SO5NBc8qqU+C+o2jpmrnKNHpy1wFZf/zHpnxfeC2vcdl
qdNGz8WAwIl8USaIiE9ACZhfgtaMV0mhTkoo9kuHcGyitxToHhEK6+azcx1cLNKs
ojtj2g9UQQ5gZ1/H2nz5LS6KIENecyhYrGLctHQaOmaUgJ0nPcv+d5kilRfJ5pt1
ur5+x+nJJ/9x4dxd/TS1yQDjiXo7yNPeKlzzyn1uwsfNiNVxgKKHpCQLVWw=
-----END CERTIFICATE-----