Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94b23c9b-7745-4460-bd82-3f3d8aeca161.roa
File:                     94b23c9b-7745-4460-bd82-3f3d8aeca161.roa (raw, json)
Hash identifier:          GOvvGWPC8Tm8Km9nyBElPiy96dQp2VbXR9O2CSKKdTY=
Subject key identifier:   2F:DB:72:1B:F8:72:7E:E9:3E:2C:E0:5F:A5:C3:E0:CF:A3:DB:90:35
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       38B98CC176D3E565A7DD2E9A0CFF9AEFC4367E41
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94b23c9b-7745-4460-bd82-3f3d8aeca161.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        205.210.112.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:b9:8c:c1:76:d3:e5:65:a7:dd:2e:9a:0c:ff:9a:ef:c4:36:7e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=237dbc2f686dddd6bb302026a4f14c8b55b35e545a4cc73442ae0e894292eb7c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a8:ee:90:d4:b9:16:24:44:e7:7e:ff:0a:ca:
                    68:96:97:19:5f:ea:33:78:5c:07:fa:06:05:8a:f2:
                    88:6c:40:5d:be:65:7f:00:2d:0c:a8:51:90:4c:7f:
                    de:4e:37:6a:a3:a9:80:d2:97:b0:d1:92:7e:d5:52:
                    a0:fb:52:fe:dd:e2:f7:9e:ef:a1:cd:6e:08:dc:cc:
                    a7:ae:fb:1e:c7:be:90:17:b6:8f:62:07:9f:59:ac:
                    4c:09:f8:69:06:d8:d1:ea:dc:ba:07:51:de:a3:7c:
                    d5:1c:3a:5d:3f:7c:7f:fe:8f:5b:26:8d:13:48:e1:
                    44:ba:b6:72:8f:42:bc:3d:53:c7:c8:d7:bd:41:97:
                    57:0b:1b:7c:b6:5d:e8:8d:7d:5c:57:29:27:44:5e:
                    8b:af:6a:eb:c7:55:2f:e6:a9:a7:54:ce:f5:e4:d4:
                    8c:83:78:8a:f5:72:4f:91:cf:c8:6a:0a:79:99:01:
                    57:32:3e:ce:a1:f2:83:ca:02:2b:44:62:67:ff:1b:
                    49:81:59:74:67:50:80:a3:b6:94:93:24:42:93:f5:
                    3e:39:66:9f:59:20:e5:31:5e:d7:3c:a9:bf:dc:8a:
                    a8:de:d9:65:5b:c5:f3:25:7c:df:c5:5b:f9:02:06:
                    d3:21:95:82:0c:79:82:9b:10:fb:dd:3e:e4:3e:74:
                    23:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:DB:72:1B:F8:72:7E:E9:3E:2C:E0:5F:A5:C3:E0:CF:A3:DB:90:35
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/94b23c9b-7745-4460-bd82-3f3d8aeca161.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.210.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         d4:10:a2:a6:c8:2a:57:40:39:87:d7:2a:97:05:c1:c8:25:89:
         e6:9f:2e:d9:e8:f7:2a:ff:ee:96:c5:c8:b1:a7:f3:36:ca:02:
         3d:98:44:15:f3:7c:10:7f:99:38:5f:f6:c3:7e:6a:93:7d:46:
         6e:9d:b6:26:cf:45:c9:e6:bc:9f:af:28:5c:df:8f:9b:58:cd:
         36:cf:7d:3e:a7:f7:f5:a8:6f:eb:91:1f:e8:02:75:0d:7e:fd:
         9b:4b:21:b3:ae:9f:bc:8d:54:b9:0f:4b:74:f0:4a:33:e0:61:
         62:a1:72:79:65:d9:e1:83:52:a5:8f:33:cb:e8:9f:af:f3:ec:
         96:25:04:2b:1f:e9:2a:39:d6:fb:4d:86:6d:31:a6:6c:ec:7d:
         c6:9d:e7:c1:95:d2:24:d5:85:ab:47:e3:90:52:49:b9:a3:ac:
         4b:54:32:01:d1:30:67:34:c9:2f:a7:e5:ff:49:1c:87:11:42:
         fc:47:95:b0:97:5a:8b:fa:44:d2:25:46:4e:f2:17:23:f7:7c:
         63:18:bd:b1:91:d0:b6:7d:07:4c:f5:bf:0d:6e:59:ac:a4:a0:
         09:bb:d0:1f:11:e6:42:e1:8b:a0:0c:cc:90:7c:a5:68:50:a6:
         38:4c:83:21:8e:93:23:e4:30:bc:d2:a4:03:a1:5f:cc:11:e9:
         a1:0e:30:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOLmMwXbT5WWn3S6aDP+a78Q2fkEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzdkYmMyZjY4NmRkZGQ2YmIzMDIwMjZhNGYxNGM4YjU1
YjM1ZTU0NWE0Y2M3MzQ0MmFlMGU4OTQyOTJlYjdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYqO6Q1LkWJETnfv8KymiWlxlf6jN4XAf6BgWK8ohsQF2+
ZX8ALQyoUZBMf95ON2qjqYDSl7DRkn7VUqD7Uv7d4vee76HNbgjczKeu+x7HvpAX
to9iB59ZrEwJ+GkG2NHq3LoHUd6jfNUcOl0/fH/+j1smjRNI4US6tnKPQrw9U8fI
171Bl1cLG3y2XeiNfVxXKSdEXouvauvHVS/mqadUzvXk1IyDeIr1ck+Rz8hqCnmZ
AVcyPs6h8oPKAitEYmf/G0mBWXRnUICjtpSTJEKT9T45Zp9ZIOUxXtc8qb/ciqje
2WVbxfMlfN/FW/kCBtMhlYIMeYKbEPvdPuQ+dCO3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUL9tyG/hyfuk+LOBfpcPgz6PbkDUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0YjIzYzliLTc3NDUtNDQ2MC1iZDgyLTNmM2Q4YWVjYTE2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPN0nAwDQYJKoZIhvcNAQELBQADggEBANQQoqbIKldAOYfXKpcFwcglieaf
Ltno9yr/7pbFyLGn8zbKAj2YRBXzfBB/mThf9sN+apN9Rm6dtibPRcnmvJ+vKFzf
j5tYzTbPfT6n9/Wob+uRH+gCdQ1+/ZtLIbOun7yNVLkPS3TwSjPgYWKhcnll2eGD
UqWPM8von6/z7JYlBCsf6So51vtNhm0xpmzsfcad58GV0iTVhatH45BSSbmjrEtU
MgHRMGc0yS+n5f9JHIcRQvxHlbCXWov6RNIlRk7yFyP3fGMYvbGR0LZ9B0z1vw1u
WaykoAm70B8R5kLhi6AMzJB8pWhQpjhMgyGOkyPkMLzSpAOhX8wR6aEOMK4=
-----END CERTIFICATE-----