Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b086dc28-133b-4dd0-b578-faeac612a70a.roa
File:                     b086dc28-133b-4dd0-b578-faeac612a70a.roa (raw, json)
Hash identifier:          cwN03HhGotVvBqRRQMvhbj/BxthGN3gCQ7x42gYCnzs=
Subject key identifier:   C5:DD:FE:2E:6B:B9:5C:55:2B:76:40:EB:9E:BB:F2:F1:91:9B:E8:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1706136895E2C8830EE0DCC776044D626850CE7A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b086dc28-133b-4dd0-b578-faeac612a70a.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.173.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:06:13:68:95:e2:c8:83:0e:e0:dc:c7:76:04:4d:62:68:50:ce:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=fd7299ebc6d98b0551bfaea506d1ae5bd69559510ab79426d44955023ffd3ceb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:97:90:ec:23:73:ee:7c:cd:ad:28:32:75:5a:
                    6a:e4:b9:ce:59:c4:75:5c:d8:9b:ad:fd:bc:91:46:
                    4a:bf:7d:f4:eb:53:31:ba:9e:77:85:e1:b0:f5:42:
                    8d:37:6d:ad:7b:71:74:e3:48:78:21:bf:30:14:76:
                    f0:3a:b5:15:bc:3d:80:06:60:5c:08:a2:fa:33:43:
                    1c:4a:43:98:44:e6:d7:dc:4b:e4:ee:e2:71:b3:00:
                    07:5d:4a:f7:c7:45:82:f5:27:80:62:a1:e7:5e:8c:
                    d3:e0:c4:71:89:5a:15:02:3d:56:1e:9e:b6:f0:99:
                    3c:4b:ad:48:6d:b5:1e:ba:d5:5b:46:5a:25:d8:84:
                    fa:9b:6f:65:19:d4:67:f9:d6:1c:d0:34:78:b5:0d:
                    84:43:4e:c5:1e:03:ac:43:4a:46:40:02:dc:01:62:
                    4b:cb:59:28:c1:2b:f8:d2:17:18:a4:22:61:a1:7e:
                    87:81:d0:ac:38:eb:11:71:c1:21:d2:b1:13:d5:04:
                    f5:3f:6d:44:0e:31:9f:5c:95:99:d2:8b:df:5f:78:
                    27:e9:42:66:bf:19:83:82:f8:f9:8d:bb:27:c9:c6:
                    47:68:65:43:65:70:66:77:f7:6d:8a:57:31:86:7f:
                    ca:b7:4c:9f:ae:66:99:09:6a:a8:99:ca:67:f3:6e:
                    50:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:DD:FE:2E:6B:B9:5C:55:2B:76:40:EB:9E:BB:F2:F1:91:9B:E8:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b086dc28-133b-4dd0-b578-faeac612a70a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.173.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         0a:bf:17:b8:b5:d4:84:b9:a9:f7:6e:e6:6f:4c:97:0c:c2:c1:
         3d:0a:08:37:45:ac:73:ac:ca:a5:07:27:c6:2a:0d:f2:6b:66:
         5e:b7:08:c7:6d:d1:d8:f6:ad:df:71:8a:46:f8:46:43:5b:b9:
         8e:47:76:89:c6:7c:a7:24:98:9c:ed:db:c8:72:35:82:db:d6:
         69:aa:8e:99:0d:76:33:38:4d:56:ba:32:16:51:1a:6d:99:89:
         64:b2:64:9d:10:25:e7:31:dc:22:32:62:0e:a9:fa:f8:48:15:
         27:57:42:c6:ae:54:70:e9:ef:f1:fd:16:92:58:74:be:08:8b:
         94:6f:e4:8c:de:3e:7b:a9:59:9a:95:f5:8d:16:da:07:ac:a5:
         9a:26:d1:42:e4:ff:23:2c:08:58:b6:12:40:ea:27:e3:25:16:
         74:1c:54:3a:28:2a:70:7a:c3:31:07:1c:dd:93:36:84:ec:4f:
         a3:92:49:6a:af:ae:3a:73:3b:ca:56:14:04:24:61:39:e3:fd:
         67:92:bc:ec:94:4b:d4:27:16:9c:cf:f4:54:56:de:eb:2b:43:
         64:08:be:b9:2c:3d:f8:4f:b4:e9:29:79:f6:8d:46:3d:3c:3f:
         2c:5d:0f:a2:9d:41:fc:89:ac:d8:b0:64:02:55:e0:f4:53:b8:
         ed:03:fa:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFwYTaJXiyIMO4NzHdgRNYmhQznowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDcyOTllYmM2ZDk4YjA1NTFiZmFlYTUwNmQxYWU1YmQ2
OTU1OTUxMGFiNzk0MjZkNDQ5NTUwMjNmZmQzY2ViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDil5DsI3PufM2tKDJ1Wmrkuc5ZxHVc2Jut/byRRkq/ffTr
UzG6nneF4bD1Qo03ba17cXTjSHghvzAUdvA6tRW8PYAGYFwIovozQxxKQ5hE5tfc
S+Tu4nGzAAddSvfHRYL1J4BioedejNPgxHGJWhUCPVYenrbwmTxLrUhttR661VtG
WiXYhPqbb2UZ1Gf51hzQNHi1DYRDTsUeA6xDSkZAAtwBYkvLWSjBK/jSFxikImGh
foeB0Kw46xFxwSHSsRPVBPU/bUQOMZ9clZnSi99feCfpQma/GYOC+PmNuyfJxkdo
ZUNlcGZ3922KVzGGf8q3TJ+uZpkJaqiZymfzblD7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUxd3+Lmu5XFUrdkDrnrvy8ZGb6NEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IwODZkYzI4LTEzM2ItNGRkMC1iNTc4LWZhZWFjNjEyYTcwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbYrQAwDQYJKoZIhvcNAQELBQADggEBAAq/F7i11IS5qfdu5m9MlwzCwT0K
CDdFrHOsyqUHJ8YqDfJrZl63CMdt0dj2rd9xikb4RkNbuY5HdonGfKckmJzt28hy
NYLb1mmqjpkNdjM4TVa6MhZRGm2ZiWSyZJ0QJecx3CIyYg6p+vhIFSdXQsauVHDp
7/H9FpJYdL4Ii5Rv5IzePnupWZqV9Y0W2gespZom0ULk/yMsCFi2EkDqJ+MlFnQc
VDooKnB6wzEHHN2TNoTsT6OSSWqvrjpzO8pWFAQkYTnj/WeSvOyUS9QnFpzP9FRW
3usrQ2QIvrksPfhPtOkpefaNRj08PyxdD6KdQfyJrNiwZAJV4PRTuO0D+oc=
-----END CERTIFICATE-----