Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4a6cb0e-8d23-4702-a03f-3c9e5f74acd1.roa
File:                     b4a6cb0e-8d23-4702-a03f-3c9e5f74acd1.roa (raw, json)
Hash identifier:          an45HN52pD3uu5S0q0+ab6n2zUOGeWiny6wmfAgqm8Q=
Subject key identifier:   A2:AF:3A:3D:2A:09:C4:B1:DE:0D:65:08:04:EC:06:86:7D:9B:94:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49FFE3C35E60D851A09A6F60FB52699F12633A61
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4a6cb0e-8d23-4702-a03f-3c9e5f74acd1.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        5.60.136.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:ff:e3:c3:5e:60:d8:51:a0:9a:6f:60:fb:52:69:9f:12:63:3a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: serialNumber=ea73badd46601b95eb40525cf02fe1fdd661275e307a7621f9d1eef5aba1eb18, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:1c:5b:74:55:a6:e8:85:30:b0:fa:35:fe:14:
                    5d:b1:cc:d9:ca:67:68:16:bd:32:a2:30:7f:7a:d5:
                    67:dd:d4:66:cf:93:66:53:be:4d:33:36:09:46:db:
                    de:06:9e:63:bf:97:bc:08:2a:0b:a9:f0:27:2d:02:
                    bf:14:e8:a3:c4:96:51:e4:2d:6d:62:46:cd:5e:50:
                    da:a4:c2:9a:95:49:5d:fe:e7:7e:95:fa:f7:0f:55:
                    06:87:fb:8c:42:f4:52:ca:31:35:26:7e:1b:27:90:
                    d9:f1:67:cb:4b:bf:03:b4:81:ad:06:64:2c:ba:7b:
                    c4:5c:db:f0:e2:72:3a:9b:5f:d9:e1:d4:7d:ee:f3:
                    55:26:ab:a5:3a:1a:bb:0d:20:3b:a7:55:41:bf:73:
                    4b:de:87:f2:56:fa:fe:b7:ae:d0:91:24:1a:0e:41:
                    a0:78:bd:7e:c7:98:fb:f3:53:6c:93:f1:e0:88:14:
                    04:4b:bd:2c:a7:3c:bc:e9:b5:a3:81:76:1d:85:1b:
                    dc:ca:ed:45:ed:99:40:b4:11:25:ed:31:0f:fb:28:
                    0a:29:64:56:ce:aa:69:e3:7d:a2:a6:3b:c2:a2:6f:
                    0c:27:8b:16:e9:68:3c:76:bd:8a:8d:6d:9f:67:46:
                    b5:dd:a6:45:fd:1a:4f:5a:39:c9:b5:fa:a3:c1:8a:
                    ce:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AF:3A:3D:2A:09:C4:B1:DE:0D:65:08:04:EC:06:86:7D:9B:94:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4a6cb0e-8d23-4702-a03f-3c9e5f74acd1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:56:54:30:e5:4d:c4:a4:4a:ad:69:8c:d5:96:b2:5e:37:e4:
         af:9f:e6:a1:4e:eb:64:0c:11:da:ed:39:a1:97:c9:47:20:94:
         fe:b4:82:03:27:95:a4:fb:85:30:8f:8d:73:71:32:16:c7:f2:
         61:81:19:7b:ed:1c:12:f7:27:15:1e:bd:cc:cc:65:93:f1:a0:
         9c:be:ce:cd:17:90:91:62:fe:74:da:d1:4b:a0:92:4d:ec:46:
         0a:cc:2e:2a:03:13:6d:59:7c:a2:ae:02:89:15:68:3a:53:ce:
         55:bd:5a:da:e0:d1:16:f5:74:53:f8:1f:b3:ec:f6:3e:f4:32:
         42:f6:53:5a:c5:39:24:a6:19:ab:de:9c:32:4a:ec:5b:a0:b2:
         27:d0:56:ff:13:31:ce:2f:08:d0:7e:8d:87:72:91:69:72:f0:
         f0:d6:c7:03:75:41:b6:c6:02:0b:0b:e8:33:fa:ea:5b:df:ce:
         65:3a:01:60:9f:56:34:0c:3c:69:90:40:bb:c3:d2:4b:fa:3a:
         2a:c0:d3:e3:8c:b6:81:6e:a1:e2:59:88:85:04:39:c0:7d:25:
         97:8c:8e:e7:5e:dc:0f:55:bb:cf:92:74:b6:82:62:75:8e:fd:
         b0:0a:1e:ed:7c:18:04:90:55:df:2f:10:36:65:9d:df:06:b1:
         72:f0:56:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSf/jw15g2FGgmm9g+1JpnxJjOmEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTczYmFkZDQ2NjAxYjk1ZWI0MDUyNWNmMDJmZTFmZGQ2
NjEyNzVlMzA3YTc2MjFmOWQxZWVmNWFiYTFlYjE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFHFt0VabohTCw+jX+FF2xzNnKZ2gWvTKiMH961Wfd1GbP
k2ZTvk0zNglG294GnmO/l7wIKgup8CctAr8U6KPEllHkLW1iRs1eUNqkwpqVSV3+
536V+vcPVQaH+4xC9FLKMTUmfhsnkNnxZ8tLvwO0ga0GZCy6e8Rc2/DicjqbX9nh
1H3u81Umq6U6GrsNIDunVUG/c0veh/JW+v63rtCRJBoOQaB4vX7HmPvzU2yT8eCI
FARLvSynPLzptaOBdh2FG9zK7UXtmUC0ESXtMQ/7KAopZFbOqmnjfaKmO8Kibwwn
ixbpaDx2vYqNbZ9nRrXdpkX9Gk9aOcm1+qPBis59AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoq86PSoJxLHeDWUIBOwGhn2blA4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I0YTZjYjBlLThkMjMtNDcwMi1hMDNmLTNjOWU1Zjc0YWNkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPIgwDQYJKoZIhvcNAQELBQADggEBAHFWVDDlTcSkSq1pjNWWsl435K+f
5qFO62QMEdrtOaGXyUcglP60ggMnlaT7hTCPjXNxMhbH8mGBGXvtHBL3JxUevczM
ZZPxoJy+zs0XkJFi/nTa0Uugkk3sRgrMLioDE21ZfKKuAokVaDpTzlW9Wtrg0Rb1
dFP4H7Ps9j70MkL2U1rFOSSmGavenDJK7FugsifQVv8TMc4vCNB+jYdykWly8PDW
xwN1QbbGAgsL6DP66lvfzmU6AWCfVjQMPGmQQLvD0kv6OirA0+OMtoFuoeJZiIUE
OcB9JZeMjude3A9Vu8+SdLaCYnWO/bAKHu18GASQVd8vEDZlnd8GsXLwVlc=
-----END CERTIFICATE-----