Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8003908-130c-4b23-9648-9b1270a82198.roa
File:                     d8003908-130c-4b23-9648-9b1270a82198.roa (raw, json)
Hash identifier:          wFWIKpg0q3yqZh/efZcNdViAZCeSA7L95Z83+Qp3If4=
Subject key identifier:   D1:9F:25:BE:D7:12:DE:05:25:32:76:25:12:78:BE:6C:81:56:66:6E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       746E7C17C51FC484B317230713E5390C773F060C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8003908-130c-4b23-9648-9b1270a82198.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.115.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:6e:7c:17:c5:1f:c4:84:b3:17:23:07:13:e5:39:0c:77:3f:06:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=ec4980fc694d106e49b3c77ea7220a93c134a1f15c40e4d03292cde82be89f2f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2c:cc:73:c9:86:b0:fc:be:da:c5:1f:83:44:
                    eb:f7:59:36:2f:49:80:0c:de:ae:14:a4:c7:5c:58:
                    59:85:1b:f0:b7:65:4b:62:a0:f9:0a:74:6b:8e:81:
                    59:a4:f8:ca:e7:e5:57:24:c9:d2:61:d0:a2:c2:e2:
                    e9:bd:0a:92:e8:52:2d:26:99:86:c0:1a:91:41:9b:
                    a2:91:56:67:39:30:99:58:16:91:2e:bd:15:01:6e:
                    3a:73:6c:4d:60:00:1e:99:6b:e2:62:94:a8:b9:29:
                    16:65:3c:cb:79:bd:6b:c4:77:dd:93:86:c3:2e:88:
                    a9:8e:61:8c:6c:c4:81:ba:8a:61:6b:e0:a5:85:32:
                    9c:0d:62:2b:53:17:f8:91:73:d2:42:f5:c1:fd:dd:
                    0a:f7:2e:b5:fd:2c:1f:e5:cc:44:0c:85:08:c4:ce:
                    ef:3d:fe:d7:ed:21:c3:6f:32:9b:81:5d:61:ea:f6:
                    06:a9:85:eb:c6:ce:60:0c:01:ee:24:1c:56:3e:03:
                    a0:6b:98:e5:a3:b6:e8:87:02:5d:17:22:fe:6d:b8:
                    ac:04:05:a6:88:00:42:94:ed:de:cc:11:76:b8:50:
                    ec:dc:2e:72:a3:b1:77:78:18:21:76:69:43:82:70:
                    ca:0d:99:a5:a9:d1:95:c0:81:04:55:82:c7:cf:14:
                    8a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:9F:25:BE:D7:12:DE:05:25:32:76:25:12:78:BE:6C:81:56:66:6E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8003908-130c-4b23-9648-9b1270a82198.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.115.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c8:67:aa:9f:2a:cc:b3:12:5f:29:3a:56:05:db:ef:45:b1:3b:
         86:41:53:52:f9:9c:71:f1:9c:52:e4:2f:7a:ff:03:92:b0:c8:
         d7:56:90:35:65:02:db:fc:fc:4d:4c:38:07:c8:3d:38:17:06:
         ca:9d:cb:c7:56:92:b1:47:49:da:a7:d8:de:51:a5:86:bf:62:
         34:bc:8f:8e:2c:94:22:11:48:19:af:43:2c:d8:ce:f5:c0:7a:
         b1:f0:c8:e3:54:27:dd:5b:7f:cf:37:73:47:d7:18:4e:da:2a:
         78:6e:4b:28:20:4a:c2:74:0e:57:a7:c9:69:8a:8b:85:9c:0e:
         59:e9:18:5d:91:95:d1:26:ab:52:d3:9f:41:62:cf:35:b2:92:
         fb:3f:f0:e1:12:0c:e6:26:44:87:b9:5c:c2:71:55:77:c9:93:
         b1:ea:4e:97:4b:60:4c:76:85:dd:dc:80:84:ed:5e:e5:67:00:
         f3:78:43:42:d5:61:69:60:a0:f5:61:18:aa:57:1c:0c:7c:6e:
         49:9c:78:3d:38:18:96:56:86:f4:77:ae:1f:cb:68:3d:ff:b0:
         cf:d8:52:0d:fd:65:d1:94:47:54:10:47:5f:36:87:39:c9:e8:
         c7:2d:c9:87:62:48:de:0e:09:92:3c:71:ba:ec:40:07:36:20:
         70:7c:72:76
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdG58F8UfxISzFyMHE+U5DHc/BgwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzQ5ODBmYzY5NGQxMDZlNDliM2M3N2VhNzIyMGE5M2Mx
MzRhMWYxNWM0MGU0ZDAzMjkyY2RlODJiZTg5ZjJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+LMxzyYaw/L7axR+DROv3WTYvSYAM3q4UpMdcWFmFG/C3
ZUtioPkKdGuOgVmk+Mrn5VckydJh0KLC4um9CpLoUi0mmYbAGpFBm6KRVmc5MJlY
FpEuvRUBbjpzbE1gAB6Za+JilKi5KRZlPMt5vWvEd92ThsMuiKmOYYxsxIG6imFr
4KWFMpwNYitTF/iRc9JC9cH93Qr3LrX9LB/lzEQMhQjEzu89/tftIcNvMpuBXWHq
9gaphevGzmAMAe4kHFY+A6BrmOWjtuiHAl0XIv5tuKwEBaaIAEKU7d7MEXa4UOzc
LnKjsXd4GCF2aUOCcMoNmaWp0ZXAgQRVgsfPFIoVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0Z8lvtcS3gUlMnYlEni+bIFWZm4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4MDAzOTA4LTEzMGMtNGIyMy05NjQ4LTliMTI3MGE4MjE5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2czANBgkqhkiG9w0BAQsFAAOCAQEAyGeqnyrMsxJfKTpWBdvvRbE7hkFT
UvmccfGcUuQvev8DkrDI11aQNWUC2/z8TUw4B8g9OBcGyp3Lx1aSsUdJ2qfY3lGl
hr9iNLyPjiyUIhFIGa9DLNjO9cB6sfDI41Qn3Vt/zzdzR9cYTtoqeG5LKCBKwnQO
V6fJaYqLhZwOWekYXZGV0SarUtOfQWLPNbKS+z/w4RIM5iZEh7lcwnFVd8mTsepO
l0tgTHaF3dyAhO1e5WcA83hDQtVhaWCg9WEYqlccDHxuSZx4PTgYllaG9HeuH8to
Pf+wz9hSDf1l0ZRHVBBHXzaHOcnoxy3Jh2JI3g4JkjxxuuxABzYgcHxydg==
-----END CERTIFICATE-----