Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e50f271e-63b8-4348-9869-f337d2e23ae0.roa
File:                     e50f271e-63b8-4348-9869-f337d2e23ae0.roa (raw, json)
Hash identifier:          2hiv0oDkRZ3i6IRdKyh8jJPvg41fibUg3sqacaBfTiw=
Subject key identifier:   66:5E:33:1F:89:50:0B:A9:52:5F:94:62:30:CF:00:E0:C7:DA:32:E0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       450BBE786889CBB2186D529AE2C5F4BCDE84BAF8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e50f271e-63b8-4348-9869-f337d2e23ae0.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.67.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:0b:be:78:68:89:cb:b2:18:6d:52:9a:e2:c5:f4:bc:de:84:ba:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=477294525a879caa0ffa5193d3f233b93b490df08f80564976f065a8d7091460, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ad:f3:c7:04:15:e5:43:b8:28:43:99:e7:d4:
                    8b:61:43:76:84:32:95:f2:31:77:f5:c1:02:04:26:
                    b6:55:8f:fc:9e:cd:80:6d:be:be:38:ff:c0:c0:bf:
                    95:81:60:0a:76:93:34:70:76:02:12:25:e1:de:b9:
                    96:25:de:bb:10:83:cd:cd:52:77:d1:41:41:f0:2b:
                    e4:04:31:20:d4:d7:48:a2:75:6b:36:40:f7:6f:ab:
                    7c:d3:04:f5:42:4f:cc:63:63:03:23:7f:8a:b7:83:
                    50:04:fe:69:a6:5b:80:31:0a:57:bb:89:74:0f:ad:
                    ae:50:c3:8c:83:1c:d8:de:04:c5:86:6b:09:4a:17:
                    a8:18:27:60:aa:96:f7:61:7e:86:cf:ca:9b:c9:1a:
                    6e:48:04:ce:03:0e:aa:9f:60:3b:e7:0e:40:51:29:
                    41:fd:fb:44:dc:30:23:de:1f:75:a0:ca:67:6e:a0:
                    5f:ca:e7:ea:42:d1:f4:8f:9c:e5:87:d5:46:9d:0b:
                    32:50:fc:cc:71:44:07:1a:07:8b:f0:01:fc:c6:c7:
                    f4:e6:df:35:28:b4:b7:51:71:a1:04:8d:56:19:8b:
                    cc:cf:3d:67:31:7b:0b:95:d3:6f:a5:af:76:c5:e4:
                    97:4c:5d:bb:d7:18:7f:6d:a3:77:88:17:e1:cc:41:
                    38:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5E:33:1F:89:50:0B:A9:52:5F:94:62:30:CF:00:E0:C7:DA:32:E0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e50f271e-63b8-4348-9869-f337d2e23ae0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:60:d0:96:5a:7f:83:0e:27:58:0f:11:3c:3d:33:ad:ca:05:
         1c:e4:9e:1a:a4:13:0a:28:81:8a:9a:b4:dd:df:26:60:23:7c:
         91:21:08:8a:5d:fb:ac:b4:54:07:d0:e7:ab:53:3d:1f:a3:b0:
         af:9f:78:28:64:9c:ab:10:4b:8d:75:00:b3:2d:fc:63:71:6d:
         b1:e6:a5:33:2f:b6:8b:dd:2e:3f:76:bf:55:ad:fa:e0:15:fd:
         7d:80:5b:45:9a:df:29:27:22:e0:27:ce:b6:85:9c:1d:6f:b8:
         bf:38:76:e3:c7:c2:33:f5:e8:1a:0f:fe:7f:8d:cd:3d:45:4d:
         6b:52:83:89:c4:f1:6a:cd:03:b4:07:25:f6:09:7f:12:fd:ed:
         c7:19:ad:8f:ec:5f:ce:7b:5a:cd:ba:e1:7b:d1:ba:e2:5b:ea:
         70:5b:5a:dc:de:68:f2:42:4e:84:a7:6e:35:64:3c:2a:4d:d9:
         49:69:9f:c1:4b:63:c8:df:cf:f3:54:d6:89:28:08:8d:b5:c4:
         2e:1b:70:f6:c1:2b:59:e0:b5:0a:d1:11:bf:a4:bc:b5:90:61:
         90:97:03:04:f2:cc:b7:5f:4a:f2:ac:f8:7c:78:a7:39:dd:b3:
         a7:2d:de:8f:ca:29:1e:5b:2b:ed:b5:0c:5d:28:4b:98:2f:76:
         7c:36:b8:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURQu+eGiJy7IYbVKa4sX0vN6EuvgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NzcyOTQ1MjVhODc5Y2FhMGZmYTUxOTNkM2YyMzNiOTNi
NDkwZGYwOGY4MDU2NDk3NmYwNjVhOGQ3MDkxNDYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxrfPHBBXlQ7goQ5nn1IthQ3aEMpXyMXf1wQIEJrZVj/ye
zYBtvr44/8DAv5WBYAp2kzRwdgISJeHeuZYl3rsQg83NUnfRQUHwK+QEMSDU10ii
dWs2QPdvq3zTBPVCT8xjYwMjf4q3g1AE/mmmW4AxCle7iXQPra5Qw4yDHNjeBMWG
awlKF6gYJ2CqlvdhfobPypvJGm5IBM4DDqqfYDvnDkBRKUH9+0TcMCPeH3Wgymdu
oF/K5+pC0fSPnOWH1UadCzJQ/MxxRAcaB4vwAfzGx/Tm3zUotLdRcaEEjVYZi8zP
PWcxewuV02+lr3bF5JdMXbvXGH9to3eIF+HMQTgbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZl4zH4lQC6lSX5RiMM8A4MfaMuAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1MGYyNzFlLTYzYjgtNDM0OC05ODY5LWYzMzdkMmUyM2FlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUMwDQYJKoZIhvcNAQELBQADggEBAJlg0JZaf4MOJ1gPETw9M63KBRzk
nhqkEwoogYqatN3fJmAjfJEhCIpd+6y0VAfQ56tTPR+jsK+feChknKsQS411ALMt
/GNxbbHmpTMvtovdLj92v1Wt+uAV/X2AW0Wa3yknIuAnzraFnB1vuL84duPHwjP1
6BoP/n+NzT1FTWtSg4nE8WrNA7QHJfYJfxL97ccZrY/sX857Ws264XvRuuJb6nBb
WtzeaPJCToSnbjVkPCpN2Ulpn8FLY8jfz/NU1okoCI21xC4bcPbBK1ngtQrREb+k
vLWQYZCXAwTyzLdfSvKs+Hx4pznds6ct3o/KKR5bK+21DF0oS5gvdnw2uMA=
-----END CERTIFICATE-----