Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8085f81-a4ec-4915-ab79-d097d76b60bb.roa
File:                     f8085f81-a4ec-4915-ab79-d097d76b60bb.roa (raw, json)
Hash identifier:          yvNGlyfvtLoDYDLj7ESaHNUbYuWdDhNHmsYnoTV09Vw=
Subject key identifier:   36:38:1C:D4:15:98:9B:EB:15:D6:81:74:04:29:73:89:19:6F:44:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60EACDD56C200AA38F54294D9E9C480717720266
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8085f81-a4ec-4915-ab79-d097d76b60bb.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        117.18.100.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:ea:cd:d5:6c:20:0a:a3:8f:54:29:4d:9e:9c:48:07:17:72:02:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=1251cb6fcb12a782ae0cb4a83f8942318713a28bcb8f09424653616b2b836783, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e5:f2:c5:1d:cc:64:9f:ec:e1:79:5c:7f:73:
                    87:2f:ef:91:50:ee:3a:a7:5b:34:c8:fd:13:27:0b:
                    07:1c:fe:d4:17:df:8a:e2:95:54:3b:10:52:6c:0b:
                    92:73:10:ce:0f:84:4a:f9:17:06:4d:1f:06:4c:09:
                    e8:50:e6:ee:c0:0c:19:25:be:82:90:02:3f:76:bf:
                    7e:be:05:b1:d8:30:9c:28:61:c6:05:d4:ea:6c:c1:
                    fc:c6:ba:85:5e:76:82:65:0a:0a:38:f4:81:7d:05:
                    da:9d:9f:e9:67:c5:f6:ff:53:dd:96:3c:52:b2:f0:
                    34:de:35:de:25:8c:73:01:48:6a:f6:15:f1:4e:72:
                    fa:1b:9c:6f:9c:ec:56:40:16:33:ca:e8:00:25:70:
                    ff:f1:e9:9c:1d:40:0f:4b:b9:77:6e:39:9a:f3:29:
                    cb:30:0a:62:f5:44:8b:78:a9:78:56:d6:75:b2:90:
                    5d:33:d9:ad:b1:b5:10:2d:e3:16:c5:65:27:20:b3:
                    de:40:3b:49:44:df:a9:0c:1f:02:9b:a9:17:0c:79:
                    0a:cc:e4:3b:d7:65:9c:ff:c0:79:72:5c:5c:d9:21:
                    e1:ce:d3:05:52:33:92:f9:e1:bd:de:e6:76:b1:82:
                    9b:a1:10:b8:80:b3:06:94:b0:d5:46:ee:58:f4:a3:
                    1d:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:38:1C:D4:15:98:9B:EB:15:D6:81:74:04:29:73:89:19:6F:44:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f8085f81-a4ec-4915-ab79-d097d76b60bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.18.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bf:e5:36:b9:83:62:a7:70:96:de:aa:bc:65:8a:d1:52:cc:87:
         83:8b:49:56:ba:9b:0d:13:7b:34:b6:ba:c3:27:ce:9f:6b:e6:
         7f:c3:3f:95:27:72:06:32:1e:83:ec:12:d3:bb:3c:2a:1d:cc:
         e9:62:39:47:0b:e5:bc:9d:c3:a9:00:84:ed:01:a7:0d:b8:74:
         09:e8:bf:54:61:d8:46:cc:f7:d9:c9:7b:66:97:74:eb:94:fb:
         aa:18:e4:f9:ea:29:f8:4d:56:2c:57:74:13:22:a6:40:d9:01:
         2a:7e:74:5b:55:a5:09:03:01:04:67:98:71:a9:e2:9a:dd:51:
         36:b4:31:5b:c9:6f:ed:0e:56:ca:85:4d:71:1d:0b:30:67:5f:
         48:ad:0d:2f:03:2a:db:0b:7d:8e:59:bf:69:e0:0a:17:de:23:
         4f:79:da:be:a5:a0:89:80:19:c4:5c:2d:02:f9:07:ab:5c:e3:
         9b:61:0e:18:1e:62:80:ad:20:0a:8a:32:f0:a7:59:44:87:42:
         32:ca:f9:06:d7:af:fd:c2:db:4f:4e:a5:7c:f8:a1:c9:f9:29:
         ca:5e:7d:8f:0d:66:ca:75:10:e3:7e:11:9f:df:c2:41:ed:01:
         94:30:75:11:ec:70:5a:39:91:33:be:ef:fe:91:85:28:47:5b:
         a1:6d:ac:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYOrN1WwgCqOPVClNnpxIBxdyAmYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjUxY2I2ZmNiMTJhNzgyYWUwY2I0YTgzZjg5NDIzMTg3
MTNhMjhiY2I4ZjA5NDI0NjUzNjE2YjJiODM2NzgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCO5fLFHcxkn+zheVx/c4cv75FQ7jqnWzTI/RMnCwcc/tQX
34rilVQ7EFJsC5JzEM4PhEr5FwZNHwZMCehQ5u7ADBklvoKQAj92v36+BbHYMJwo
YcYF1OpswfzGuoVedoJlCgo49IF9Bdqdn+lnxfb/U92WPFKy8DTeNd4ljHMBSGr2
FfFOcvobnG+c7FZAFjPK6AAlcP/x6ZwdQA9LuXduOZrzKcswCmL1RIt4qXhW1nWy
kF0z2a2xtRAt4xbFZScgs95AO0lE36kMHwKbqRcMeQrM5DvXZZz/wHlyXFzZIeHO
0wVSM5L54b3e5naxgpuhELiAswaUsNVG7lj0ox3bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNjgc1BWYm+sV1oF0BClziRlvRDQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y4MDg1ZjgxLWE0ZWMtNDkxNS1hYjc5LWQwOTdkNzZiNjBiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAF1EmQwDQYJKoZIhvcNAQELBQADggEBAL/lNrmDYqdwlt6qvGWK0VLMh4OL
SVa6mw0TezS2usMnzp9r5n/DP5UncgYyHoPsEtO7PCodzOliOUcL5bydw6kAhO0B
pw24dAnov1Rh2EbM99nJe2aXdOuU+6oY5PnqKfhNVixXdBMipkDZASp+dFtVpQkD
AQRnmHGp4prdUTa0MVvJb+0OVsqFTXEdCzBnX0itDS8DKtsLfY5Zv2ngChfeI095
2r6loImAGcRcLQL5B6tc45thDhgeYoCtIAqKMvCnWUSHQjLK+QbXr/3C209OpXz4
ocn5KcpefY8NZsp1EON+EZ/fwkHtAZQwdRHscFo5kTO+7/6RhShHW6FtrP0=
-----END CERTIFICATE-----