Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/092487eb-f773-489e-ac0b-05969f724d79.roa
File:                     092487eb-f773-489e-ac0b-05969f724d79.roa (raw, json)
Hash identifier:          ZD9If6rPpjHUG1s4RV1zjcfBcgPfsWZeyzs6sRBewgQ=
Subject key identifier:   63:C7:10:84:48:CD:3D:FF:EC:CE:0D:A1:7C:62:E1:34:D6:59:DF:A3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D02E6DE6A91CC6A88543AFD87D50CCC1CB74922
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/092487eb-f773-489e-ac0b-05969f724d79.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        108.166.224.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:02:e6:de:6a:91:cc:6a:88:54:3a:fd:87:d5:0c:cc:1c:b7:49:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:66:3e:ab:a4:02:5a:51:ba:c5:0e:31:5c:e0:
                    ce:7f:37:1a:47:8b:1a:09:69:78:51:1d:9d:61:32:
                    13:5d:cd:e2:16:12:7f:33:9b:ff:89:06:37:1d:37:
                    57:bf:66:91:72:d9:9a:ab:a4:8a:e6:6b:ad:79:82:
                    8e:9e:d3:e6:e1:49:60:81:68:06:e8:ba:27:71:81:
                    46:17:2a:54:9d:2f:72:eb:e8:fe:2d:9a:87:c9:44:
                    83:88:8a:1f:07:29:36:6b:68:05:a5:83:4a:cc:fb:
                    31:bc:56:0f:4b:8e:88:5b:b2:74:94:36:ba:cd:fb:
                    e7:56:d4:62:12:5c:5f:a3:46:7f:68:57:5b:73:2e:
                    5b:bc:fd:30:be:06:42:39:d5:5e:cf:08:ea:53:24:
                    1d:75:16:8d:ac:65:e4:1d:3f:c8:13:34:be:7c:73:
                    1d:45:60:76:b4:1e:45:5b:44:88:08:23:02:af:ef:
                    70:17:95:95:1b:5e:06:60:7c:a9:e0:d8:85:f3:b4:
                    af:1c:eb:56:b7:38:0b:4f:0a:c4:3d:ea:17:b3:a2:
                    18:ea:f7:86:a5:3d:a7:e9:7b:b2:65:ec:66:aa:c2:
                    43:31:5c:ac:52:a2:4d:36:b5:b4:de:25:d3:b3:4e:
                    98:3a:64:3f:09:38:a1:8b:b1:2c:2b:58:8a:23:c4:
                    e4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:C7:10:84:48:CD:3D:FF:EC:CE:0D:A1:7C:62:E1:34:D6:59:DF:A3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/092487eb-f773-489e-ac0b-05969f724d79.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  108.166.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7a:f5:df:0c:84:db:44:68:7d:9e:98:6d:94:8c:4e:db:56:cc:
         74:0b:7e:5d:d0:7d:55:eb:9a:30:70:04:cc:48:15:9f:0d:30:
         e2:69:52:d9:dd:43:81:7c:10:50:d9:96:f5:c1:53:f0:f4:99:
         d9:99:a5:a0:52:6c:23:7a:39:0e:8b:c5:aa:e1:48:68:00:91:
         d6:71:a8:80:88:89:0c:d3:17:cd:f9:b0:f8:68:bf:59:72:a4:
         b2:57:a7:15:2b:aa:d3:12:46:5d:0e:ed:66:79:b5:ec:a3:96:
         db:8c:95:d4:5c:dd:32:bd:ee:b5:2a:3e:89:43:bd:98:4d:b2:
         c9:6a:e7:d1:e3:12:36:92:9c:c9:7a:57:0c:aa:30:92:fe:69:
         4c:e1:84:54:61:aa:3d:cf:e7:83:8b:e1:92:33:9b:14:58:67:
         6d:ee:4d:77:8a:92:7b:d3:ae:15:05:10:45:3a:8f:4b:e1:89:
         1f:b1:46:ef:96:f8:b7:24:26:30:31:77:21:91:64:08:16:01:
         d3:95:36:b0:5b:45:b5:4a:35:d7:1f:1e:7b:01:07:af:d5:55:
         9a:87:74:05:22:61:77:58:88:39:34:01:d7:f6:3f:47:02:b6:
         05:76:1a:60:6f:d2:81:dd:16:c5:87:0b:af:30:76:be:08:a5:
         65:cb:2e:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTQLm3mqRzGqIVDr9h9UMzBy3SSIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDkxZGM2YWZmM2U0YjExY2NjZDhkNWE3ZDU5MGQwMjlh
YzkxMzI0N2Q4ZTExOGQ5NmE0MWIzNjY0ODA1MGJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHZj6rpAJaUbrFDjFc4M5/NxpHixoJaXhRHZ1hMhNdzeIW
En8zm/+JBjcdN1e/ZpFy2ZqrpIrma615go6e0+bhSWCBaAbouidxgUYXKlSdL3Lr
6P4tmofJRIOIih8HKTZraAWlg0rM+zG8Vg9LjohbsnSUNrrN++dW1GISXF+jRn9o
V1tzLlu8/TC+BkI51V7PCOpTJB11Fo2sZeQdP8gTNL58cx1FYHa0HkVbRIgIIwKv
73AXlZUbXgZgfKng2IXztK8c61a3OAtPCsQ96hezohjq94alPafpe7Jl7GaqwkMx
XKxSok02tbTeJdOzTpg6ZD8JOKGLsSwrWIojxORfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUY8cQhEjNPf/szg2hfGLhNNZZ36MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA5MjQ4N2ViLWY3NzMtNDg5ZS1hYzBiLTA1OTY5ZjcyNGQ3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANspuAwDQYJKoZIhvcNAQELBQADggEBAHr13wyE20RofZ6YbZSMTttWzHQL
fl3QfVXrmjBwBMxIFZ8NMOJpUtndQ4F8EFDZlvXBU/D0mdmZpaBSbCN6OQ6Lxarh
SGgAkdZxqICIiQzTF835sPhov1lypLJXpxUrqtMSRl0O7WZ5teyjltuMldRc3TK9
7rUqPolDvZhNsslq59HjEjaSnMl6VwyqMJL+aUzhhFRhqj3P54OL4ZIzmxRYZ23u
TXeKknvTrhUFEEU6j0vhiR+xRu+W+LckJjAxdyGRZAgWAdOVNrBbRbVKNdcfHnsB
B6/VVZqHdAUiYXdYiDk0Adf2P0cCtgV2GmBv0oHdFsWHC68wdr4IpWXLLsM=
-----END CERTIFICATE-----