Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/100fc626-c172-4319-b3e2-b8430704d954.roa
File:                     100fc626-c172-4319-b3e2-b8430704d954.roa (raw, json)
Hash identifier:          1F0tWMgVsm2a+qlMygWr8qd4aNKj/Gq52I5Myg1sI+4=
Subject key identifier:   AD:CA:80:57:EF:92:F6:D2:AA:0F:48:ED:FD:F3:2F:2F:56:1D:6A:5D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       38EC1C09B1165AE3B9B15F9EFA02ED578F73822A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/100fc626-c172-4319-b3e2-b8430704d954.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        192.157.33.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:ec:1c:09:b1:16:5a:e3:b9:b1:5f:9e:fa:02:ed:57:8f:73:82:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:33:15:ff:57:d1:7d:8f:bb:56:21:24:e6:a0:
                    96:47:a2:c5:f3:66:6b:9b:cb:92:0f:e7:a6:4a:74:
                    e8:05:6f:1a:e4:f3:d8:1b:1d:ca:ea:56:fc:99:c7:
                    8a:22:6a:44:e3:6c:a0:a4:28:e6:bf:61:1e:f3:29:
                    f8:54:d4:59:b2:86:0e:36:b2:21:3d:a2:87:4d:34:
                    81:a6:75:49:fb:72:35:76:4c:97:50:af:15:81:96:
                    c1:5e:0b:f7:8a:38:d5:7b:09:a3:a8:66:33:b3:95:
                    ba:bb:1e:3f:d7:fb:f3:37:60:55:2a:29:b8:7a:34:
                    d2:0d:45:73:f9:1c:86:e8:c7:c2:0d:55:88:2f:b8:
                    3d:ef:04:46:a6:08:53:85:91:30:f8:ce:31:2a:63:
                    57:56:e7:19:07:bf:ae:eb:1c:90:dc:35:04:8d:3a:
                    dc:f8:3a:8c:16:e0:63:06:e2:cb:fe:b8:61:f9:5d:
                    6e:16:8c:0c:27:cd:3f:0f:19:4c:9b:18:dd:37:13:
                    c7:8c:09:6b:1e:7b:b9:d5:4f:1c:0c:3e:42:db:65:
                    bc:b6:f7:a2:8a:a6:a9:df:e0:ff:03:3f:78:66:de:
                    cc:18:c2:6a:4d:8c:23:de:7d:28:9b:77:73:32:32:
                    c8:e4:96:85:40:4f:df:1b:32:86:8d:74:40:58:11:
                    57:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:CA:80:57:EF:92:F6:D2:AA:0F:48:ED:FD:F3:2F:2F:56:1D:6A:5D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/100fc626-c172-4319-b3e2-b8430704d954.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.157.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:94:73:98:5d:fc:6c:32:9c:fe:c3:0a:5c:c2:57:95:0b:4e:
         a8:fd:0a:50:00:d6:81:3c:e1:25:ad:8a:7a:74:6e:40:fe:c9:
         76:4c:d5:ab:02:39:05:4e:91:b3:35:8d:0b:c3:ed:4f:f3:cc:
         ea:22:4f:18:9a:6f:08:c9:09:b5:e6:96:2d:1c:ef:c6:70:ef:
         f8:2c:60:74:d9:0e:4d:3c:43:cd:f8:54:a7:19:db:23:41:22:
         99:1b:78:6e:fe:6b:21:39:9e:ac:9b:73:64:ed:67:23:d2:f3:
         bd:d9:df:61:c5:b6:32:e0:90:05:b6:3c:3d:cf:cd:d1:20:22:
         e7:18:26:86:7f:21:68:fc:c1:fb:b5:14:ea:06:0d:f3:05:bf:
         f5:03:21:9c:e2:46:09:82:a8:a3:20:78:c1:f2:e6:28:f8:91:
         87:16:e7:b0:14:ed:15:9e:a5:71:38:dc:2b:c9:71:5c:0b:fe:
         3d:47:e2:73:2d:92:97:fe:0b:56:77:90:80:dc:cc:04:90:e8:
         06:03:eb:d9:94:8d:81:e5:d1:d9:02:88:eb:20:a8:29:03:df:
         d8:99:a4:35:6e:82:35:66:d1:3d:f9:d8:f5:2b:4b:a8:1a:2f:
         55:8d:01:d2:8b:71:4c:c6:92:6b:f0:63:eb:aa:d1:0e:95:d2:
         d2:9d:76:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOOwcCbEWWuO5sV+e+gLtV49zgiowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjI0YmJlNDUyNDBhYjZmOTA3ZGE0N2MyYzQzNmE4YzVk
ZGNiMmY1ZmZhY2ZmMzkzYzBlNzRhOWQ5ZTg5NTg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDMxX/V9F9j7tWISTmoJZHosXzZmuby5IP56ZKdOgFbxrk
89gbHcrqVvyZx4oiakTjbKCkKOa/YR7zKfhU1Fmyhg42siE9oodNNIGmdUn7cjV2
TJdQrxWBlsFeC/eKONV7CaOoZjOzlbq7Hj/X+/M3YFUqKbh6NNINRXP5HIbox8IN
VYgvuD3vBEamCFOFkTD4zjEqY1dW5xkHv67rHJDcNQSNOtz4OowW4GMG4sv+uGH5
XW4WjAwnzT8PGUybGN03E8eMCWsee7nVTxwMPkLbZby296KKpqnf4P8DP3hm3swY
wmpNjCPefSibd3MyMsjkloVAT98bMoaNdEBYEVfLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrcqAV++S9tKqD0jt/fMvL1Ydal0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwMGZjNjI2LWMxNzItNDMxOS1iM2UyLWI4NDMwNzA0ZDk1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAnSEwDQYJKoZIhvcNAQELBQADggEBADiUc5hd/GwynP7DClzCV5ULTqj9
ClAA1oE84SWtinp0bkD+yXZM1asCOQVOkbM1jQvD7U/zzOoiTxiabwjJCbXmli0c
78Zw7/gsYHTZDk08Q834VKcZ2yNBIpkbeG7+ayE5nqybc2TtZyPS873Z32HFtjLg
kAW2PD3PzdEgIucYJoZ/IWj8wfu1FOoGDfMFv/UDIZziRgmCqKMgeMHy5ij4kYcW
57AU7RWepXE43CvJcVwL/j1H4nMtkpf+C1Z3kIDczASQ6AYD69mUjYHl0dkCiOsg
qCkD39iZpDVugjVm0T352PUrS6gaL1WNAdKLcUzGkmvwY+uq0Q6V0tKddsM=
-----END CERTIFICATE-----