Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/246fc546-65d3-42f2-935a-450e034b75a0.roa
File:                     246fc546-65d3-42f2-935a-450e034b75a0.roa (raw, json)
Hash identifier:          Oi9mK707vTpWiSkmn9va3xqSOMtHL7WREcWJ6gcuADw=
Subject key identifier:   B4:C4:56:55:59:D1:2B:94:EF:4D:6B:91:E4:9C:AE:98:73:9F:65:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04FB06C43F39D358AC56822546DB4FD27A32DCBE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/246fc546-65d3-42f2-935a-450e034b75a0.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        199.83.88.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:fb:06:c4:3f:39:d3:58:ac:56:82:25:46:db:4f:d2:7a:32:dc:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=f3e597f363b4b429ef5a5e156701682418ed86d6af1fd5a49a79f5753d975e7d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b5:f2:87:84:61:b8:bd:98:a1:4b:b8:49:47:
                    ac:ab:c6:cc:22:71:42:67:ad:ed:e8:29:4f:bc:e1:
                    92:f1:7d:bb:00:82:9c:e8:f8:b6:03:d0:b8:7d:c5:
                    2c:4d:d9:4e:c2:54:0a:52:e1:75:0e:3f:87:5d:f5:
                    63:40:75:19:c6:71:d1:15:2a:f6:3f:b1:33:07:75:
                    60:59:f0:07:17:56:78:cd:7b:ac:da:14:2b:5f:5c:
                    90:ea:fc:c2:9a:93:02:85:13:10:e8:7b:3d:43:54:
                    c9:2d:4d:6b:ec:e7:fd:a4:27:7f:aa:25:14:6f:18:
                    74:ed:12:b3:1f:fa:a1:c2:73:6e:2c:4d:08:b3:5a:
                    14:29:97:4b:ba:17:d4:b2:7f:ee:74:27:91:10:de:
                    ed:ca:85:a1:61:af:3c:3d:3e:02:3e:b4:14:fb:3f:
                    63:f2:d6:1a:c8:0c:df:d9:83:a3:5f:c1:43:5b:a5:
                    b8:8a:4c:00:14:2f:1e:76:de:c1:68:2f:b2:32:e4:
                    d2:26:54:8e:e6:44:fb:20:1d:f5:70:a6:e3:e2:db:
                    e3:cd:f6:32:25:da:26:72:f2:5d:01:4c:b2:b2:37:
                    ff:1f:12:f1:5b:e0:90:21:a6:f8:31:b4:99:a5:29:
                    15:dc:22:99:aa:4d:02:eb:c4:64:f1:cd:0a:8b:b3:
                    ce:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C4:56:55:59:D1:2B:94:EF:4D:6B:91:E4:9C:AE:98:73:9F:65:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/246fc546-65d3-42f2-935a-450e034b75a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.83.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:d3:71:91:8d:78:c7:32:8f:82:27:24:43:3c:97:43:1e:dc:
         b2:9c:0c:4b:9e:f7:2f:b1:a5:f7:d2:94:19:a7:87:d3:c4:54:
         68:13:0a:8c:9b:30:f2:a4:81:0c:5d:e4:5c:55:13:32:ee:64:
         5d:78:f0:66:94:14:47:36:22:ff:67:e3:1e:3f:c6:d4:d9:ea:
         fd:35:0d:b8:0d:64:44:7e:d8:de:5b:79:76:8e:0a:c0:d6:d6:
         13:33:fb:31:fd:ea:5c:b2:6c:ba:d6:cc:b2:50:59:15:0a:55:
         ae:e6:d6:38:9d:1c:7f:a2:4b:6b:ee:c6:e5:b5:a6:b5:fd:18:
         f9:e7:1e:9e:a6:8d:09:68:2d:7a:5c:ea:b5:d4:71:ae:b8:64:
         45:37:25:44:58:a5:8c:8e:c7:6b:2b:74:ff:6e:c6:d7:f4:32:
         53:da:82:1d:a1:51:c1:a9:fe:b4:0f:77:2d:84:3e:21:fe:25:
         d9:46:b0:62:53:2d:2c:f3:d0:f0:78:c2:a4:f4:3a:ee:93:76:
         4c:b4:5e:e0:2e:2f:ae:6d:89:da:60:f1:2a:99:37:66:06:6c:
         7b:19:c3:75:88:0c:70:58:94:ad:6e:0a:25:5c:4c:7b:c6:39:
         4d:21:7e:02:3d:dc:bb:3b:b0:27:56:c2:5d:f1:b8:66:fb:47:
         80:6f:6c:48
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBPsGxD8501isVoIlRttP0noy3L4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2U1OTdmMzYzYjRiNDI5ZWY1YTVlMTU2NzAxNjgyNDE4
ZWQ4NmQ2YWYxZmQ1YTQ5YTc5ZjU3NTNkOTc1ZTdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbtfKHhGG4vZihS7hJR6yrxswicUJnre3oKU+84ZLxfbsA
gpzo+LYD0Lh9xSxN2U7CVApS4XUOP4dd9WNAdRnGcdEVKvY/sTMHdWBZ8AcXVnjN
e6zaFCtfXJDq/MKakwKFExDoez1DVMktTWvs5/2kJ3+qJRRvGHTtErMf+qHCc24s
TQizWhQpl0u6F9Syf+50J5EQ3u3KhaFhrzw9PgI+tBT7P2Py1hrIDN/Zg6NfwUNb
pbiKTAAULx523sFoL7Iy5NImVI7mRPsgHfVwpuPi2+PN9jIl2iZy8l0BTLKyN/8f
EvFb4JAhpvgxtJmlKRXcIpmqTQLrxGTxzQqLs85HAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtMRWVVnRK5TvTWuR5JyumHOfZS4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI0NmZjNTQ2LTY1ZDMtNDJmMi05MzVhLTQ1MGUwMzRiNzVhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPHU1gwDQYJKoZIhvcNAQELBQADggEBAGjTcZGNeMcyj4InJEM8l0Me3LKc
DEue9y+xpffSlBmnh9PEVGgTCoybMPKkgQxd5FxVEzLuZF148GaUFEc2Iv9n4x4/
xtTZ6v01DbgNZER+2N5beXaOCsDW1hMz+zH96lyybLrWzLJQWRUKVa7m1jidHH+i
S2vuxuW1prX9GPnnHp6mjQloLXpc6rXUca64ZEU3JURYpYyOx2srdP9uxtf0MlPa
gh2hUcGp/rQPdy2EPiH+JdlGsGJTLSzz0PB4wqT0Ou6Tdky0XuAuL65tidpg8SqZ
N2YGbHsZw3WIDHBYlK1uCiVcTHvGOU0hfgI93Ls7sCdWwl3xuGb7R4BvbEg=
-----END CERTIFICATE-----