Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27360493-748f-4327-9cee-ba3f8ba9b8bd.roa
File:                     27360493-748f-4327-9cee-ba3f8ba9b8bd.roa (raw, json)
Hash identifier:          nL3rpjVwyHpsVMLDvCGRDXm4IpORcba388dXkU0T39o=
Subject key identifier:   18:7C:D4:3E:63:B0:05:A0:53:1A:9B:14:72:DD:FA:BF:E0:94:F7:0A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2478A49340BFA2CDDF1801C0DF72781FC6B59615
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27360493-748f-4327-9cee-ba3f8ba9b8bd.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        198.143.192.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:78:a4:93:40:bf:a2:cd:df:18:01:c0:df:72:78:1f:c6:b5:96:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=989db174b0d5e9efb0ac7c47517c9112ed0d193682d908ce2f130f98f96079dd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:41:a2:7d:c0:d5:b0:6c:26:6d:81:4a:ce:96:
                    65:00:56:11:b0:a3:da:39:29:b9:d7:a3:65:f5:70:
                    6e:3a:1d:3d:94:c8:73:8a:6a:99:f7:59:da:1f:bd:
                    6e:e8:2c:3f:d2:87:da:3f:e3:8c:66:d8:45:11:85:
                    06:b3:37:c8:1b:fa:ba:d3:bf:43:6b:f7:01:0b:20:
                    08:99:1c:05:e4:d5:46:99:0f:5c:42:12:2e:c1:85:
                    90:60:bb:00:c2:c4:b5:4d:c3:2a:1e:2e:cd:6a:d7:
                    f2:0f:14:a4:54:4e:46:9e:5b:e9:6e:0a:71:c5:f2:
                    a0:8e:46:7a:cb:3b:de:c2:eb:b6:38:a4:76:5d:27:
                    8b:5c:a0:e0:da:cc:e0:7b:66:ae:a4:1f:2e:f5:b3:
                    14:30:72:6a:2d:a5:09:a0:7a:63:0d:8f:92:65:22:
                    d6:52:6e:9a:86:2d:83:bb:67:59:8f:f2:06:c9:73:
                    f4:cc:86:26:33:18:23:fd:5c:c7:47:87:35:21:ad:
                    29:2f:43:bc:02:e5:3b:08:cc:03:63:58:f5:74:60:
                    c5:87:1c:83:92:ab:23:c4:d5:a8:a5:d9:92:0c:6c:
                    ed:0c:b0:4a:62:45:5b:f0:50:3e:5f:42:20:53:1e:
                    c0:eb:37:7c:26:e4:73:98:72:4f:29:b8:34:90:50:
                    b0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:7C:D4:3E:63:B0:05:A0:53:1A:9B:14:72:DD:FA:BF:E0:94:F7:0A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27360493-748f-4327-9cee-ba3f8ba9b8bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.143.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         97:0a:26:e7:32:e7:1a:d2:2f:21:2b:71:fc:4b:18:20:5d:69:
         bb:8a:ce:a0:8f:da:5e:c2:c1:06:89:2f:2c:dd:f4:5e:5a:72:
         6f:15:3e:70:29:ff:89:81:30:47:53:7d:e7:41:c6:b4:3a:52:
         53:4e:a0:b8:98:c3:ee:01:95:7c:77:bf:e8:92:ab:7d:b5:fc:
         07:d1:59:cc:02:2d:28:53:67:24:e4:a3:1b:5b:f0:31:3c:f3:
         2a:5e:5c:35:d7:08:dc:01:1b:4b:bc:a1:45:56:7e:4f:4a:4b:
         f5:68:b9:da:d9:bd:23:38:d7:a9:d1:94:41:82:e4:6f:e1:88:
         ee:5f:9f:5b:bd:bc:c2:40:41:46:91:99:b5:15:90:75:da:8f:
         02:51:0f:cf:31:94:50:ca:e5:6c:04:7b:f5:0e:a3:47:c9:12:
         d5:91:7f:a2:a1:f5:b3:84:2e:8d:ed:2d:21:cc:1e:82:a0:2a:
         39:77:81:1c:1c:32:9f:0b:f3:3d:ea:c6:f2:c7:68:3d:90:e9:
         b7:34:73:eb:47:b8:6c:a7:29:bf:17:be:81:65:15:0b:e1:74:
         cb:41:86:25:a5:25:91:d7:8c:7b:97:f0:24:44:1a:89:63:28:
         c2:bd:cf:2c:3c:3a:43:97:ed:62:ef:10:e8:81:3c:f0:2c:6b:
         f2:dc:87:7f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJHikk0C/os3fGAHA33J4H8a1lhUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ODlkYjE3NGIwZDVlOWVmYjBhYzdjNDc1MTdjOTExMmVk
MGQxOTM2ODJkOTA4Y2UyZjEzMGY5OGY5NjA3OWRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaQaJ9wNWwbCZtgUrOlmUAVhGwo9o5KbnXo2X1cG46HT2U
yHOKapn3WdofvW7oLD/Sh9o/44xm2EURhQazN8gb+rrTv0Nr9wELIAiZHAXk1UaZ
D1xCEi7BhZBguwDCxLVNwyoeLs1q1/IPFKRUTkaeW+luCnHF8qCORnrLO97C67Y4
pHZdJ4tcoODazOB7Zq6kHy71sxQwcmotpQmgemMNj5JlItZSbpqGLYO7Z1mP8gbJ
c/TMhiYzGCP9XMdHhzUhrSkvQ7wC5TsIzANjWPV0YMWHHIOSqyPE1ail2ZIMbO0M
sEpiRVvwUD5fQiBTHsDrN3wm5HOYck8puDSQULDrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGHzUPmOwBaBTGpsUct36v+CU9wowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3MzYwNDkzLTc0OGYtNDMyNy05Y2VlLWJhM2Y4YmE5YjhiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbGj8AwDQYJKoZIhvcNAQELBQADggEBAJcKJucy5xrSLyErcfxLGCBdabuK
zqCP2l7CwQaJLyzd9F5acm8VPnAp/4mBMEdTfedBxrQ6UlNOoLiYw+4BlXx3v+iS
q321/AfRWcwCLShTZyTkoxtb8DE88ypeXDXXCNwBG0u8oUVWfk9KS/VoudrZvSM4
16nRlEGC5G/hiO5fn1u9vMJAQUaRmbUVkHXajwJRD88xlFDK5WwEe/UOo0fJEtWR
f6Kh9bOELo3tLSHMHoKgKjl3gRwcMp8L8z3qxvLHaD2Q6bc0c+tHuGynKb8XvoFl
FQvhdMtBhiWlJZHXjHuX8CREGoljKMK9zyw8OkOX7WLvEOiBPPAsa/Lch38=
-----END CERTIFICATE-----