Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b1941d6-503f-4c1f-a430-911506ace3cc.roa
File:                     2b1941d6-503f-4c1f-a430-911506ace3cc.roa (raw, json)
Hash identifier:          eogxDcET4hmii+DutESc0BhJQtxzsXhZsmLtlgHe1ks=
Subject key identifier:   42:04:B0:E2:3C:E6:C7:AB:72:0D:D5:C6:44:75:69:89:18:FA:07:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       67F8D343206B7950D1C317664F68D3705FBF7C65
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b1941d6-503f-4c1f-a430-911506ace3cc.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        204.17.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:f8:d3:43:20:6b:79:50:d1:c3:17:66:4f:68:d3:70:5f:bf:7c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=120c0c413a78483ebb882996f9d9885cbd0f9d58894ac57ba96322f8b4227d20, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:47:20:26:c5:dd:02:f5:55:c1:e9:6a:05:1d:
                    ae:0c:a1:12:6a:19:2f:3e:83:03:3e:d7:42:d1:c4:
                    65:8e:57:9e:27:bd:4a:d1:6d:cf:be:14:48:e1:c0:
                    52:f0:13:7f:fd:a6:e6:67:be:6a:f5:79:06:dc:c6:
                    c4:fc:26:07:ad:a6:c9:53:d8:10:5d:3d:75:5f:e9:
                    a2:34:d4:5a:01:91:72:89:2c:7a:41:13:f9:a4:7e:
                    7b:72:0e:12:6e:05:af:9f:6b:2b:68:ff:b1:1e:95:
                    d1:03:22:2d:f6:de:f3:e2:23:f1:a8:db:d5:c9:a1:
                    03:b0:74:2f:ae:68:3d:01:b5:f9:f8:31:ec:f7:6b:
                    c7:d4:db:98:23:25:4b:0d:26:53:58:46:44:ba:db:
                    66:20:57:66:46:95:96:f6:a2:38:39:4f:8e:c3:04:
                    6e:84:13:08:7e:4b:69:27:c7:c5:ae:6c:ae:6b:99:
                    d1:e9:8f:c8:6b:94:02:a2:2b:34:c3:b8:2a:1a:8a:
                    13:15:b3:61:d6:c6:12:cd:f6:38:d4:90:d1:66:68:
                    44:76:4b:f3:c4:40:02:65:47:1d:6e:2c:b2:9e:72:
                    4b:1e:38:1a:ea:ff:49:92:a5:d1:b1:d1:67:97:99:
                    45:80:dd:64:09:47:9f:1a:f1:14:a1:18:dd:94:51:
                    1e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:04:B0:E2:3C:E6:C7:AB:72:0D:D5:C6:44:75:69:89:18:FA:07:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b1941d6-503f-4c1f-a430-911506ace3cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.17.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         7d:70:18:f9:15:93:02:ae:2b:07:df:03:38:e3:78:ab:41:e8:
         1b:ca:e6:b5:8a:83:34:d2:03:56:ab:b2:28:eb:cb:25:6c:53:
         22:e5:c6:38:f9:82:e7:b8:2c:e0:9d:e9:d1:c5:9c:1c:51:b6:
         ca:28:11:2c:09:72:cc:c5:97:7d:88:57:2b:fa:c5:55:8b:1b:
         3d:18:c4:7a:e3:9d:1a:a8:42:23:6b:17:35:5f:b2:34:41:b0:
         93:a8:91:3b:7f:fa:58:80:a3:11:2b:83:58:b1:38:29:4c:04:
         a8:4d:0e:af:dd:37:15:ea:22:7b:34:a5:52:a5:b2:44:88:73:
         f9:f7:d8:f9:09:a1:9a:77:08:c9:ef:5e:a6:f4:c5:f3:c3:0c:
         1a:45:2e:29:5c:93:15:fa:c5:01:0a:7c:5d:b5:1f:b4:85:78:
         4a:e0:8a:d3:f4:47:a9:be:70:c3:05:59:9e:5c:e0:1e:4a:3e:
         b9:0b:56:db:83:c9:ff:e5:40:f3:24:fb:06:2f:c9:54:da:b1:
         b2:b5:29:89:b8:2b:d6:ed:82:b8:ae:81:f7:2d:bd:d6:0c:5e:
         e1:8e:9e:e1:42:f5:4e:27:c3:ab:f4:40:6c:de:12:a0:db:de:
         fd:c2:63:4d:fb:f8:54:c8:1d:95:19:17:48:85:c8:0f:8a:22:
         f4:6f:f8:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ/jTQyBreVDRwxdmT2jTcF+/fGUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjBjMGM0MTNhNzg0ODNlYmI4ODI5OTZmOWQ5ODg1Y2Jk
MGY5ZDU4ODk0YWM1N2JhOTYzMjJmOGI0MjI3ZDIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjRyAmxd0C9VXB6WoFHa4MoRJqGS8+gwM+10LRxGWOV54n
vUrRbc++FEjhwFLwE3/9puZnvmr1eQbcxsT8JgetpslT2BBdPXVf6aI01FoBkXKJ
LHpBE/mkfntyDhJuBa+fayto/7EeldEDIi323vPiI/Go29XJoQOwdC+uaD0Btfn4
Mez3a8fU25gjJUsNJlNYRkS622YgV2ZGlZb2ojg5T47DBG6EEwh+S2knx8WubK5r
mdHpj8hrlAKiKzTDuCoaihMVs2HWxhLN9jjUkNFmaER2S/PEQAJlRx1uLLKeckse
OBrq/0mSpdGx0WeXmUWA3WQJR58a8RShGN2UUR5DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQgSw4jzmx6tyDdXGRHVpiRj6B+YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiMTk0MWQ2LTUwM2YtNGMxZi1hNDMwLTkxMTUwNmFjZTNjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbMEUAwDQYJKoZIhvcNAQELBQADggEBAH1wGPkVkwKuKwffAzjjeKtB6BvK
5rWKgzTSA1arsijryyVsUyLlxjj5gue4LOCd6dHFnBxRtsooESwJcszFl32IVyv6
xVWLGz0YxHrjnRqoQiNrFzVfsjRBsJOokTt/+liAoxErg1ixOClMBKhNDq/dNxXq
Ins0pVKlskSIc/n32PkJoZp3CMnvXqb0xfPDDBpFLilckxX6xQEKfF21H7SFeErg
itP0R6m+cMMFWZ5c4B5KPrkLVtuDyf/lQPMk+wYvyVTasbK1KYm4K9btgriugfct
vdYMXuGOnuFC9U4nw6v0QGzeEqDb3v3CY037+FTIHZUZF0iFyA+KIvRv+Ao=
-----END CERTIFICATE-----