Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b741f6b-eb87-4aca-8805-7da1af501b10.roa
File:                     2b741f6b-eb87-4aca-8805-7da1af501b10.roa (raw, json)
Hash identifier:          11vDNAR2GwgAdktQhrMkqUuyjpqz0bauMCtfRR9vk9Y=
Subject key identifier:   40:B3:AF:24:00:D4:E9:F1:42:F9:BA:7E:5A:90:10:9E:D8:37:DC:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47C0A1CEC57328EBE767C3EAF95D8C79EF76C059
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b741f6b-eb87-4aca-8805-7da1af501b10.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        164.152.184.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:c0:a1:ce:c5:73:28:eb:e7:67:c3:ea:f9:5d:8c:79:ef:76:c0:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:77:d3:79:e1:81:b6:94:e1:95:c5:bb:a3:50:
                    87:09:cc:e3:4c:14:52:33:c9:71:11:c0:1f:2d:56:
                    de:08:7c:0a:5a:1f:2d:ab:f1:df:ae:b1:84:7a:7c:
                    74:b9:95:18:3b:6b:6a:c3:c0:b1:08:7d:27:e3:60:
                    25:36:7e:e4:a5:10:f4:32:b7:1b:38:3c:f0:96:bf:
                    0b:37:67:72:8e:53:cf:0b:5f:f9:75:b2:55:85:6e:
                    d2:00:91:d7:fd:43:5e:05:ce:94:48:a1:62:d6:1c:
                    11:b4:d8:d2:4e:f9:44:f6:3e:0b:70:2d:98:42:f8:
                    2f:d2:c6:1b:ed:36:16:e8:0a:e8:98:57:00:a1:39:
                    88:03:6d:0f:8b:61:7b:07:c8:68:1c:58:ed:8e:36:
                    50:02:0b:b3:1a:83:89:6a:f7:5b:f2:55:ca:29:90:
                    99:99:f0:9d:07:b6:69:75:78:11:cb:e3:8d:03:bd:
                    81:50:a7:18:a2:63:f7:3b:28:04:b3:ec:f5:ff:c1:
                    58:6f:06:0d:5a:51:b8:94:62:08:5e:ea:63:96:1b:
                    db:4b:aa:8e:76:19:76:1e:e5:ea:8d:7a:35:ff:56:
                    40:82:20:e1:2f:28:84:49:0f:8a:89:4b:99:cb:16:
                    61:02:ce:50:0c:5c:ef:88:3f:48:86:f5:0f:00:7e:
                    8f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:B3:AF:24:00:D4:E9:F1:42:F9:BA:7E:5A:90:10:9E:D8:37:DC:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2b741f6b-eb87-4aca-8805-7da1af501b10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         89:7b:7f:f2:1e:fb:a2:f3:77:a1:49:f2:0b:17:36:f3:ee:76:
         c2:14:8a:56:ac:c0:de:41:2b:76:27:5e:e5:d2:66:f7:6e:1b:
         84:b2:71:a9:2f:7e:ea:ca:c4:31:bb:79:22:ba:05:a9:eb:1c:
         59:cf:09:cd:8c:7d:c8:dc:57:91:bd:99:66:bd:e3:f2:2b:c1:
         ed:b7:d2:bd:eb:76:01:c5:88:1d:e6:5b:f0:87:0e:60:27:cc:
         73:57:d9:54:e2:83:a0:58:4f:f4:d8:dd:36:51:9c:aa:0e:8f:
         cb:db:70:0a:b3:90:8c:c6:d0:61:4b:4b:51:06:03:b9:82:7b:
         f7:9c:7c:7e:fc:22:d6:46:03:e8:42:6a:47:91:37:d7:63:bf:
         34:65:a3:a6:22:42:74:47:90:16:1f:3a:80:f3:80:31:1c:ec:
         de:06:93:e6:84:87:54:d8:aa:69:ac:1e:94:f4:02:50:2a:93:
         ec:48:69:26:12:15:2a:b8:dd:57:55:8d:71:86:42:b5:b1:8d:
         ae:06:01:c6:b1:4d:a7:0f:90:57:41:f2:49:80:06:1b:3d:98:
         b0:64:a0:73:75:ca:b0:0e:42:92:31:b9:52:94:df:5f:2b:24:
         08:3c:4e:cb:ba:e3:e3:b1:22:16:03:f5:65:a9:db:8e:ce:05:
         36:37:82:fe
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR8ChzsVzKOvnZ8Pq+V2Mee92wFkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjEzZTBkNzI0N2Y3MDcwNzE0NDRmNTA1Mjc4Nzg4NzQ0
MmFmZGU3NTk3YmU2ZGMzMWUyYmZlYTI3YjNiODlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCRd9N54YG2lOGVxbujUIcJzONMFFIzyXERwB8tVt4IfApa
Hy2r8d+usYR6fHS5lRg7a2rDwLEIfSfjYCU2fuSlEPQytxs4PPCWvws3Z3KOU88L
X/l1slWFbtIAkdf9Q14FzpRIoWLWHBG02NJO+UT2PgtwLZhC+C/SxhvtNhboCuiY
VwChOYgDbQ+LYXsHyGgcWO2ONlACC7Mag4lq91vyVcopkJmZ8J0Html1eBHL440D
vYFQpxiiY/c7KASz7PX/wVhvBg1aUbiUYghe6mOWG9tLqo52GXYe5eqNejX/VkCC
IOEvKIRJD4qJS5nLFmECzlAMXO+IP0iG9Q8Afo+ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQLOvJADU6fFC+bp+WpAQntg33JMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiNzQxZjZiLWViODctNGFjYS04ODA1LTdkYTFhZjUwMWIxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOkmLgwDQYJKoZIhvcNAQELBQADggEBAIl7f/Ie+6Lzd6FJ8gsXNvPudsIU
ilaswN5BK3YnXuXSZvduG4SycakvfurKxDG7eSK6BanrHFnPCc2MfcjcV5G9mWa9
4/Irwe230r3rdgHFiB3mW/CHDmAnzHNX2VTig6BYT/TY3TZRnKoOj8vbcAqzkIzG
0GFLS1EGA7mCe/ecfH78ItZGA+hCakeRN9djvzRlo6YiQnRHkBYfOoDzgDEc7N4G
k+aEh1TYqmmsHpT0AlAqk+xIaSYSFSq43VdVjXGGQrWxja4GAcaxTacPkFdB8kmA
Bhs9mLBkoHN1yrAOQpIxuVKU318rJAg8Tsu64+OxIhYD9WWp247OBTY3gv4=
-----END CERTIFICATE-----