Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2cba4d40-8703-423e-a19b-23a47a42756c.roa
File:                     2cba4d40-8703-423e-a19b-23a47a42756c.roa (raw, json)
Hash identifier:          Pyl2wsZq3ZHJtc2Iwfv3C4ylwDAojKid3+R3NtOkYQ8=
Subject key identifier:   E3:F7:89:27:AC:51:92:F8:43:6E:10:11:F1:6E:B0:FC:B7:E6:66:11
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E6654D8906B860F8A78C7733B24619CDF4B7217
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2cba4d40-8703-423e-a19b-23a47a42756c.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.252.144.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:66:54:d8:90:6b:86:0f:8a:78:c7:73:3b:24:61:9c:df:4b:72:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=5c2c53f4b83bbdaa1d3a98f413e0b6d3106e191ff7de75f21186958a6b5c4034, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:00:81:e4:bd:60:e3:42:19:9c:ba:5d:ac:c1:
                    94:51:5c:f5:2a:94:49:eb:61:d4:27:9a:2d:08:4e:
                    7a:df:e5:bf:b4:b8:9a:03:f9:fb:3c:f1:2a:ff:02:
                    01:00:62:2a:31:9e:22:28:2b:4b:18:0e:1c:be:99:
                    11:c3:0a:69:b4:38:6a:91:d8:78:75:ea:10:6b:f1:
                    df:f5:96:00:f7:0f:24:97:0f:70:a0:46:4c:af:d0:
                    d5:57:ab:ad:e1:ef:26:53:3d:4c:70:ac:de:0b:41:
                    86:c5:21:4e:20:6f:5f:ef:2c:f3:85:05:6a:8a:23:
                    a4:53:45:06:9d:39:e6:99:f1:c8:fc:df:71:a5:d7:
                    43:66:b3:72:c0:e0:3d:9a:fe:34:33:8a:0e:80:fd:
                    c3:a4:a6:10:88:96:2d:33:f4:61:a5:f6:f9:7f:db:
                    24:b7:d2:a7:94:75:fa:d5:dd:61:c1:04:95:da:eb:
                    28:76:a0:05:57:ae:39:10:6e:2a:ae:72:d5:f8:e8:
                    b0:f1:11:6a:b7:d1:d7:a8:42:3c:95:1b:47:2c:bb:
                    6d:13:63:fd:b2:a7:e7:c9:08:ab:ec:da:4f:e7:27:
                    b6:55:a3:85:2d:a9:2c:98:cb:d2:36:c0:fb:53:ae:
                    b4:84:bc:03:c9:75:75:b2:ad:34:45:31:32:51:8c:
                    30:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:F7:89:27:AC:51:92:F8:43:6E:10:11:F1:6E:B0:FC:B7:E6:66:11
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2cba4d40-8703-423e-a19b-23a47a42756c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.252.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         65:10:cf:5d:3f:3b:60:02:b3:0e:b0:ad:97:d5:7e:df:fd:5e:
         ec:86:d3:a5:c9:82:ab:f3:46:66:55:0c:17:81:1f:b7:e6:43:
         91:b5:a9:91:c8:2d:02:13:1e:45:33:9a:d5:33:3e:0e:cc:10:
         52:22:40:88:73:64:29:65:f2:7e:d7:09:70:e3:98:8c:e9:b6:
         25:9a:b0:5d:e6:dc:a0:cc:6e:ec:2b:01:03:90:22:91:37:38:
         e4:7c:38:bb:03:8c:8e:56:93:d1:e1:bb:33:49:31:16:24:bc:
         92:6a:95:6b:92:76:ed:8f:37:1c:bd:53:37:0e:9f:c8:2f:3e:
         60:dd:6a:02:bd:d7:73:05:b7:5c:e1:7b:ad:9e:1e:e5:16:fb:
         ba:ed:c4:7c:b7:8c:cf:d2:b0:00:35:01:7d:22:31:89:6f:cf:
         5e:5a:8b:46:72:d0:a2:38:a8:da:fa:30:17:e2:95:c2:59:b5:
         9f:49:9e:18:16:c6:5e:c2:79:48:f1:d6:40:e4:98:c9:39:c4:
         f7:fe:6b:42:e0:12:69:62:cf:97:37:be:fd:c2:e7:0f:d9:a2:
         6d:e9:91:e7:c4:f2:ed:1f:e0:ec:d6:1c:66:60:ce:4d:95:cb:
         43:22:dc:fe:ba:0d:2a:cf:7d:e4:46:33:8a:c9:f8:ae:36:66:
         72:0a:5a:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbmZU2JBrhg+KeMdzOyRhnN9LchcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzJjNTNmNGI4M2JiZGFhMWQzYTk4ZjQxM2UwYjZkMzEw
NmUxOTFmZjdkZTc1ZjIxMTg2OTU4YTZiNWM0MDM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZAIHkvWDjQhmcul2swZRRXPUqlEnrYdQnmi0ITnrf5b+0
uJoD+fs88Sr/AgEAYioxniIoK0sYDhy+mRHDCmm0OGqR2Hh16hBr8d/1lgD3DySX
D3CgRkyv0NVXq63h7yZTPUxwrN4LQYbFIU4gb1/vLPOFBWqKI6RTRQadOeaZ8cj8
33Gl10Nms3LA4D2a/jQzig6A/cOkphCIli0z9GGl9vl/2yS30qeUdfrV3WHBBJXa
6yh2oAVXrjkQbiquctX46LDxEWq30deoQjyVG0csu20TY/2yp+fJCKvs2k/nJ7ZV
o4UtqSyYy9I2wPtTrrSEvAPJdXWyrTRFMTJRjDBHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4/eJJ6xRkvhDbhAR8W6w/LfmZhEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJjYmE0ZDQwLTg3MDMtNDIzZS1hMTliLTIzYTQ3YTQyNzU2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPY/JAwDQYJKoZIhvcNAQELBQADggEBAGUQz10/O2ACsw6wrZfVft/9XuyG
06XJgqvzRmZVDBeBH7fmQ5G1qZHILQITHkUzmtUzPg7MEFIiQIhzZCll8n7XCXDj
mIzptiWasF3m3KDMbuwrAQOQIpE3OOR8OLsDjI5Wk9HhuzNJMRYkvJJqlWuSdu2P
Nxy9UzcOn8gvPmDdagK913MFt1zhe62eHuUW+7rtxHy3jM/SsAA1AX0iMYlvz15a
i0Zy0KI4qNr6MBfilcJZtZ9JnhgWxl7CeUjx1kDkmMk5xPf+a0LgEmliz5c3vv3C
5w/Zom3pkefE8u0f4OzWHGZgzk2Vy0Mi3P66DSrPfeRGM4rJ+K42ZnIKWsQ=
-----END CERTIFICATE-----