Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3146c297-5a69-40ae-acae-9fcafdb5c368.roa
File:                     3146c297-5a69-40ae-acae-9fcafdb5c368.roa (raw, json)
Hash identifier:          cDVbQoc/6/IPCtXsXJbplRVe4bNLmjt6mzgwMoFUM7I=
Subject key identifier:   AE:D1:53:7F:7B:15:C1:E5:3D:3D:C3:5F:01:FF:AE:27:F6:B3:BE:21
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7FE72AB2F80931C8E4DDE39D04D8D8AC9E7817C2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3146c297-5a69-40ae-acae-9fcafdb5c368.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        216.182.224.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:e7:2a:b2:f8:09:31:c8:e4:dd:e3:9d:04:d8:d8:ac:9e:78:17:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:83:a0:4a:72:4c:bc:fa:3c:73:4a:5e:7a:36:
                    9d:2f:c7:7f:75:5b:26:5f:e7:96:20:80:1a:45:dd:
                    09:76:42:ca:b8:1f:c9:80:9e:dd:09:87:e5:97:b3:
                    0b:47:b9:3b:c8:08:8f:07:83:b9:4e:88:b6:96:d2:
                    16:dc:73:d3:f5:7f:64:40:73:c0:d5:0e:0f:70:c1:
                    08:85:bd:d6:7d:57:75:4a:95:cc:a9:04:e2:70:a9:
                    bf:4f:64:df:ad:3e:9f:5a:e6:b2:10:83:d0:2c:6a:
                    3d:99:f7:ea:b4:7c:bd:f7:76:65:f2:2d:71:41:26:
                    11:94:54:0b:30:07:96:47:f2:4f:16:d4:a5:21:e1:
                    72:2d:b1:1b:8a:9c:1b:41:82:40:69:4f:75:5e:ad:
                    57:f5:4e:39:8d:5b:72:bc:83:25:f2:f3:4e:72:60:
                    04:1f:24:78:fe:79:82:d4:d0:1c:b9:a2:07:38:28:
                    e3:ac:03:c8:c1:2b:39:32:b3:19:4b:64:fc:10:90:
                    7f:24:2a:31:51:c2:4f:21:16:5a:da:a5:6b:5b:95:
                    86:4c:ae:fa:a5:d6:33:ed:38:c0:4d:64:fc:c9:50:
                    91:08:82:d1:5d:c3:c5:04:ee:76:6d:ac:f2:5c:0d:
                    9e:84:01:98:aa:17:68:4e:74:fd:d7:8a:cf:e6:36:
                    0f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:D1:53:7F:7B:15:C1:E5:3D:3D:C3:5F:01:FF:AE:27:F6:B3:BE:21
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3146c297-5a69-40ae-acae-9fcafdb5c368.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8e:5b:f2:77:84:92:c3:1d:8d:25:25:cf:cc:a3:25:b0:ce:72:
         ea:ab:77:df:9a:10:7c:56:e6:03:cd:35:30:9f:1f:5c:3c:7d:
         68:ea:fd:d8:96:a1:84:ac:37:34:e8:8e:da:fa:67:e2:62:11:
         d2:1a:2e:a0:9d:04:22:c2:ef:ce:1e:28:95:84:22:44:df:53:
         62:9e:82:7b:e1:41:24:80:26:1d:5a:98:28:84:5e:0c:db:12:
         60:da:10:f5:2f:ad:df:69:2d:52:01:7c:4c:4a:e2:5b:0d:a4:
         f3:03:0a:83:3e:5f:8d:36:35:30:82:da:b2:06:59:46:43:f6:
         3e:19:7f:a0:f1:f4:b9:61:c9:3d:80:b2:29:7a:2d:4b:2a:04:
         e8:d3:b1:3b:32:c8:52:fe:2b:29:a2:04:bc:1c:5b:be:90:65:
         c3:8b:55:a2:82:96:dc:74:7d:dd:c5:ff:b7:25:9b:7d:b6:82:
         3d:53:3e:d3:b5:2a:f1:5f:d3:43:b6:2a:af:2d:3e:b3:07:be:
         f3:60:80:2c:00:cf:33:3f:21:ad:bf:bf:f5:55:fa:68:b5:b5:
         9d:4d:a0:59:0c:fb:40:8d:2a:34:52:66:75:28:46:3f:2e:df:
         dd:18:7e:49:09:0e:9c:23:fa:07:18:bc:96:7e:7c:b0:82:24:
         68:47:e7:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf+cqsvgJMcjk3eOdBNjYrJ54F8IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzNhOGNjNTdiZTZlOTMyZjdkM2EzNjFlNWUxNjRhOTgw
OTI4MTlkOWVjYjJkODYyYjliZjRhOTBkMGI4YzIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCng6BKcky8+jxzSl56Np0vx391WyZf55YggBpF3Ql2Qsq4
H8mAnt0Jh+WXswtHuTvICI8Hg7lOiLaW0hbcc9P1f2RAc8DVDg9wwQiFvdZ9V3VK
lcypBOJwqb9PZN+tPp9a5rIQg9Asaj2Z9+q0fL33dmXyLXFBJhGUVAswB5ZH8k8W
1KUh4XItsRuKnBtBgkBpT3VerVf1TjmNW3K8gyXy805yYAQfJHj+eYLU0By5ogc4
KOOsA8jBKzkysxlLZPwQkH8kKjFRwk8hFlrapWtblYZMrvql1jPtOMBNZPzJUJEI
gtFdw8UE7nZtrPJcDZ6EAZiqF2hOdP3Xis/mNg+PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrtFTf3sVweU9PcNfAf+uJ/azviEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxNDZjMjk3LTVhNjktNDBhZS1hY2FlLTlmY2FmZGI1YzM2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYtuAwDQYJKoZIhvcNAQELBQADggEBAI5b8neEksMdjSUlz8yjJbDOcuqr
d9+aEHxW5gPNNTCfH1w8fWjq/diWoYSsNzTojtr6Z+JiEdIaLqCdBCLC784eKJWE
IkTfU2KegnvhQSSAJh1amCiEXgzbEmDaEPUvrd9pLVIBfExK4lsNpPMDCoM+X402
NTCC2rIGWUZD9j4Zf6Dx9LlhyT2Asil6LUsqBOjTsTsyyFL+KymiBLwcW76QZcOL
VaKCltx0fd3F/7clm322gj1TPtO1KvFf00O2Kq8tPrMHvvNggCwAzzM/Ia2/v/VV
+mi1tZ1NoFkM+0CNKjRSZnUoRj8u390YfkkJDpwj+gcYvJZ+fLCCJGhH5+Q=
-----END CERTIFICATE-----