Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/35a6a2c9-4d48-4973-97b1-ba232f5b0434.roa
File:                     35a6a2c9-4d48-4973-97b1-ba232f5b0434.roa (raw, json)
Hash identifier:          i77B5tXVt2f58qqX98iwOVMXQiha16xLxESgICr6ETY=
Subject key identifier:   EC:66:9E:86:35:E5:36:61:4C:81:80:D5:AB:08:1D:FD:D8:95:D1:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       25B18B6081131DF8C978CD9F7396511E39F4AC30
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/35a6a2c9-4d48-4973-97b1-ba232f5b0434.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        159.180.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:b1:8b:60:81:13:1d:f8:c9:78:cd:9f:73:96:51:1e:39:f4:ac:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:54:d2:d4:e5:96:99:91:60:94:50:f3:dc:1f:
                    e4:da:35:97:8f:24:1e:40:a5:52:28:de:70:e9:a1:
                    69:c8:65:ea:37:6d:f8:36:44:a9:d5:b5:9f:b7:35:
                    f4:86:f1:22:f4:40:32:fe:39:6b:50:c1:cc:e9:30:
                    d5:8b:9c:66:7b:21:6e:65:a7:d1:0d:57:25:5b:ae:
                    4a:47:0a:60:ef:9e:f4:ee:48:d4:5d:4e:3a:86:57:
                    91:df:cc:9c:81:be:31:b8:5d:dd:e4:40:97:f2:e9:
                    2b:69:60:5d:3c:44:ff:3a:a0:d2:c6:d9:fa:85:5e:
                    8d:67:3c:1d:37:94:1b:4b:62:a7:39:ad:d8:82:45:
                    17:e6:45:d3:e9:27:a0:73:66:a8:96:db:d7:ba:be:
                    99:12:23:a7:42:f4:9d:62:c9:dd:69:a2:f4:cd:ac:
                    ce:0c:9d:75:8d:3a:cc:ec:05:19:12:38:70:6f:3b:
                    58:47:7c:f3:6b:c4:3c:74:9c:06:26:dd:9e:63:43:
                    71:32:71:80:ce:41:3c:36:95:a2:8e:78:fe:70:94:
                    e1:ed:6e:bf:71:14:7f:cb:2f:88:34:7b:8d:01:34:
                    52:bd:d9:01:04:4d:03:bc:46:c4:4b:cb:6a:6a:79:
                    fb:4c:7b:c0:19:bd:4d:55:dc:f9:d9:2b:4a:d5:7a:
                    47:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:66:9E:86:35:E5:36:61:4C:81:80:D5:AB:08:1D:FD:D8:95:D1:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/35a6a2c9-4d48-4973-97b1-ba232f5b0434.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.180.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8f:9e:fe:dd:9b:44:3b:65:92:a6:28:6e:a3:86:b9:00:ca:8f:
         7c:37:4b:b5:a8:b3:5a:ec:ad:4f:5e:a8:6a:ce:6d:f3:72:ae:
         1a:47:70:3b:92:f2:0a:8a:f4:61:d4:78:21:4d:20:b3:d9:3f:
         d2:14:9d:28:9c:f6:ea:f1:c8:93:4d:2b:61:0b:d9:79:20:31:
         61:9b:8e:f1:9c:5e:6d:ee:9e:92:fc:63:5d:f1:a9:a8:ee:57:
         c3:de:f1:db:c2:d0:92:bc:68:97:3d:36:af:bc:6f:1d:c0:b1:
         fe:7f:c2:c5:cd:8b:31:63:d8:c1:21:29:b2:35:a9:73:95:50:
         3e:07:45:07:3f:6f:f7:d2:0c:f6:47:19:6e:af:49:04:18:1d:
         0d:78:59:a7:2b:9c:a3:59:02:25:f6:79:c4:80:b3:85:0d:6a:
         37:36:7c:d5:78:7f:03:b2:bc:4c:4a:3b:22:5d:89:e9:62:df:
         f9:1e:5f:a4:bc:5d:ec:0a:dd:8f:ce:6c:75:f1:7c:e1:13:82:
         0a:07:26:35:8b:e3:8f:a0:5f:21:b4:d3:27:5f:b0:78:84:00:
         b7:51:58:44:a8:7b:db:b3:f0:13:f5:a9:ad:46:62:59:a7:fc:
         8b:14:ae:d6:e9:f8:d3:da:61:7e:e4:54:f4:55:d5:56:f3:23:
         04:be:b2:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJbGLYIETHfjJeM2fc5ZRHjn0rDAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiOGE5OTE1NGY2OTBiYWI0N2FhYmVhZGI5NjRhMzM5NjY4
MzBjNzYzM2ZiMTU1NjQ0MjZjNTE4MWY2OWNiMGE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/VNLU5ZaZkWCUUPPcH+TaNZePJB5ApVIo3nDpoWnIZeo3
bfg2RKnVtZ+3NfSG8SL0QDL+OWtQwczpMNWLnGZ7IW5lp9ENVyVbrkpHCmDvnvTu
SNRdTjqGV5HfzJyBvjG4Xd3kQJfy6StpYF08RP86oNLG2fqFXo1nPB03lBtLYqc5
rdiCRRfmRdPpJ6BzZqiW29e6vpkSI6dC9J1iyd1povTNrM4MnXWNOszsBRkSOHBv
O1hHfPNrxDx0nAYm3Z5jQ3EycYDOQTw2laKOeP5wlOHtbr9xFH/LL4g0e40BNFK9
2QEETQO8RsRLy2pqeftMe8AZvU1V3PnZK0rVekeVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7GaehjXlNmFMgYDVqwgd/diV0cswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM1YTZhMmM5LTRkNDgtNDk3My05N2IxLWJhMjMyZjViMDQzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaftAAwDQYJKoZIhvcNAQELBQADggEBAI+e/t2bRDtlkqYobqOGuQDKj3w3
S7Wos1rsrU9eqGrObfNyrhpHcDuS8gqK9GHUeCFNILPZP9IUnSic9urxyJNNK2EL
2XkgMWGbjvGcXm3unpL8Y13xqajuV8Pe8dvC0JK8aJc9Nq+8bx3Asf5/wsXNizFj
2MEhKbI1qXOVUD4HRQc/b/fSDPZHGW6vSQQYHQ14WacrnKNZAiX2ecSAs4UNajc2
fNV4fwOyvExKOyJdieli3/keX6S8XewK3Y/ObHXxfOETggoHJjWL44+gXyG00ydf
sHiEALdRWESoe9uz8BP1qa1GYlmn/IsUrtbp+NPaYX7kVPRV1VbzIwS+sh8=
-----END CERTIFICATE-----