Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f35f1da-fd74-4c88-9f0b-f8a8fd1b6313.roa
File:                     3f35f1da-fd74-4c88-9f0b-f8a8fd1b6313.roa (raw, json)
Hash identifier:          k9dydJvClyQSPkukFO8tiH+A1qGcck+RvqgMoMRGoXQ=
Subject key identifier:   E3:9E:A4:FF:5E:11:BF:2B:E3:52:C2:CD:4B:E9:14:74:ED:6C:36:8A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       04B67EA052EA4EFDB6DA337F3A58B79AABFB17A8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f35f1da-fd74-4c88-9f0b-f8a8fd1b6313.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        207.36.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:b6:7e:a0:52:ea:4e:fd:b6:da:33:7f:3a:58:b7:9a:ab:fb:17:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:44:bf:25:f3:ec:c1:b5:6f:30:47:25:66:d8:
                    85:c3:70:de:3d:55:af:b1:80:26:24:34:13:6e:51:
                    58:d6:9c:9a:74:c2:7a:52:37:d3:d6:40:f6:89:1c:
                    23:6a:92:7a:80:b8:57:34:f1:ba:dc:e0:ce:db:d9:
                    18:10:06:f3:92:b2:06:d2:66:63:db:d3:ea:9f:62:
                    74:8d:f4:c1:d6:1d:cb:e8:f6:e2:8d:fb:0a:84:70:
                    87:ac:62:84:5c:60:ab:d3:8b:5b:13:b6:9d:7c:d8:
                    2a:9e:ce:83:bd:58:5a:56:27:4c:73:4f:5a:7a:7b:
                    6e:5a:08:61:85:54:35:87:2c:09:fc:89:a3:1a:1a:
                    4c:0b:63:70:11:cd:34:cb:ef:6b:28:63:cf:db:c2:
                    1c:8c:28:7a:4e:4b:d3:07:0d:be:c5:bd:77:aa:16:
                    cd:1b:47:5f:0e:7a:0a:7a:f0:f7:65:0a:4f:45:af:
                    34:4a:60:67:27:c0:18:2c:87:6d:07:53:03:54:34:
                    5d:3a:6e:8e:ae:90:d4:9b:a3:b7:db:da:5e:d2:8e:
                    1d:00:46:20:6c:ef:62:60:69:56:27:d7:9f:10:2d:
                    67:05:09:cc:f4:50:b0:cf:1b:be:2d:64:ee:43:5e:
                    7f:37:34:a9:54:5f:fa:f2:49:f7:f3:83:fd:16:3b:
                    12:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:9E:A4:FF:5E:11:BF:2B:E3:52:C2:CD:4B:E9:14:74:ED:6C:36:8A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f35f1da-fd74-4c88-9f0b-f8a8fd1b6313.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.36.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         06:af:5c:85:79:d5:9d:4f:56:d2:11:0a:74:d1:70:30:f8:af:
         a3:e2:e2:db:8c:77:48:4f:ce:7a:76:c2:db:34:cd:f8:dc:19:
         73:40:29:85:f9:6e:a2:d7:14:4c:90:64:b1:49:43:b7:1e:79:
         e0:66:2b:71:47:0d:87:58:96:ff:2a:23:45:77:10:92:80:4c:
         b4:26:c1:e2:f1:3c:44:11:93:4d:cf:43:a5:80:94:5f:5d:05:
         f2:f3:2c:b3:08:63:f1:53:ef:c2:32:6c:4b:bc:ff:8a:cb:a2:
         b1:ea:28:26:c3:4b:94:66:98:e5:33:bc:8d:de:8d:19:fd:02:
         ab:59:51:6b:6d:ec:89:d4:3e:be:3e:11:78:2d:1a:8f:a6:39:
         5d:7e:9e:00:04:32:e1:0e:32:81:a5:08:0b:61:ab:9a:24:42:
         cd:1b:f2:fb:3a:85:15:05:8a:bd:87:a7:fc:46:64:3e:62:f2:
         1d:14:67:b2:b9:03:ce:94:a4:1c:87:55:84:fb:f8:71:40:8b:
         7e:dc:de:49:02:0a:9e:20:a1:66:bd:62:2d:1a:f1:76:f3:97:
         df:81:15:10:04:22:6a:b7:a4:2b:bf:d4:e9:0d:e4:f3:2b:e5:
         cc:2e:08:e7:5f:2d:05:92:03:c4:e2:86:f8:80:7e:ab:39:8a:
         2e:95:9f:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBLZ+oFLqTv222jN/Oli3mqv7F6gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTFjNTg3M2M1MTA3ZWUyMzFlY2VmZDZiNTRjOWI2ZDUx
M2I3YjU2MGQwNTU2YmM2ZGJlNjQ4NWFlZDE0Mjg1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDxRL8l8+zBtW8wRyVm2IXDcN49Va+xgCYkNBNuUVjWnJp0
wnpSN9PWQPaJHCNqknqAuFc08brc4M7b2RgQBvOSsgbSZmPb0+qfYnSN9MHWHcvo
9uKN+wqEcIesYoRcYKvTi1sTtp182CqezoO9WFpWJ0xzT1p6e25aCGGFVDWHLAn8
iaMaGkwLY3ARzTTL72soY8/bwhyMKHpOS9MHDb7FvXeqFs0bR18Oegp68PdlCk9F
rzRKYGcnwBgsh20HUwNUNF06bo6ukNSbo7fb2l7Sjh0ARiBs72JgaVYn158QLWcF
Ccz0ULDPG74tZO5DXn83NKlUX/rySffzg/0WOxJFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU456k/14RvyvjUsLNS+kUdO1sNoowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmMzVmMWRhLWZkNzQtNGM4OC05ZjBiLWY4YThmZDFiNjMxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDPJDANBgkqhkiG9w0BAQsFAAOCAQEABq9chXnVnU9W0hEKdNFwMPivo+Li
24x3SE/OenbC2zTN+NwZc0AphfluotcUTJBksUlDtx554GYrcUcNh1iW/yojRXcQ
koBMtCbB4vE8RBGTTc9DpYCUX10F8vMsswhj8VPvwjJsS7z/isuiseooJsNLlGaY
5TO8jd6NGf0Cq1lRa23sidQ+vj4ReC0aj6Y5XX6eAAQy4Q4ygaUIC2GrmiRCzRvy
+zqFFQWKvYen/EZkPmLyHRRnsrkDzpSkHIdVhPv4cUCLftzeSQIKniChZr1iLRrx
dvOX34EVEAQiarekK7/U6Q3k8yvlzC4I518tBZIDxOKG+IB+qzmKLpWfQQ==
-----END CERTIFICATE-----