Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f899b78-f5df-41e8-ba2e-33227cfc9eaa.roa
File:                     3f899b78-f5df-41e8-ba2e-33227cfc9eaa.roa (raw, json)
Hash identifier:          7/CtYH7lNNDfEykCME9RUYiYIk+yBWHU9GVRqs8UUvw=
Subject key identifier:   41:DE:53:55:4C:3C:2B:52:D7:65:A4:0F:30:85:49:52:70:DC:4A:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3FF5B0CF9D1DB1ABE36C0B8F22C1F7DC8BF50680
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f899b78-f5df-41e8-ba2e-33227cfc9eaa.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.22.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:f5:b0:cf:9d:1d:b1:ab:e3:6c:0b:8f:22:c1:f7:dc:8b:f5:06:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d6:a8:72:01:3a:92:77:94:da:91:88:69:a6:
                    8f:ac:b4:bb:36:73:79:45:35:03:8b:e8:16:f2:55:
                    42:10:92:49:d1:67:5d:b9:b3:8a:87:88:03:fc:0c:
                    cd:54:fe:07:ce:9a:fe:47:12:64:95:54:76:02:57:
                    f0:29:0b:46:bd:ce:0a:a3:e7:68:5d:11:9b:4a:f8:
                    26:b9:22:d5:d4:d7:3c:c6:d7:e9:6b:89:dd:a2:34:
                    ef:36:9b:d7:a9:7b:ea:ba:c7:5d:7b:a1:b1:8f:bc:
                    af:e3:31:65:6b:63:42:15:ad:8f:22:e3:ff:e8:70:
                    e7:f0:0c:a2:bf:7d:34:b3:9b:0c:7e:91:4f:34:e9:
                    a4:69:8e:36:c4:69:87:75:e2:75:5b:88:b6:bd:ce:
                    76:7e:c5:a2:a5:87:35:5e:4d:ff:dc:af:ed:ca:b3:
                    a3:72:0c:83:c8:83:e8:61:1a:e8:79:8d:1d:40:18:
                    85:aa:12:69:48:f8:2e:e5:ae:b7:78:4b:9e:e0:54:
                    00:aa:4f:a7:84:05:13:e7:a9:17:90:34:30:3b:84:
                    1c:a4:a3:99:67:ff:88:ac:e4:89:26:f5:12:c1:63:
                    fe:74:7d:c5:01:89:8d:6e:64:5e:02:90:4f:2a:55:
                    fc:bb:33:15:22:34:2d:e8:b0:55:0c:66:00:c2:e8:
                    37:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:DE:53:55:4C:3C:2B:52:D7:65:A4:0F:30:85:49:52:70:DC:4A:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f899b78-f5df-41e8-ba2e-33227cfc9eaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:f4:95:28:f9:92:b0:2e:ce:05:9f:fd:22:42:e9:59:4a:66:
         98:58:5e:be:ff:f5:e9:30:0a:f7:ed:a9:c8:9a:d6:1b:8d:63:
         bf:74:83:49:45:cc:02:a6:71:96:3a:3f:fa:c8:2b:b1:15:e7:
         5e:39:4e:eb:b1:0d:c6:63:e7:66:c9:86:82:89:81:0c:06:2b:
         95:7c:3e:b2:ea:40:73:5a:5b:7a:d8:93:77:11:84:74:3f:f0:
         68:9e:36:02:43:8e:03:d6:71:ae:d7:98:23:3d:8f:24:13:20:
         b3:37:80:6f:1f:72:d0:a6:13:f0:d9:53:d3:a4:0c:14:56:d1:
         92:d0:5f:f9:7d:5c:48:53:ac:9f:74:7f:73:5c:69:c0:bd:e2:
         f8:1f:0b:07:d8:26:a9:dd:13:88:af:cb:6c:14:4f:1e:9f:cc:
         26:4c:d4:57:e4:24:4d:a2:9a:3f:a8:f1:67:02:ce:6c:6a:f8:
         14:4d:55:9e:72:68:18:6a:95:85:d3:d4:2f:22:21:e8:d2:3b:
         bb:db:37:3b:db:14:a2:27:96:60:f5:97:a3:b5:c3:71:b6:86:
         a0:eb:d5:c3:69:f2:1b:87:3e:56:a7:42:e5:6c:45:a0:87:d5:
         08:16:ca:38:af:94:bf:29:82:3f:75:ef:3a:cc:9f:5a:25:a2:
         35:b2:3e:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUP/Wwz50dsavjbAuPIsH33Iv1BoAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDQzYzdlZWQ0YmVlOGQwYTkzOTU2MmZhNjAzMWI1NjQw
NjRmODBjNTM4Zjk0NDg2YTBjZjg5MTliMjRlMzNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZ1qhyATqSd5TakYhppo+stLs2c3lFNQOL6BbyVUIQkknR
Z125s4qHiAP8DM1U/gfOmv5HEmSVVHYCV/ApC0a9zgqj52hdEZtK+Ca5ItXU1zzG
1+lrid2iNO82m9epe+q6x117obGPvK/jMWVrY0IVrY8i4//ocOfwDKK/fTSzmwx+
kU806aRpjjbEaYd14nVbiLa9znZ+xaKlhzVeTf/cr+3Ks6NyDIPIg+hhGuh5jR1A
GIWqEmlI+C7lrrd4S57gVACqT6eEBRPnqReQNDA7hByko5ln/4is5Ikm9RLBY/50
fcUBiY1uZF4CkE8qVfy7MxUiNC3osFUMZgDC6DchAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQd5TVUw8K1LXZaQPMIVJUnDcSqQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmODk5Yjc4LWY1ZGYtNDFlOC1iYTJlLTMzMjI3Y2ZjOWVhYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GRYwDQYJKoZIhvcNAQELBQADggEBAH70lSj5krAuzgWf/SJC6VlKZphY
Xr7/9ekwCvftqcia1huNY790g0lFzAKmcZY6P/rIK7EV5145TuuxDcZj52bJhoKJ
gQwGK5V8PrLqQHNaW3rYk3cRhHQ/8GieNgJDjgPWca7XmCM9jyQTILM3gG8fctCm
E/DZU9OkDBRW0ZLQX/l9XEhTrJ90f3NcacC94vgfCwfYJqndE4ivy2wUTx6fzCZM
1FfkJE2imj+o8WcCzmxq+BRNVZ5yaBhqlYXT1C8iIejSO7vbNzvbFKInlmD1l6O1
w3G2hqDr1cNp8huHPlanQuVsRaCH1QgWyjivlL8pgj917zrMn1olojWyPu4=
-----END CERTIFICATE-----