Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54adac5c-2673-41e4-b4a9-09e8a660066d.roa
File:                     54adac5c-2673-41e4-b4a9-09e8a660066d.roa (raw, json)
Hash identifier:          oFM0OGWAm8gkoUzQp31mxnhf25SvwwWnBfkmf/dv46g=
Subject key identifier:   80:64:21:CC:EB:97:DB:E3:AA:5F:B2:87:7A:9B:AF:CC:B1:B4:43:99
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1FD9DA756FACFB047A86C32C9BD7D6D5F0974CF8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54adac5c-2673-41e4-b4a9-09e8a660066d.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        173.83.192.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:d9:da:75:6f:ac:fb:04:7a:86:c3:2c:9b:d7:d6:d5:f0:97:4c:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=559dad75fbf9bfdfdd935c72ff3018d5ceed1966b6327baf9cfa4f473d2263a6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:dc:9e:71:50:59:0b:62:28:f7:ce:41:64:29:
                    97:82:b9:a5:6b:88:d7:35:90:b3:e7:10:66:36:0e:
                    96:3b:0e:2f:d6:b0:4a:9e:23:0e:33:65:0d:ec:33:
                    cc:a4:55:38:24:9f:7d:9e:a4:cf:64:1b:f5:4e:b2:
                    02:42:2f:e8:43:ca:cf:b1:b4:5a:2f:b6:45:e7:9e:
                    42:31:13:b2:6b:55:cd:cd:1e:88:80:12:29:48:40:
                    ca:64:7c:f5:d5:a0:73:65:33:96:9f:2a:0f:bf:11:
                    5b:3e:d3:da:73:7b:61:a6:f4:10:c9:f0:8a:54:df:
                    08:d0:cf:dc:f6:71:a3:e6:70:15:fd:2c:0f:a6:be:
                    87:21:0f:27:cc:9f:77:5a:46:5a:7e:1f:b9:f1:27:
                    76:90:b2:4a:30:24:38:bb:5f:ce:fc:97:af:b0:a6:
                    fc:3a:cd:80:9d:89:eb:42:62:5c:44:d6:8b:55:0c:
                    25:47:8d:01:60:8d:d2:79:af:fd:72:14:4f:a2:00:
                    cd:b1:8c:aa:20:4e:36:22:3c:78:ee:63:44:e1:ff:
                    74:6f:7e:b7:80:64:1e:48:d9:50:73:18:81:64:13:
                    a8:29:91:87:5c:e7:f0:8a:d3:e2:cd:15:f5:7f:91:
                    ed:15:28:2c:d8:f4:87:36:a0:e4:8b:7a:d2:8d:8c:
                    7c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:64:21:CC:EB:97:DB:E3:AA:5F:B2:87:7A:9B:AF:CC:B1:B4:43:99
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54adac5c-2673-41e4-b4a9-09e8a660066d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.83.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:0a:e1:4d:b2:8e:a7:83:b1:b0:7e:de:bc:b0:53:82:86:0a:
         63:d7:58:10:5e:24:77:7a:de:18:31:2e:4f:d9:9c:78:b5:7c:
         3b:77:0d:3a:69:33:bb:53:e5:ff:dd:7a:00:7c:4f:6f:2a:43:
         05:9e:00:70:0c:c3:0a:df:17:6d:a0:7e:ff:e5:1d:13:e5:a8:
         45:bd:bf:41:19:a5:39:4b:9f:0e:22:06:a6:35:eb:bf:0a:62:
         9b:00:a4:bb:de:d7:00:42:d8:74:56:0a:1e:7a:31:31:4d:e6:
         2f:c8:e4:b4:c2:f5:06:7d:cb:f6:3a:5f:5a:2c:87:3c:54:e6:
         b7:67:2f:4a:5a:29:89:bc:fd:7e:88:17:3d:51:22:29:83:a2:
         92:81:72:0e:97:4c:b6:98:1c:19:62:06:62:f0:a4:8d:29:e1:
         80:ef:17:a8:c9:16:60:29:1d:2b:46:90:7a:bd:b7:be:41:f7:
         d1:4f:f3:d2:78:25:be:ce:79:5a:f2:7e:2a:f9:1f:4f:96:e8:
         56:15:72:fc:63:79:6f:a8:0b:af:49:dc:54:04:4f:97:9f:66:
         97:37:bb:de:7e:e4:54:17:32:ed:28:9b:a3:18:7e:2a:68:4f:
         19:d5:7c:cc:fc:46:26:53:a6:87:d5:76:37:11:6c:2b:3d:9b:
         9d:16:4d:37
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH9nadW+s+wR6hsMsm9fW1fCXTPgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTlkYWQ3NWZiZjliZmRmZGQ5MzVjNzJmZjMwMThkNWNl
ZWQxOTY2YjYzMjdiYWY5Y2ZhNGY0NzNkMjI2M2E2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCL3J5xUFkLYij3zkFkKZeCuaVriNc1kLPnEGY2DpY7Di/W
sEqeIw4zZQ3sM8ykVTgkn32epM9kG/VOsgJCL+hDys+xtFovtkXnnkIxE7JrVc3N
HoiAEilIQMpkfPXVoHNlM5afKg+/EVs+09pze2Gm9BDJ8IpU3wjQz9z2caPmcBX9
LA+mvochDyfMn3daRlp+H7nxJ3aQskowJDi7X878l6+wpvw6zYCdietCYlxE1otV
DCVHjQFgjdJ5r/1yFE+iAM2xjKogTjYiPHjuY0Th/3RvfreAZB5I2VBzGIFkE6gp
kYdc5/CK0+LNFfV/ke0VKCzY9Ic2oOSLetKNjHzVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgGQhzOuX2+OqX7KHepuvzLG0Q5kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0YWRhYzVjLTI2NzMtNDFlNC1iNGE5LTA5ZThhNjYwMDY2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKtU8AwDQYJKoZIhvcNAQELBQADggEBAAsK4U2yjqeDsbB+3rywU4KGCmPX
WBBeJHd63hgxLk/ZnHi1fDt3DTppM7tT5f/degB8T28qQwWeAHAMwwrfF22gfv/l
HRPlqEW9v0EZpTlLnw4iBqY1678KYpsApLve1wBC2HRWCh56MTFN5i/I5LTC9QZ9
y/Y6X1oshzxU5rdnL0paKYm8/X6IFz1RIimDopKBcg6XTLaYHBliBmLwpI0p4YDv
F6jJFmApHStGkHq9t75B99FP89J4Jb7OeVryfir5H0+W6FYVcvxjeW+oC69J3FQE
T5efZpc3u95+5FQXMu0om6MYfipoTxnVfMz8RiZTpofVdjcRbCs9m50WTTc=
-----END CERTIFICATE-----