Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54ee71f6-090a-42a5-ae15-f50b6ed80833.roa
File:                     54ee71f6-090a-42a5-ae15-f50b6ed80833.roa (raw, json)
Hash identifier:          tmdQpcOJGgvphxhGKs8ecya2EpWKwMqpDfA877HHTQI=
Subject key identifier:   15:EF:1B:BB:F7:53:B6:39:2B:59:F2:76:9D:31:FF:86:1E:D5:93:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23FA539A99B2702FA16B1ADBCB9B12BA8AAD5AE2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54ee71f6-090a-42a5-ae15-f50b6ed80833.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.73.192.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:fa:53:9a:99:b2:70:2f:a1:6b:1a:db:cb:9b:12:ba:8a:ad:5a:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=4cf5a45434a7f0d4d28ebf969b176f8e19181677331094c4036a4c644065d19d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:74:5c:d6:df:61:7c:c4:67:22:7d:d3:30:40:
                    23:03:c6:ed:d1:c2:1c:22:da:95:56:64:bc:37:08:
                    31:b4:f7:c4:92:9c:79:7a:d8:32:4e:aa:bd:05:13:
                    13:56:2f:69:af:ec:e8:18:9b:1e:e2:92:08:14:47:
                    c0:6b:e6:45:f0:00:10:6e:34:d1:a2:0c:cc:e7:b6:
                    84:31:74:a4:09:a2:f3:8b:dc:40:4d:c9:41:e4:bf:
                    9a:de:7c:b2:ad:fd:08:66:06:cc:d9:3c:db:5f:8d:
                    8e:4b:49:0c:db:25:88:30:cc:6a:28:00:53:bc:e5:
                    f0:fa:45:e7:02:7a:fa:c1:fd:67:47:e9:20:ce:5e:
                    ba:0c:76:7c:a3:1b:4e:f1:99:fa:20:b5:c7:3c:11:
                    23:79:29:82:89:43:7b:db:6b:4a:8a:fd:fc:07:4f:
                    3c:2d:33:a1:88:6e:b3:6a:a8:63:62:8e:35:66:8d:
                    02:e4:a6:8f:94:68:f5:30:28:d3:3f:dc:4a:df:b3:
                    17:da:12:e3:7e:db:b7:9f:09:53:30:1c:6c:12:fa:
                    c8:c0:6a:66:d7:61:86:f3:16:4d:83:81:4e:f6:31:
                    7c:74:37:b5:e6:44:0d:74:c2:04:a3:c2:04:62:1e:
                    31:cc:41:4b:b5:5a:32:c0:43:26:21:09:5d:6e:f6:
                    af:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EF:1B:BB:F7:53:B6:39:2B:59:F2:76:9D:31:FF:86:1E:D5:93:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/54ee71f6-090a-42a5-ae15-f50b6ed80833.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.73.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         07:0c:bc:31:f7:82:6f:77:4f:8d:db:f5:f9:7b:28:6d:91:7b:
         9f:ae:75:f5:b9:8a:23:a5:11:61:59:30:48:6a:45:78:83:55:
         7d:19:0d:c2:ba:9c:f9:2f:a4:04:8f:ec:3b:b8:82:ea:e5:d3:
         9a:cd:7d:61:7f:56:f3:20:0d:05:81:e1:78:d5:38:1e:ba:c2:
         56:66:6a:51:3f:f0:47:5e:fb:a2:aa:2e:a2:81:b6:1f:48:4d:
         71:6f:e2:8e:b2:34:d6:61:32:f4:74:cb:a9:36:7a:dd:5d:79:
         a3:61:c5:c9:b7:ba:b7:c5:5b:0f:aa:76:76:b9:41:0d:48:15:
         05:47:4b:bf:68:45:d8:bb:e6:56:2c:d1:3b:fd:e1:f6:4a:3e:
         e1:a3:d9:70:10:23:7a:8f:6f:0d:d5:e5:45:04:26:4f:fc:c7:
         4f:dd:9a:5a:23:90:5d:49:f1:70:cf:ba:0f:4f:bb:03:b7:f6:
         e5:7a:55:79:f6:43:ce:01:7d:e3:ff:eb:4a:e4:fe:de:d9:a7:
         1e:5b:82:36:b1:7d:c8:d3:49:5f:68:75:1b:59:98:73:5e:c5:
         fc:71:dd:49:14:4e:78:c2:1e:69:37:c9:79:49:93:f8:20:2b:
         81:98:32:79:c5:12:27:53:f8:28:23:76:82:a3:e0:52:07:9f:
         72:bb:9b:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI/pTmpmycC+haxrby5sSuoqtWuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0Y2Y1YTQ1NDM0YTdmMGQ0ZDI4ZWJmOTY5YjE3NmY4ZTE5
MTgxNjc3MzMxMDk0YzQwMzZhNGM2NDQwNjVkMTlkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCidFzW32F8xGcifdMwQCMDxu3Rwhwi2pVWZLw3CDG098SS
nHl62DJOqr0FExNWL2mv7OgYmx7ikggUR8Br5kXwABBuNNGiDMzntoQxdKQJovOL
3EBNyUHkv5refLKt/QhmBszZPNtfjY5LSQzbJYgwzGooAFO85fD6RecCevrB/WdH
6SDOXroMdnyjG07xmfogtcc8ESN5KYKJQ3vba0qK/fwHTzwtM6GIbrNqqGNijjVm
jQLkpo+UaPUwKNM/3ErfsxfaEuN+27efCVMwHGwS+sjAambXYYbzFk2DgU72MXx0
N7XmRA10wgSjwgRiHjHMQUu1WjLAQyYhCV1u9q8JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFe8bu/dTtjkrWfJ2nTH/hh7Vkx0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0ZWU3MWY2LTA5MGEtNDJhNS1hZTE1LWY1MGI2ZWQ4MDgzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYScAwDQYJKoZIhvcNAQELBQADggEBAAcMvDH3gm93T43b9fl7KG2Re5+u
dfW5iiOlEWFZMEhqRXiDVX0ZDcK6nPkvpASP7Du4gurl05rNfWF/VvMgDQWB4XjV
OB66wlZmalE/8Ede+6KqLqKBth9ITXFv4o6yNNZhMvR0y6k2et1deaNhxcm3urfF
Ww+qdna5QQ1IFQVHS79oRdi75lYs0Tv94fZKPuGj2XAQI3qPbw3V5UUEJk/8x0/d
mlojkF1J8XDPug9PuwO39uV6VXn2Q84BfeP/60rk/t7Zpx5bgjaxfcjTSV9odRtZ
mHNexfxx3UkUTnjCHmk3yXlJk/ggK4GYMnnFEidT+CgjdoKj4FIHn3K7m/Y=
-----END CERTIFICATE-----