Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5956bb2a-8518-472e-bea8-f957550c1b7a.roa
File:                     5956bb2a-8518-472e-bea8-f957550c1b7a.roa (raw, json)
Hash identifier:          pe/ly1jHlfmW4FUiV+r7e/Ue7UvKc1r1Wl3raweNAUA=
Subject key identifier:   7A:83:9C:7B:71:B8:A2:1C:48:8A:6E:13:86:BE:58:CA:69:15:15:29
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       216B6E5AF7121EDE9AEDA770475A9F3FD376EB57
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5956bb2a-8518-472e-bea8-f957550c1b7a.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        170.26.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:6b:6e:5a:f7:12:1e:de:9a:ed:a7:70:47:5a:9f:3f:d3:76:eb:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=659ed045d6b9519cfede903b88cdb7fda950850f218110f793906bddd7aa7211, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1f:ec:23:7c:75:fd:c2:4b:19:dc:7f:f6:33:
                    48:3c:03:61:96:c6:12:7e:0c:00:5e:3f:6a:56:14:
                    a6:a7:4f:f1:24:6e:d5:7c:94:77:91:0e:8c:40:0f:
                    c0:bc:2d:96:5a:17:ef:e1:9b:dd:3f:87:05:93:ef:
                    47:34:7b:4a:d2:31:ea:75:49:fa:13:c7:22:d2:e0:
                    6e:6d:1f:57:99:97:85:3d:2a:4d:42:0b:38:9e:dd:
                    ee:29:ec:95:9c:8f:61:09:2d:a5:f9:5d:44:43:2d:
                    6a:48:67:d2:c7:2c:99:e9:cd:b9:d8:ce:3a:1a:3d:
                    f1:bc:56:4d:63:bc:a3:99:3e:fa:74:6e:55:fb:ba:
                    b6:9a:e8:1d:49:bf:3a:21:c8:64:e4:12:8c:e4:b3:
                    12:f4:26:0f:44:6c:5d:e0:de:c6:27:bb:09:ba:e4:
                    ff:b8:95:20:35:44:fc:f3:74:b2:b0:67:2f:28:39:
                    27:78:d8:60:ba:be:15:64:42:57:66:92:3a:f3:fe:
                    0d:cc:62:5b:c8:82:2e:e9:d2:88:db:b9:8c:48:25:
                    5d:30:02:e5:9c:77:58:e6:48:6c:13:73:48:08:12:
                    4d:89:0d:10:47:d1:fd:ed:42:d8:06:f1:01:03:e9:
                    e7:9c:8f:78:ae:8b:56:19:bb:fc:e5:86:14:73:a6:
                    30:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:83:9C:7B:71:B8:A2:1C:48:8A:6E:13:86:BE:58:CA:69:15:15:29
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5956bb2a-8518-472e-bea8-f957550c1b7a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.26.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2d:a7:cf:9e:47:3c:80:1f:3f:ad:75:fa:ec:65:d8:0d:76:a4:
         41:25:6a:34:b7:31:1e:11:c2:98:80:c4:2e:e1:7d:a6:4e:c9:
         50:94:e3:73:27:05:c0:7d:3a:ee:d7:03:ad:27:af:9a:1c:9a:
         86:6f:ff:a9:b3:ae:c4:4c:fc:cf:7b:41:87:63:d2:3e:ef:be:
         5d:e7:2e:b8:7e:9e:d1:d9:46:9b:b8:4a:28:6c:86:52:6e:04:
         35:d1:17:3f:d5:19:50:ed:7e:3e:de:c9:f5:71:2c:52:42:04:
         83:8e:99:19:63:af:28:b8:40:12:20:6c:56:4c:e2:57:f4:b4:
         b0:09:d7:f3:86:90:85:b0:f4:98:d1:59:3d:5a:01:16:95:11:
         34:57:6d:d4:c4:63:77:db:ac:78:13:6f:04:b6:78:1f:05:76:
         91:f1:7e:aa:97:86:e4:01:c6:10:0d:e0:34:76:64:15:27:6b:
         6d:8f:b5:ca:c4:2b:70:bf:a7:ba:55:b9:26:33:98:16:1f:58:
         60:e2:18:f3:a0:6e:e4:7d:3c:8f:d7:be:cd:b5:60:cb:6a:aa:
         02:1d:86:16:6d:c8:ac:7c:c1:11:25:cc:51:c9:8d:5e:84:01:
         6d:d8:d0:c7:94:c7:77:cd:ce:01:79:0a:7a:af:c6:f9:79:36:
         a4:71:11:24
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIWtuWvcSHt6a7adwR1qfP9N261cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NTllZDA0NWQ2Yjk1MTljZmVkZTkwM2I4OGNkYjdmZGE5
NTA4NTBmMjE4MTEwZjc5MzkwNmJkZGQ3YWE3MjExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnH+wjfHX9wksZ3H/2M0g8A2GWxhJ+DABeP2pWFKanT/Ek
btV8lHeRDoxAD8C8LZZaF+/hm90/hwWT70c0e0rSMep1SfoTxyLS4G5tH1eZl4U9
Kk1CCzie3e4p7JWcj2EJLaX5XURDLWpIZ9LHLJnpzbnYzjoaPfG8Vk1jvKOZPvp0
blX7uraa6B1JvzohyGTkEozksxL0Jg9EbF3g3sYnuwm65P+4lSA1RPzzdLKwZy8o
OSd42GC6vhVkQldmkjrz/g3MYlvIgi7p0ojbuYxIJV0wAuWcd1jmSGwTc0gIEk2J
DRBH0f3tQtgG8QED6eecj3iui1YZu/zlhhRzpjC3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeoOce3G4ohxIim4Thr5YymkVFSkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5NTZiYjJhLTg1MTgtNDcyZS1iZWE4LWY5NTc1NTBjMWI3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCqGjANBgkqhkiG9w0BAQsFAAOCAQEALafPnkc8gB8/rXX67GXYDXakQSVq
NLcxHhHCmIDELuF9pk7JUJTjcycFwH067tcDrSevmhyahm//qbOuxEz8z3tBh2PS
Pu++XecuuH6e0dlGm7hKKGyGUm4ENdEXP9UZUO1+Pt7J9XEsUkIEg46ZGWOvKLhA
EiBsVkziV/S0sAnX84aQhbD0mNFZPVoBFpURNFdt1MRjd9useBNvBLZ4HwV2kfF+
qpeG5AHGEA3gNHZkFSdrbY+1ysQrcL+nulW5JjOYFh9YYOIY86Bu5H08j9e+zbVg
y2qqAh2GFm3IrHzBESXMUcmNXoQBbdjQx5THd83OAXkKeq/G+Xk2pHERJA==
-----END CERTIFICATE-----