Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61e7ec6c-3e61-4335-9018-36b1a16bf091.roa
File:                     61e7ec6c-3e61-4335-9018-36b1a16bf091.roa (raw, json)
Hash identifier:          8SNHxsjgEgnc7RzBMj+syuPwxzT/4pHdUNl1Q/SYXI8=
Subject key identifier:   FE:59:44:BB:06:6E:4D:05:48:A8:C1:FF:2E:A8:C8:C0:4B:48:D9:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1504B659FF88C085936453848D2CA4DE25AC3021
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61e7ec6c-3e61-4335-9018-36b1a16bf091.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.34.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:04:b6:59:ff:88:c0:85:93:64:53:84:8d:2c:a4:de:25:ac:30:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:0d:08:4f:15:0e:db:f2:84:93:35:8b:94:68:
                    b5:05:59:4f:99:73:54:0f:6c:5e:74:b9:54:cc:c9:
                    fd:52:10:53:4a:f0:b6:8d:bf:d9:5b:74:79:ac:e7:
                    4b:4e:3f:45:ac:95:fa:27:5a:fe:6f:92:fd:42:65:
                    b6:d3:2a:81:7e:30:f2:24:b0:94:27:b5:d4:02:f9:
                    41:8b:fd:8f:b5:b6:bb:ac:c7:a2:21:72:bd:b6:5a:
                    38:24:14:4d:f7:31:fd:ac:31:d4:90:90:5c:37:16:
                    25:ed:cd:ce:77:2d:d0:d8:5c:4b:b4:4b:52:e1:95:
                    40:c1:fa:c8:e2:55:40:15:1d:18:23:9d:de:47:09:
                    31:e6:78:c2:a3:bd:20:72:16:69:f9:e2:cb:ad:73:
                    5a:a5:02:a6:f0:a6:f8:db:dd:95:fd:3d:d9:61:b2:
                    05:09:29:8a:35:df:9e:5d:65:fc:5a:60:25:16:3c:
                    a0:49:34:e3:c5:7a:be:87:50:99:e8:cb:cb:c9:d2:
                    f1:8b:0c:c5:cd:07:ed:b1:dc:da:6c:82:fe:d1:1a:
                    fb:67:05:12:f5:7e:8a:d8:a8:97:b9:3d:00:54:74:
                    82:03:f4:58:63:c7:ae:0d:90:96:58:bc:8f:3b:21:
                    09:3b:be:34:34:72:92:10:28:51:f9:48:cb:b2:bc:
                    8c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:59:44:BB:06:6E:4D:05:48:A8:C1:FF:2E:A8:C8:C0:4B:48:D9:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/61e7ec6c-3e61-4335-9018-36b1a16bf091.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:09:bc:02:16:ca:91:18:20:8d:fe:de:14:46:0b:92:6c:ed:
         8a:66:d0:62:47:1a:27:17:88:76:11:9d:bc:a9:f9:f5:e0:27:
         d8:41:80:f8:86:37:bb:de:03:be:33:e6:0e:27:53:31:8a:bf:
         ad:c2:bf:9c:06:2e:4a:aa:8c:86:ba:19:96:a5:6d:75:25:f0:
         fc:9c:f4:f4:5c:2b:84:2d:53:8f:a3:0c:f0:d7:13:47:8c:9e:
         65:e3:ef:22:9f:80:c7:00:74:97:aa:3d:d7:7b:f5:88:cc:a0:
         ff:5e:6c:c4:17:af:95:c1:e9:67:bc:68:8b:81:8e:0b:f6:df:
         96:56:2d:b9:ee:ad:94:9e:08:b9:e4:ab:d5:91:cc:f2:22:9e:
         49:d2:53:ee:81:2e:14:d7:82:c7:6f:9d:09:80:74:a3:da:7c:
         75:93:e1:73:f4:62:10:80:e8:a1:5b:18:b8:c8:08:b3:32:e5:
         dc:c8:aa:0d:99:7e:31:3e:5e:b3:9b:43:0f:b5:88:fa:4f:50:
         0d:1e:20:40:f9:3c:3f:72:b1:a7:a9:0a:e7:48:01:c2:8f:29:
         98:ec:c2:aa:87:0d:30:7d:d6:8e:eb:3c:91:67:17:57:59:38:
         bf:d9:58:c5:ad:60:f8:89:2b:8a:91:25:1c:44:3d:6b:3b:5c:
         3a:63:b2:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFQS2Wf+IwIWTZFOEjSyk3iWsMCEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTQ1MTBmMGZlMzE4ZjFiOTQwZDEzMTI3MTdhNjA2M2Iy
NmFiNmJhNDAyZWEzODczMmM0YWY5ZTgxYjc2MGJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhDQhPFQ7b8oSTNYuUaLUFWU+Zc1QPbF50uVTMyf1SEFNK
8LaNv9lbdHms50tOP0WslfonWv5vkv1CZbbTKoF+MPIksJQntdQC+UGL/Y+1trus
x6Ihcr22WjgkFE33Mf2sMdSQkFw3FiXtzc53LdDYXEu0S1LhlUDB+sjiVUAVHRgj
nd5HCTHmeMKjvSByFmn54sutc1qlAqbwpvjb3ZX9PdlhsgUJKYo1355dZfxaYCUW
PKBJNOPFer6HUJnoy8vJ0vGLDMXNB+2x3Npsgv7RGvtnBRL1forYqJe5PQBUdIID
9Fhjx64NkJZYvI87IQk7vjQ0cpIQKFH5SMuyvIxNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/llEuwZuTQVIqMH/LqjIwEtI2bwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxZTdlYzZjLTNlNjEtNDMzNS05MDE4LTM2YjFhMTZiZjA5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACIEiIwDQYJKoZIhvcNAQELBQADggEBADoJvAIWypEYII3+3hRGC5Js7Ypm
0GJHGicXiHYRnbyp+fXgJ9hBgPiGN7veA74z5g4nUzGKv63Cv5wGLkqqjIa6GZal
bXUl8Pyc9PRcK4QtU4+jDPDXE0eMnmXj7yKfgMcAdJeqPdd79YjMoP9ebMQXr5XB
6We8aIuBjgv235ZWLbnurZSeCLnkq9WRzPIinknSU+6BLhTXgsdvnQmAdKPafHWT
4XP0YhCA6KFbGLjICLMy5dzIqg2ZfjE+XrObQw+1iPpPUA0eIED5PD9ysaepCudI
AcKPKZjswqqHDTB91o7rPJFnF1dZOL/ZWMWtYPiJK4qRJRxEPWs7XDpjsuU=
-----END CERTIFICATE-----