Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/651c8176-5e7b-4744-9773-0220479206a9.roa
File:                     651c8176-5e7b-4744-9773-0220479206a9.roa (raw, json)
Hash identifier:          uxEs6NCdMrQEMzRCZDZmxCy7ig3wMH20+F9LsPtVmfc=
Subject key identifier:   CF:7E:DF:9B:71:26:49:47:AC:54:98:D6:26:6B:06:5F:2D:83:6C:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       257DAB2ACD2852FCDF574D38848EA7570A09272C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/651c8176-5e7b-4744-9773-0220479206a9.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        136.170.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:7d:ab:2a:cd:28:52:fc:df:57:4d:38:84:8e:a7:57:0a:09:27:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=85824955ed86db6570ba1be1b9f3810d062ddcd81a27845f91ec7214798e569b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:62:99:cc:4c:d5:20:29:48:a1:cf:77:ba:b8:
                    c7:c6:61:f8:ad:38:5f:75:c6:80:6d:b2:99:47:59:
                    d1:61:38:6a:23:0d:61:c7:ba:6b:6b:05:2b:e8:a9:
                    78:7a:da:9e:a0:2b:12:c9:1c:ff:e5:d4:c1:ca:11:
                    ae:e7:97:d4:74:e2:b2:4d:10:f6:ca:46:c4:71:f6:
                    bf:7e:28:ae:d3:2e:d5:db:81:38:da:a2:fb:c3:ce:
                    cf:14:e2:ae:db:89:49:7a:a8:07:0d:79:48:e1:18:
                    a0:ac:27:04:6d:9d:41:ae:83:7e:2e:61:76:79:9f:
                    f7:d9:d1:3d:12:42:62:76:9d:b0:cb:78:70:33:9a:
                    3f:af:f8:64:51:40:94:7b:d9:93:2f:e1:58:7c:c2:
                    02:2d:e6:87:b6:cd:04:04:90:89:8d:1a:eb:2e:72:
                    ec:d5:2e:4d:be:71:75:18:c8:cd:fb:29:fe:96:b2:
                    1c:93:87:e7:40:cd:0c:a3:ba:8d:ea:07:16:3b:e6:
                    4a:fe:87:e2:6b:ed:c5:c4:44:d9:96:56:1b:0f:97:
                    03:d5:98:d1:58:86:dd:7f:2d:77:96:95:32:ee:d5:
                    90:fd:8a:f5:44:f4:66:ec:bc:f4:61:5a:7d:d3:1c:
                    bd:89:ed:0b:54:48:1d:54:f2:d4:53:1a:76:29:78:
                    1c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7E:DF:9B:71:26:49:47:AC:54:98:D6:26:6B:06:5F:2D:83:6C:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/651c8176-5e7b-4744-9773-0220479206a9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.170.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:ed:19:e2:2a:a8:01:bb:a8:e3:14:1e:b0:43:95:74:8e:e1:
         5c:e9:b2:a3:ba:12:52:97:39:93:b0:67:9c:36:fe:d6:3c:13:
         dc:24:6a:51:49:47:55:08:cb:75:d9:07:c0:8d:93:d4:e1:38:
         13:34:3c:77:61:be:95:51:86:4f:d1:cc:53:4a:24:8e:40:37:
         1f:4b:68:92:89:54:36:83:f9:91:c4:e5:e3:dd:02:25:c7:da:
         1f:05:57:36:6f:dd:35:82:3d:4c:64:d4:28:dd:a1:64:e9:b4:
         a4:6e:1a:07:f5:f1:87:8b:19:32:da:5a:36:ec:d6:b2:78:c6:
         d2:37:3a:c5:23:70:79:c9:80:0a:0d:59:d5:1e:4d:d7:4e:27:
         dc:35:62:43:51:c6:e0:5a:86:36:25:40:94:43:63:b5:87:b7:
         1a:19:6a:4c:d6:1f:36:32:fd:9f:08:17:9b:e2:8e:6e:af:6c:
         a2:92:cc:f6:e6:4d:d3:4b:fc:f6:5c:56:e3:09:cc:3d:25:9f:
         d9:01:49:63:ac:85:8b:14:e5:b0:17:c4:28:4d:98:84:e5:2d:
         8f:20:fc:a1:0a:74:56:dd:d8:cb:2c:39:da:71:e5:b3:c3:b0:
         aa:cf:cc:5e:07:59:ee:2a:51:c8:98:2e:d5:15:1d:57:f7:74:
         9d:0c:7c:e7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJX2rKs0oUvzfV004hI6nVwoJJywwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTgyNDk1NWVkODZkYjY1NzBiYTFiZTFiOWYzODEwZDA2
MmRkY2Q4MWEyNzg0NWY5MWVjNzIxNDc5OGU1NjliMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+YpnMTNUgKUihz3e6uMfGYfitOF91xoBtsplHWdFhOGoj
DWHHumtrBSvoqXh62p6gKxLJHP/l1MHKEa7nl9R04rJNEPbKRsRx9r9+KK7TLtXb
gTjaovvDzs8U4q7biUl6qAcNeUjhGKCsJwRtnUGug34uYXZ5n/fZ0T0SQmJ2nbDL
eHAzmj+v+GRRQJR72ZMv4Vh8wgIt5oe2zQQEkImNGusucuzVLk2+cXUYyM37Kf6W
shyTh+dAzQyjuo3qBxY75kr+h+Jr7cXERNmWVhsPlwPVmNFYht1/LXeWlTLu1ZD9
ivVE9GbsvPRhWn3THL2J7QtUSB1U8tRTGnYpeBwpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUz37fm3EmSUesVJjWJmsGXy2DbMswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1MWM4MTc2LTVlN2ItNDc0NC05NzczLTAyMjA0NzkyMDZhOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCIqjANBgkqhkiG9w0BAQsFAAOCAQEAAu0Z4iqoAbuo4xQesEOVdI7hXOmy
o7oSUpc5k7BnnDb+1jwT3CRqUUlHVQjLddkHwI2T1OE4EzQ8d2G+lVGGT9HMU0ok
jkA3H0tokolUNoP5kcTl490CJcfaHwVXNm/dNYI9TGTUKN2hZOm0pG4aB/Xxh4sZ
MtpaNuzWsnjG0jc6xSNwecmACg1Z1R5N104n3DViQ1HG4FqGNiVAlENjtYe3Ghlq
TNYfNjL9nwgXm+KObq9sopLM9uZN00v89lxW4wnMPSWf2QFJY6yFixTlsBfEKE2Y
hOUtjyD8oQp0Vt3Yyyw52nHls8Owqs/MXgdZ7ipRyJgu1RUdV/d0nQx85w==
-----END CERTIFICATE-----