Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68768397-2333-4e77-8555-885f02f7ef7b.roa
File:                     68768397-2333-4e77-8555-885f02f7ef7b.roa (raw, json)
Hash identifier:          eBtLKpbQPKzVSkRXOudcSREFp5q/TXi+xwSb6IAoK7k=
Subject key identifier:   56:28:A4:F3:C5:E7:91:BA:D8:4C:03:3B:A7:11:04:9A:85:36:76:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3823F871DC284C3B1B107B25D3747D99A47394DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68768397-2333-4e77-8555-885f02f7ef7b.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.57.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:23:f8:71:dc:28:4c:3b:1b:10:7b:25:d3:74:7d:99:a4:73:94:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=5705548365899adbcb57ea6ae41bf072b4855b262e47f7b29be06b2897168759, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:04:03:10:aa:42:69:a9:a5:4e:90:96:a2:3e:
                    93:bf:69:39:d4:c8:61:ba:98:22:03:36:e6:74:36:
                    99:44:e8:72:d2:da:f0:40:25:4d:77:81:8e:5b:bd:
                    cc:85:e3:af:d8:da:d2:15:f1:49:1f:66:0b:15:3d:
                    9e:80:55:a5:29:66:5d:27:19:41:00:96:99:31:48:
                    11:45:60:53:4f:27:1a:0f:c7:e4:63:6a:e7:cd:9b:
                    c4:53:6e:06:3a:7e:41:83:b1:ff:19:be:a7:f6:e8:
                    fc:3b:a6:fe:44:9d:1d:49:d5:77:28:b6:89:16:6a:
                    76:e8:6e:50:56:f0:87:7e:9a:21:46:fd:64:85:d4:
                    41:9d:6c:6c:1c:e6:ae:40:c5:68:fa:de:9d:35:7b:
                    b5:be:34:bf:24:e4:25:35:ae:2c:72:69:d8:43:b2:
                    77:d6:53:45:df:44:0c:49:2c:c8:30:28:1f:88:01:
                    67:75:1c:b4:5a:d6:0d:d3:29:61:9f:b7:76:d2:56:
                    73:73:a9:09:af:4e:1c:c8:e1:41:43:b0:28:8d:c1:
                    c6:e5:e3:78:ec:02:a3:e6:54:72:aa:ae:29:28:c0:
                    61:cd:f8:bc:19:55:65:eb:8a:6b:0d:9b:a8:0d:d0:
                    cd:27:62:14:d3:6c:d6:47:ac:f9:bb:7f:b9:fd:85:
                    eb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:28:A4:F3:C5:E7:91:BA:D8:4C:03:3B:A7:11:04:9A:85:36:76:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68768397-2333-4e77-8555-885f02f7ef7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.57.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         69:09:8b:90:7e:3e:77:b6:a8:44:37:1e:f3:e9:38:2b:86:b3:
         12:87:29:b8:f8:f4:20:4d:72:b9:e1:33:d5:73:95:5f:7e:17:
         69:d5:cc:de:f3:fd:10:a4:94:da:f5:94:de:c3:56:d4:af:fb:
         65:54:a4:2b:3f:af:93:c3:27:46:03:8a:9f:a2:75:1b:90:eb:
         52:c8:18:19:f0:7b:cf:9b:32:94:45:fa:13:c9:22:1c:52:42:
         32:aa:0f:c9:31:c1:63:02:1c:26:e5:6c:5c:5b:65:0b:e0:4d:
         1b:69:df:05:c2:14:a7:50:bf:6b:bf:3e:fe:ac:13:11:20:78:
         8c:b4:b1:96:0a:de:53:b0:16:c9:81:07:d0:da:54:97:50:a5:
         be:2c:a3:4b:5a:7b:04:49:e1:3b:d2:65:74:13:15:19:dd:cc:
         78:5a:b1:cb:c3:14:42:51:26:2b:24:d2:06:e5:b0:a9:b9:b4:
         31:99:f5:c9:b1:62:58:cf:53:33:13:d3:c9:d1:75:64:1d:98:
         85:c3:8a:69:01:ea:12:0c:fb:ab:ce:09:5a:a6:70:49:62:3b:
         2b:ab:82:8f:0b:06:df:84:61:4f:6c:f6:63:8e:9f:53:7c:81:
         4e:39:1f:3a:c6:33:43:a6:d9:e6:82:dd:db:36:c1:7e:1e:d2:
         3d:74:63:c7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOCP4cdwoTDsbEHsl03R9maRzlNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzA1NTQ4MzY1ODk5YWRiY2I1N2VhNmFlNDFiZjA3MmI0
ODU1YjI2MmU0N2Y3YjI5YmUwNmIyODk3MTY4NzU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTBAMQqkJpqaVOkJaiPpO/aTnUyGG6mCIDNuZ0NplE6HLS
2vBAJU13gY5bvcyF46/Y2tIV8UkfZgsVPZ6AVaUpZl0nGUEAlpkxSBFFYFNPJxoP
x+RjaufNm8RTbgY6fkGDsf8Zvqf26Pw7pv5EnR1J1XcotokWanboblBW8Id+miFG
/WSF1EGdbGwc5q5AxWj63p01e7W+NL8k5CU1rixyadhDsnfWU0XfRAxJLMgwKB+I
AWd1HLRa1g3TKWGft3bSVnNzqQmvThzI4UFDsCiNwcbl43jsAqPmVHKqrikowGHN
+LwZVWXrimsNm6gN0M0nYhTTbNZHrPm7f7n9hes5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUViik88XnkbrYTAM7pxEEmoU2diYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4NzY4Mzk3LTIzMzMtNGU3Ny04NTU1LTg4NWYwMmY3ZWY3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbYOQAwDQYJKoZIhvcNAQELBQADggEBAGkJi5B+Pne2qEQ3HvPpOCuGsxKH
Kbj49CBNcrnhM9VzlV9+F2nVzN7z/RCklNr1lN7DVtSv+2VUpCs/r5PDJ0YDip+i
dRuQ61LIGBnwe8+bMpRF+hPJIhxSQjKqD8kxwWMCHCblbFxbZQvgTRtp3wXCFKdQ
v2u/Pv6sExEgeIy0sZYK3lOwFsmBB9DaVJdQpb4so0taewRJ4TvSZXQTFRndzHha
scvDFEJRJisk0gblsKm5tDGZ9cmxYljPUzMT08nRdWQdmIXDimkB6hIM+6vOCVqm
cEliOyurgo8LBt+EYU9s9mOOn1N8gU45HzrGM0Om2eaC3ds2wX4e0j10Y8c=
-----END CERTIFICATE-----