Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6c7f24f8-8073-4d85-a1b2-ddb2396e3fff.roa
File:                     6c7f24f8-8073-4d85-a1b2-ddb2396e3fff.roa (raw, json)
Hash identifier:          3Nn5Q5gJn/d+C5yVoZL9s3llv+OKC87EJGB0nvMkPus=
Subject key identifier:   CD:14:5C:3C:E7:C1:2A:85:C5:3F:B0:19:07:3A:5A:AC:98:A9:8C:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39B7674501586083AFF58926391FD4686239C963
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6c7f24f8-8073-4d85-a1b2-ddb2396e3fff.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        194.21.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:b7:67:45:01:58:60:83:af:f5:89:26:39:1f:d4:68:62:39:c9:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6d:31:98:9b:8c:3b:81:03:99:8c:f8:73:e3:
                    69:c9:0d:9b:02:37:16:62:2e:28:e6:35:b7:97:66:
                    dd:bd:e0:52:4f:6f:75:92:c5:69:4d:bc:b2:ad:3b:
                    ef:3c:4a:8f:a4:9c:d3:c1:b9:40:81:41:a1:aa:f4:
                    43:98:44:50:5d:d3:c7:48:eb:95:cb:70:fd:c5:bb:
                    17:23:04:38:17:35:59:cd:ef:70:08:84:c8:53:82:
                    d7:2e:75:4e:b0:a2:8d:b8:8e:69:4d:4d:5d:5b:93:
                    3c:59:54:c7:56:a6:67:02:9b:33:b3:3d:87:3c:27:
                    34:a3:f7:d4:28:ba:b4:86:eb:27:f2:68:c4:87:22:
                    5f:5e:7e:69:de:6a:68:3f:5c:8e:47:05:eb:34:66:
                    4f:b1:7b:f4:ec:fb:f5:95:e3:5b:e8:10:cf:88:93:
                    f7:8f:36:f5:91:7e:0b:22:28:6f:24:0f:96:8c:5d:
                    ad:8e:bc:8e:ec:19:ea:dc:5d:72:43:8a:b9:4b:e6:
                    c3:46:e7:7b:e6:30:08:e7:33:b0:96:82:59:e0:30:
                    03:87:1e:ee:60:1c:1a:66:f3:2e:a3:28:9d:39:dc:
                    39:08:7e:bc:b3:1f:2e:5c:ee:ed:33:f3:6b:7d:f1:
                    82:0a:49:2c:e7:7d:31:7d:f8:f8:82:82:bf:33:2e:
                    e5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:14:5C:3C:E7:C1:2A:85:C5:3F:B0:19:07:3A:5A:AC:98:A9:8C:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6c7f24f8-8073-4d85-a1b2-ddb2396e3fff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.21.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         00:4f:9c:9d:c5:ab:25:ed:96:59:9c:cd:24:65:db:a5:3b:11:
         e8:35:21:6f:13:96:2d:68:e3:8a:64:26:f9:93:9f:ea:5d:1e:
         24:4b:d1:c8:6a:bd:fd:8a:7d:27:31:45:38:2b:49:86:b1:95:
         ec:9a:b2:59:0e:51:57:a4:98:fc:d7:0e:c9:a2:a0:0c:ab:35:
         59:8e:23:77:43:da:56:07:9f:9e:a8:1e:ff:2e:47:2c:0a:f8:
         5a:65:8c:98:1c:86:97:f5:89:8e:6d:a2:d6:4f:ed:5c:ab:30:
         59:63:0c:02:28:2e:94:b9:73:7c:c8:c0:06:1c:41:df:4b:1d:
         d4:e5:ec:a1:59:2c:08:d7:c9:22:02:39:4c:24:39:3c:06:0c:
         43:38:55:77:4e:3e:02:48:3e:c5:31:e6:c4:5f:36:32:bb:4a:
         07:7b:9b:c5:e0:30:1e:9e:18:c6:a3:39:68:d8:6d:e9:bb:42:
         da:3a:c1:e2:85:e7:34:3a:ed:f3:46:a9:2c:a1:6d:85:38:da:
         0c:35:2f:1c:0c:04:56:4b:e6:66:96:a7:04:e2:d0:4c:05:eb:
         fa:f7:d0:88:33:48:c6:2f:42:d2:82:94:38:e3:84:09:77:c0:
         75:3f:1e:fa:1e:23:bf:fc:2f:e8:f0:15:db:79:4b:ec:34:ad:
         79:72:6f:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUObdnRQFYYIOv9YkmOR/UaGI5yWMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0YTJmMTM1YjQwNzA0ODE1N2Q2ZjU0Yzg2MGU5NjIzYjQw
NjM4OTRkM2YwN2IwMjY1Yjg1NjQyNDYwYjNjMmUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChbTGYm4w7gQOZjPhz42nJDZsCNxZiLijmNbeXZt294FJP
b3WSxWlNvLKtO+88So+knNPBuUCBQaGq9EOYRFBd08dI65XLcP3FuxcjBDgXNVnN
73AIhMhTgtcudU6woo24jmlNTV1bkzxZVMdWpmcCmzOzPYc8JzSj99QourSG6yfy
aMSHIl9efmneamg/XI5HBes0Zk+xe/Ts+/WV41voEM+Ik/ePNvWRfgsiKG8kD5aM
Xa2OvI7sGercXXJDirlL5sNG53vmMAjnM7CWglngMAOHHu5gHBpm8y6jKJ053DkI
fryzHy5c7u0z82t98YIKSSznfTF9+PiCgr8zLuV5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzRRcPOfBKoXFP7AZBzparJipjCswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZjN2YyNGY4LTgwNzMtNGQ4NS1hMWIyLWRkYjIzOTZlM2ZmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbCFUAwDQYJKoZIhvcNAQELBQADggEBAABPnJ3FqyXtllmczSRl26U7Eeg1
IW8Tli1o44pkJvmTn+pdHiRL0chqvf2KfScxRTgrSYaxleyaslkOUVekmPzXDsmi
oAyrNVmOI3dD2lYHn56oHv8uRywK+FpljJgchpf1iY5totZP7VyrMFljDAIoLpS5
c3zIwAYcQd9LHdTl7KFZLAjXySICOUwkOTwGDEM4VXdOPgJIPsUx5sRfNjK7Sgd7
m8XgMB6eGMajOWjYbem7Qto6weKF5zQ67fNGqSyhbYU42gw1LxwMBFZL5maWpwTi
0EwF6/r30IgzSMYvQtKClDjjhAl3wHU/HvoeI7/8L+jwFdt5S+w0rXlyb5o=
-----END CERTIFICATE-----