Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82173adf-2c16-477a-ae7d-732161d6f2e1.roa
File:                     82173adf-2c16-477a-ae7d-732161d6f2e1.roa (raw, json)
Hash identifier:          AlqTvTNtnu1qquHA3k2igBl0UCcMeY/1AzSqJ2OMDKM=
Subject key identifier:   C1:18:2D:56:E1:CC:EE:A2:C6:B2:F7:3D:14:DB:D0:C6:21:DA:91:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       747072610634E5004C29218CC5B9F83089D45B9F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82173adf-2c16-477a-ae7d-732161d6f2e1.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        104.216.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:70:72:61:06:34:e5:00:4c:29:21:8c:c5:b9:f8:30:89:d4:5b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=5f366218fe44582cbe1549e3340473d5ce677aa9a91b812293f1159ef8ae1c37, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:90:dc:bb:4c:93:36:fe:60:02:fd:76:04:ac:
                    fb:6f:fa:39:c9:28:32:79:a8:53:fa:5a:09:5c:9d:
                    b3:52:eb:98:71:2d:80:a9:c2:9c:6a:6d:31:2d:26:
                    a2:c4:93:a4:3e:c1:ba:ba:ee:bc:c9:87:13:4d:0a:
                    a4:be:7b:87:89:52:3c:a0:9f:cd:a9:f2:7f:f0:6b:
                    c4:8c:34:92:40:a4:bf:75:e3:3c:23:38:9a:ed:61:
                    34:c1:ea:f4:13:25:31:af:f6:22:42:e6:bc:be:50:
                    fd:bf:79:6c:78:6b:6b:cf:87:65:b2:4f:8c:fe:a7:
                    19:54:e5:b6:ee:05:1d:bb:76:8e:b6:25:de:4b:0a:
                    8a:0c:94:b7:54:03:1c:29:e9:51:36:fc:ef:29:b5:
                    16:23:4c:7d:46:77:c7:3e:92:76:bc:c1:2a:44:36:
                    29:f8:0e:d6:cd:97:ca:1d:50:df:03:75:ad:eb:3c:
                    ef:5d:f5:55:d1:ff:d0:17:31:d2:5c:72:d1:1c:df:
                    7f:5b:1e:8a:64:f1:b8:8f:c2:e9:38:8f:eb:71:e0:
                    0e:bc:d0:e1:6f:47:c2:a8:f6:6b:9f:1c:31:db:00:
                    af:48:8b:ad:a3:c4:7f:de:66:8f:2c:1c:84:d0:2f:
                    18:95:3a:09:3e:fa:b3:21:e2:f1:90:c1:9f:5e:ec:
                    be:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:18:2D:56:E1:CC:EE:A2:C6:B2:F7:3D:14:DB:D0:C6:21:DA:91:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82173adf-2c16-477a-ae7d-732161d6f2e1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.216.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         8b:f9:62:19:c2:f0:4e:4e:2d:64:4d:85:11:9b:47:a6:90:95:
         1d:65:c6:6e:9d:8c:e6:e5:97:25:ec:22:5d:39:c2:f6:b5:16:
         e8:cd:96:0f:a4:84:62:80:9c:e8:88:92:c8:2f:f6:9a:c7:93:
         b6:05:43:08:5e:c1:f6:3a:d8:0e:fe:d8:ea:1e:9d:29:18:d8:
         c3:d1:f4:f9:64:3a:05:2e:d9:1d:75:1e:3b:67:18:af:0f:a0:
         99:6b:8b:32:a1:64:18:98:f8:2d:ff:4b:71:6c:51:38:a5:33:
         a7:1a:e5:07:38:b9:8d:af:a9:c1:bf:b8:32:96:35:13:0f:b4:
         b3:da:e0:be:84:c5:48:11:08:43:4f:49:db:57:ec:28:1c:07:
         c7:2f:b3:f1:c6:32:73:d9:e3:3f:e1:e3:7f:2e:d2:c9:81:27:
         98:3e:3b:bf:9d:cf:9b:a4:26:af:c2:bf:ba:c8:3e:b2:48:7e:
         c9:23:ec:da:8c:68:5f:d9:fc:cf:2c:f2:ae:03:ec:ac:18:f7:
         87:0c:86:63:e6:65:6f:30:b8:c5:0d:88:1c:2a:c6:74:b1:3a:
         4a:60:a6:d6:fc:85:53:cc:23:84:75:e1:ae:48:9a:ca:c5:9f:
         f0:23:ff:22:fb:25:7c:ac:55:8a:06:bd:eb:25:fe:8b:ea:ce:
         50:38:2d:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdHByYQY05QBMKSGMxbn4MInUW58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZjM2NjIxOGZlNDQ1ODJjYmUxNTQ5ZTMzNDA0NzNkNWNl
Njc3YWE5YTkxYjgxMjI5M2YxMTU5ZWY4YWUxYzM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGkNy7TJM2/mAC/XYErPtv+jnJKDJ5qFP6WglcnbNS65hx
LYCpwpxqbTEtJqLEk6Q+wbq67rzJhxNNCqS+e4eJUjygn82p8n/wa8SMNJJApL91
4zwjOJrtYTTB6vQTJTGv9iJC5ry+UP2/eWx4a2vPh2WyT4z+pxlU5bbuBR27do62
Jd5LCooMlLdUAxwp6VE2/O8ptRYjTH1Gd8c+kna8wSpENin4DtbNl8odUN8Dda3r
PO9d9VXR/9AXMdJcctEc339bHopk8biPwuk4j+tx4A680OFvR8Ko9mufHDHbAK9I
i62jxH/eZo8sHITQLxiVOgk++rMh4vGQwZ9e7L45AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwRgtVuHM7qLGsvc9FNvQxiHakZcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyMTczYWRmLTJjMTYtNDc3YS1hZTdkLTczMjE2MWQ2ZjJlMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFo2DANBgkqhkiG9w0BAQsFAAOCAQEAi/liGcLwTk4tZE2FEZtHppCVHWXG
bp2M5uWXJewiXTnC9rUW6M2WD6SEYoCc6IiSyC/2mseTtgVDCF7B9jrYDv7Y6h6d
KRjYw9H0+WQ6BS7ZHXUeO2cYrw+gmWuLMqFkGJj4Lf9LcWxROKUzpxrlBzi5ja+p
wb+4MpY1Ew+0s9rgvoTFSBEIQ09J21fsKBwHxy+z8cYyc9njP+Hjfy7SyYEnmD47
v53Pm6Qmr8K/usg+skh+ySPs2oxoX9n8zyzyrgPsrBj3hwyGY+ZlbzC4xQ2IHCrG
dLE6SmCm1vyFU8wjhHXhrkiaysWf8CP/IvslfKxViga96yX+i+rOUDgtxA==
-----END CERTIFICATE-----