Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8481e03b-b309-448e-8e80-3502664a2fc4.roa
File:                     8481e03b-b309-448e-8e80-3502664a2fc4.roa (raw, json)
Hash identifier:          mAOPmgRtkGZ8cwuAu568fylcA9VySGR+G3W8knzEnV0=
Subject key identifier:   04:A5:27:51:7D:70:8F:89:CE:97:64:EC:EA:6B:3C:00:A3:6E:CE:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       192410CDE68E0A822313E70CA530069E620A9495
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8481e03b-b309-448e-8e80-3502664a2fc4.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.25.67.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:24:10:cd:e6:8e:0a:82:23:13:e7:0c:a5:30:06:9e:62:0a:94:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=201d8e5e2506ca8d5a9d7dff37f88322923e967e0cd0f8afe3f86d22b236de88, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:21:10:40:22:78:6b:ae:24:f7:d8:09:14:57:
                    2f:94:31:ff:ae:a4:9b:96:a4:70:54:34:7b:f0:11:
                    ce:72:92:e1:72:6e:11:8d:66:ec:65:f4:3e:7a:a2:
                    d8:47:50:72:2d:a3:0d:50:15:b5:21:03:2e:83:78:
                    11:27:ef:6f:2b:69:41:47:31:44:d4:3b:bb:6f:af:
                    29:34:ce:94:9a:87:d1:cb:08:a2:2b:05:71:a4:3d:
                    9f:00:a5:d2:50:08:29:47:77:1f:aa:86:60:cb:25:
                    c3:11:c2:3a:21:39:22:26:cc:ca:d9:8d:3f:b1:8a:
                    07:25:f8:8d:12:e4:06:da:e8:f7:51:f6:24:47:80:
                    59:c8:e9:31:7a:b7:bb:01:b7:c4:00:ed:13:e0:57:
                    6c:a1:e7:78:07:69:28:e5:ed:8b:c3:6d:90:c5:b5:
                    ea:f9:b2:a0:40:aa:4f:4e:ed:29:8a:52:b4:6e:e5:
                    d4:7f:95:57:20:ab:b7:d8:84:12:40:0d:05:a1:d9:
                    c1:fd:b5:f1:85:ee:7a:85:14:67:3d:85:8e:a5:63:
                    17:e5:8a:78:81:de:71:fa:32:88:a9:d1:09:38:77:
                    16:5f:44:69:26:ee:c1:ed:38:e3:24:b7:a9:61:32:
                    fa:95:0e:ce:50:3b:8b:6b:29:17:73:1c:e1:23:9a:
                    4a:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:A5:27:51:7D:70:8F:89:CE:97:64:EC:EA:6B:3C:00:A3:6E:CE:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8481e03b-b309-448e-8e80-3502664a2fc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:58:8c:55:bf:cb:b1:7a:5d:47:b2:af:79:aa:f8:80:27:e7:
         84:87:7d:16:55:a3:49:d0:f8:da:1c:ce:14:87:e3:c0:6b:0a:
         23:16:b9:77:8c:f4:bf:aa:16:94:3c:6b:f5:9b:e9:4f:34:77:
         06:b5:2d:d9:9a:80:ef:82:f4:32:59:fe:5a:b4:bd:f5:b3:9e:
         a1:76:ac:75:98:38:7c:d1:6d:40:30:46:ae:f9:7c:e3:b2:c2:
         c6:93:90:6b:cf:c2:20:a0:16:0e:bf:f3:07:0e:6e:ed:e0:02:
         25:1e:ec:59:7c:ed:22:1b:2f:d9:81:60:38:23:bf:b8:9d:35:
         41:8e:0f:af:7d:00:f5:33:16:2d:83:65:43:e8:7a:03:5e:22:
         a0:81:8d:8f:e6:20:eb:62:32:25:1c:4e:d3:ca:f7:99:9a:69:
         35:ba:2a:d3:f5:43:40:c4:d0:fe:23:45:a6:2d:03:e9:b9:79:
         f4:85:8a:b9:2b:31:43:57:6b:e5:58:77:59:a9:72:c3:77:7b:
         4a:d3:6b:8c:38:0e:47:8a:6b:11:9a:bf:7f:4f:e5:d6:5a:b8:
         30:fa:9b:48:5a:fe:f3:8c:0a:11:97:a5:e7:34:e9:58:aa:87:
         c2:e1:f9:9c:8f:dc:b6:62:ef:fc:4f:b8:0c:be:c2:3f:c0:94:
         00:81:6f:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGSQQzeaOCoIjE+cMpTAGnmIKlJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMDFkOGU1ZTI1MDZjYThkNWE5ZDdkZmYzN2Y4ODMyMjky
M2U5NjdlMGNkMGY4YWZlM2Y4NmQyMmIyMzZkZTg4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYIRBAInhrriT32AkUVy+UMf+upJuWpHBUNHvwEc5ykuFy
bhGNZuxl9D56othHUHItow1QFbUhAy6DeBEn728raUFHMUTUO7tvryk0zpSah9HL
CKIrBXGkPZ8ApdJQCClHdx+qhmDLJcMRwjohOSImzMrZjT+xigcl+I0S5Aba6PdR
9iRHgFnI6TF6t7sBt8QA7RPgV2yh53gHaSjl7YvDbZDFter5sqBAqk9O7SmKUrRu
5dR/lVcgq7fYhBJADQWh2cH9tfGF7nqFFGc9hY6lYxfliniB3nH6Moip0Qk4dxZf
RGkm7sHtOOMkt6lhMvqVDs5QO4trKRdzHOEjmkphAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUBKUnUX1wj4nOl2Ts6ms8AKNuzh0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0ODFlMDNiLWIzMDktNDQ4ZS04ZTgwLTM1MDI2NjRhMmZjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUMwDQYJKoZIhvcNAQELBQADggEBAGhYjFW/y7F6XUeyr3mq+IAn54SH
fRZVo0nQ+NoczhSH48BrCiMWuXeM9L+qFpQ8a/Wb6U80dwa1LdmagO+C9DJZ/lq0
vfWznqF2rHWYOHzRbUAwRq75fOOywsaTkGvPwiCgFg6/8wcObu3gAiUe7Fl87SIb
L9mBYDgjv7idNUGOD699APUzFi2DZUPoegNeIqCBjY/mIOtiMiUcTtPK95maaTW6
KtP1Q0DE0P4jRaYtA+m5efSFirkrMUNXa+VYd1mpcsN3e0rTa4w4DkeKaxGav39P
5dZauDD6m0ha/vOMChGXpec06Viqh8Lh+ZyP3LZi7/xPuAy+wj/AlACBb00=
-----END CERTIFICATE-----