Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98590b17-a8cd-4234-9825-c08b25b1cc5d.roa
File:                     98590b17-a8cd-4234-9825-c08b25b1cc5d.roa (raw, json)
Hash identifier:          R+S3B61J/vSGLLvpPN6U6oaMg2yb9R5WygD4ahXmIYs=
Subject key identifier:   5D:27:DC:DB:C3:96:07:A7:8A:34:3A:04:81:B9:3D:33:3E:38:1D:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10AAA3C696A9E3F441CECDB0F3D8E2492CCAAF25
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98590b17-a8cd-4234-9825-c08b25b1cc5d.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        66.178.192.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:aa:a3:c6:96:a9:e3:f4:41:ce:cd:b0:f3:d8:e2:49:2c:ca:af:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=e24b401d887ff014b24378cbd49acbfbf82157fd7ecfb5d96c6e4ddb2db33f27, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a9:ba:07:00:b5:65:2a:56:8a:a6:7d:4a:3f:
                    8d:24:8a:09:b6:6b:56:b5:24:f7:c1:86:19:a1:df:
                    b7:82:d0:9b:41:34:0a:e0:92:0a:77:7f:0d:bf:91:
                    cc:0d:d0:cc:7c:2f:6d:d0:5e:21:c6:07:0f:c7:e8:
                    30:3d:54:00:f4:00:87:eb:a6:e3:b3:45:a9:d2:27:
                    2b:0a:a7:d5:97:c8:08:48:f1:09:23:3a:21:7f:6e:
                    0a:58:25:47:4f:9d:ed:a3:b0:96:af:78:ce:f3:a8:
                    77:c9:dc:e3:6b:6c:81:de:93:0f:09:03:a7:b3:0d:
                    6c:77:98:19:27:0d:7b:3d:8e:15:80:d0:30:52:eb:
                    4c:3d:db:33:fb:55:72:0c:93:d9:2f:5a:9e:7d:56:
                    3d:a6:eb:61:54:84:ed:55:78:c4:30:67:fc:ee:95:
                    fd:20:47:cf:f1:97:9b:c3:b3:68:ff:e0:51:6a:34:
                    0d:4e:20:d7:5b:b1:df:ea:55:ad:0f:62:69:57:9c:
                    d2:4c:22:ec:7c:1f:5e:ac:22:14:3c:25:55:4f:09:
                    b9:6f:84:54:1f:c8:a2:dc:8c:27:17:8f:32:7f:82:
                    4b:af:3f:d2:2b:51:2b:14:d6:64:c6:fd:68:1f:4c:
                    e5:e2:04:32:1e:9a:ab:dd:d7:e7:78:bc:01:6c:b2:
                    b6:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:27:DC:DB:C3:96:07:A7:8A:34:3A:04:81:B9:3D:33:3E:38:1D:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98590b17-a8cd-4234-9825-c08b25b1cc5d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.178.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d4:52:e9:25:6e:61:90:85:3e:a2:9e:ea:f4:8c:a3:91:ed:4a:
         94:30:c6:04:f4:84:ba:78:ab:5a:d8:f5:f7:9d:3a:28:46:f4:
         12:b7:18:aa:68:26:22:a2:ca:4c:46:f2:74:91:39:59:fe:d7:
         c1:c0:f4:15:c8:75:74:ea:b1:a5:66:3f:49:54:aa:c4:ea:b4:
         49:72:fb:8a:57:36:30:1c:6b:75:5b:44:fc:66:3c:8d:0a:07:
         be:e3:fb:95:78:95:05:d5:02:a8:f7:0c:ca:8f:3d:0f:29:06:
         c3:71:01:45:59:2b:db:fd:b0:91:71:b8:24:a3:4b:15:67:24:
         f6:f8:7c:07:52:d9:6a:e1:34:c1:02:dc:3c:d4:eb:e3:33:7b:
         40:2e:40:1b:a7:bd:d2:5f:21:78:33:ff:3c:18:a9:0c:6c:c0:
         55:8a:6c:ad:ef:c4:f2:84:35:07:76:8b:d8:0c:cd:cf:cc:f0:
         91:ba:f9:23:80:20:30:fc:6b:da:b9:e7:b1:8a:2e:35:95:f3:
         5d:b5:fd:a9:23:29:f3:17:fa:33:37:64:40:cd:c1:8a:41:68:
         06:6b:b6:d5:30:7d:20:78:13:a8:76:9b:38:f5:01:05:9f:39:
         52:c2:6e:a6:02:44:d4:a3:13:a9:75:59:23:76:03:b9:da:91:
         6a:4b:ee:d4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEKqjxpap4/RBzs2w89jiSSzKryUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMjRiNDAxZDg4N2ZmMDE0YjI0Mzc4Y2JkNDlhY2JmYmY4
MjE1N2ZkN2VjZmI1ZDk2YzZlNGRkYjJkYjMzZjI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwqboHALVlKlaKpn1KP40kigm2a1a1JPfBhhmh37eC0JtB
NArgkgp3fw2/kcwN0Mx8L23QXiHGBw/H6DA9VAD0AIfrpuOzRanSJysKp9WXyAhI
8QkjOiF/bgpYJUdPne2jsJaveM7zqHfJ3ONrbIHekw8JA6ezDWx3mBknDXs9jhWA
0DBS60w92zP7VXIMk9kvWp59Vj2m62FUhO1VeMQwZ/zulf0gR8/xl5vDs2j/4FFq
NA1OINdbsd/qVa0PYmlXnNJMIux8H16sIhQ8JVVPCblvhFQfyKLcjCcXjzJ/gkuv
P9IrUSsU1mTG/WgfTOXiBDIemqvd1+d4vAFssrY1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXSfc28OWB6eKNDoEgbk9Mz44HU8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4NTkwYjE3LWE4Y2QtNDIzNC05ODI1LWMwOGIyNWIxY2M1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZCssAwDQYJKoZIhvcNAQELBQADggEBANRS6SVuYZCFPqKe6vSMo5HtSpQw
xgT0hLp4q1rY9fedOihG9BK3GKpoJiKiykxG8nSROVn+18HA9BXIdXTqsaVmP0lU
qsTqtEly+4pXNjAca3VbRPxmPI0KB77j+5V4lQXVAqj3DMqPPQ8pBsNxAUVZK9v9
sJFxuCSjSxVnJPb4fAdS2WrhNMEC3DzU6+Mze0AuQBunvdJfIXgz/zwYqQxswFWK
bK3vxPKENQd2i9gMzc/M8JG6+SOAIDD8a9q557GKLjWV8121/akjKfMX+jM3ZEDN
wYpBaAZrttUwfSB4E6h2mzj1AQWfOVLCbqYCRNSjE6l1WSN2A7nakWpL7tQ=
-----END CERTIFICATE-----