Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a55f31a8-cac6-4bfa-9d6b-042d8b23f33a.roa
File:                     a55f31a8-cac6-4bfa-9d6b-042d8b23f33a.roa (raw, json)
Hash identifier:          P8BeXRTRIFxkZWJDagglB+aYQdq4fyDtoS3cqUf8XC8=
Subject key identifier:   23:B0:3A:A9:51:12:23:1E:8A:B4:2F:AC:A4:3A:6F:9F:FF:57:2F:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       165A8E68FADC49EB1E9DD9466F99FD07081BE7E8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a55f31a8-cac6-4bfa-9d6b-042d8b23f33a.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        209.162.176.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:5a:8e:68:fa:dc:49:eb:1e:9d:d9:46:6f:99:fd:07:08:1b:e7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5b:2b:8c:9a:81:1a:10:1a:51:eb:06:1d:6c:
                    c7:2e:3f:27:55:23:5a:c7:f4:4f:46:0a:db:97:fd:
                    b1:78:c6:53:ad:c7:f8:08:7a:94:26:ff:7d:2b:17:
                    c6:88:5e:35:ee:07:02:a3:d6:84:57:29:e1:08:e3:
                    17:0a:ff:e4:63:30:6c:1c:32:1c:e2:8c:01:c4:82:
                    ce:d4:f7:47:77:24:0b:d9:1d:fd:99:be:42:66:5f:
                    f8:c7:2c:67:74:13:ff:76:1a:5e:25:46:4d:d3:15:
                    a8:1f:2f:db:03:a1:ad:2a:e5:ae:05:24:8a:9d:22:
                    ab:47:e8:e5:a5:e1:bc:32:15:87:7a:db:2f:a4:d0:
                    0b:58:c4:5e:2a:82:33:14:bc:01:66:ae:e0:99:1f:
                    ee:a0:e9:f2:b1:11:a9:8d:af:a2:28:f1:de:34:46:
                    a8:44:da:b0:d5:43:6a:04:60:55:11:a8:db:09:5c:
                    c9:85:88:b8:91:96:5b:5d:37:92:f0:43:fc:c6:7d:
                    4a:63:9a:dc:10:4b:e2:cb:e5:91:74:f6:bc:f1:9e:
                    90:09:c6:39:0b:71:e7:f1:68:26:ed:6a:c8:9e:f0:
                    be:69:d6:be:6b:bf:f3:11:0f:3a:07:b0:7d:2d:2d:
                    cb:72:e8:1a:bd:94:c9:07:83:5f:46:10:ef:74:6b:
                    8e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B0:3A:A9:51:12:23:1E:8A:B4:2F:AC:A4:3A:6F:9F:FF:57:2F:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a55f31a8-cac6-4bfa-9d6b-042d8b23f33a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.162.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0a:f7:0f:45:de:c5:f9:4e:76:c0:33:aa:09:d9:d8:d2:cd:37:
         8d:93:09:e6:88:0a:0b:99:9d:56:4f:a6:e9:0f:cf:66:88:7d:
         df:6c:75:f7:48:c2:6c:eb:5b:66:39:5a:58:82:05:46:7d:6a:
         72:b7:6a:a0:5c:69:51:f2:6a:4f:96:d0:0f:6b:16:52:cb:92:
         be:d5:7e:d0:b0:6d:7c:4b:ee:a3:54:28:0e:bb:5d:3a:23:05:
         bc:e5:f0:4b:a4:e7:5e:22:9c:46:a0:dc:da:5b:38:a1:04:09:
         84:bb:b1:a9:20:c6:bc:35:af:40:ed:70:db:07:3d:a4:57:50:
         be:78:f9:79:a9:e9:55:f4:86:ee:63:79:f8:f7:68:28:9c:5d:
         1d:a5:ef:56:31:54:68:1d:80:ff:d4:20:96:4c:fd:38:48:2b:
         85:a8:9b:37:4f:8f:19:d9:b0:78:da:7f:36:0b:26:05:91:4f:
         f4:31:e5:d0:0b:f2:02:8b:2e:97:d5:ea:ef:52:63:4d:ea:f1:
         d9:fe:85:95:4d:ec:ee:68:7d:1a:ca:2c:09:1d:35:fd:a8:ee:
         5d:33:fe:fe:d4:f0:38:3c:06:9a:7c:77:33:0a:75:76:0d:db:
         87:c8:9b:c5:b7:7d:13:6a:e0:d8:e4:1b:38:50:95:e7:e5:ad:
         a3:e6:5e:6b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFlqOaPrcSesendlGb5n9Bwgb5+gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjNhODMxYTdjNDE1MWI3ODQ2NzY5MmZjMzUyNDZkMTdh
ZDFiOWExOGM4MjA4NmFkODc5YTM5ODE5MWE5MGEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiWyuMmoEaEBpR6wYdbMcuPydVI1rH9E9GCtuX/bF4xlOt
x/gIepQm/30rF8aIXjXuBwKj1oRXKeEI4xcK/+RjMGwcMhzijAHEgs7U90d3JAvZ
Hf2ZvkJmX/jHLGd0E/92Gl4lRk3TFagfL9sDoa0q5a4FJIqdIqtH6OWl4bwyFYd6
2y+k0AtYxF4qgjMUvAFmruCZH+6g6fKxEamNr6Io8d40RqhE2rDVQ2oEYFURqNsJ
XMmFiLiRlltdN5LwQ/zGfUpjmtwQS+LL5ZF09rzxnpAJxjkLcefxaCbtasie8L5p
1r5rv/MRDzoHsH0tLcty6Bq9lMkHg19GEO90a459AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUI7A6qVESIx6KtC+spDpvn/9XL9cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E1NWYzMWE4LWNhYzYtNGJmYS05ZDZiLTA0MmQ4YjIzZjMzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATRorAwDQYJKoZIhvcNAQELBQADggEBAAr3D0XexflOdsAzqgnZ2NLNN42T
CeaICguZnVZPpukPz2aIfd9sdfdIwmzrW2Y5WliCBUZ9anK3aqBcaVHyak+W0A9r
FlLLkr7VftCwbXxL7qNUKA67XTojBbzl8Euk514inEag3NpbOKEECYS7sakgxrw1
r0DtcNsHPaRXUL54+Xmp6VX0hu5jefj3aCicXR2l71YxVGgdgP/UIJZM/ThIK4Wo
mzdPjxnZsHjafzYLJgWRT/Qx5dAL8gKLLpfV6u9SY03q8dn+hZVN7O5ofRrKLAkd
Nf2o7l0z/v7U8Dg8Bpp8dzMKdXYN24fIm8W3fRNq4NjkGzhQleflraPmXms=
-----END CERTIFICATE-----