Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aff023de-5241-4418-87b7-5fe7796df0bd.roa
File:                     aff023de-5241-4418-87b7-5fe7796df0bd.roa (raw, json)
Hash identifier:          pqDZ9vIrUQtIDcQD0mDwbhZRZ6p0iPrfyDtUmGc5IC8=
Subject key identifier:   0A:59:04:0C:8D:E8:AF:3B:40:56:CF:F9:A1:F9:09:20:3C:DA:06:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       207FF77600561E95299A2F5474958A275C2C9B9B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aff023de-5241-4418-87b7-5fe7796df0bd.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        182.24.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:7f:f7:76:00:56:1e:95:29:9a:2f:54:74:95:8a:27:5c:2c:9b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d3:ce:ee:fc:14:1b:e2:b3:71:08:18:8d:96:
                    00:8c:bd:c3:34:8a:b8:0c:ff:63:b1:db:c9:bf:7d:
                    d2:f4:cf:04:5f:55:19:8d:b8:75:68:56:98:b4:e2:
                    8e:c4:a5:4f:24:81:c6:ad:da:3a:b0:bc:47:ac:b3:
                    74:a0:59:16:6e:2d:c8:8d:cb:02:96:f4:30:80:8a:
                    4a:eb:d9:30:54:4e:bd:21:93:a8:c8:b2:ae:55:79:
                    8f:57:df:0f:7f:0d:30:5c:d1:3f:2b:4b:c1:f7:5c:
                    07:51:89:e7:81:a6:c2:9e:11:12:9c:c6:2d:5b:34:
                    ef:0a:6a:f6:55:65:09:07:82:c3:f2:fe:5d:65:49:
                    77:89:dc:41:d1:2f:f2:5d:85:82:6e:83:ed:2a:45:
                    f2:e7:16:12:f6:28:30:fc:9a:ff:41:83:af:9e:10:
                    4d:f1:9e:28:32:e5:fd:17:c9:47:a5:aa:92:fe:ef:
                    b4:5f:c9:1e:e6:5f:e5:6d:0a:59:99:fb:a0:71:5a:
                    f6:55:04:2e:3c:15:11:f0:4b:e0:f1:2d:9a:cd:a4:
                    25:b7:48:b6:8a:07:71:94:4a:23:7a:48:6a:3f:fb:
                    b3:f9:c8:77:7a:24:fe:27:b1:fb:e4:cb:f1:13:1b:
                    90:f8:8c:5e:be:35:6c:1a:85:31:4c:9b:d2:20:d2:
                    ef:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:59:04:0C:8D:E8:AF:3B:40:56:CF:F9:A1:F9:09:20:3C:DA:06:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aff023de-5241-4418-87b7-5fe7796df0bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.24.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         b2:90:5e:60:59:2b:25:7e:da:dc:bb:bb:26:b1:b3:f7:50:6a:
         c1:73:02:2a:5e:5c:24:24:a3:14:c4:f8:48:3b:6a:c5:0e:cb:
         84:9f:34:d3:73:4f:b6:2f:f5:65:1a:28:79:90:b2:86:a9:96:
         5d:07:55:21:c2:54:72:b9:41:33:d6:4d:91:a8:7e:b8:de:fd:
         42:6e:3d:aa:1c:0a:40:62:22:3d:b6:2a:83:8c:28:3d:f0:77:
         99:09:c8:15:c8:4d:4d:43:fa:93:fc:c5:05:83:44:68:12:59:
         89:97:4a:ca:e1:89:7e:33:a9:ee:bb:30:79:fc:aa:0d:cd:1a:
         fc:6d:ff:78:2b:77:ac:2c:8f:79:fd:fb:30:98:b9:1f:45:45:
         84:e6:f3:dd:ec:82:60:7e:9d:50:b9:bc:73:bf:9b:8a:a5:58:
         35:f8:18:5e:aa:0d:da:fc:de:72:25:69:14:dc:e1:7d:a7:0e:
         4c:7f:e5:22:fe:7a:18:3d:14:c2:10:ef:09:77:8d:d2:65:c0:
         55:01:67:b0:56:84:3c:1b:ef:ba:bc:fd:51:6c:69:78:4b:07:
         85:18:2b:6d:6b:40:d3:4e:29:9c:09:40:85:58:18:d8:b7:17:
         e6:a8:e1:5e:e3:ca:51:4a:7c:a1:c8:f0:05:17:a5:9e:ae:f3:
         b1:e3:27:ec
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIH/3dgBWHpUpmi9UdJWKJ1wsm5swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OTZmNGE2ZWEwNmE5NmE5MzNiOGQ1ZTJlNDIxYjBjM2Fh
ZmE2NmQwNjk5NmQyOTRkOWY0OGY2NTFjMDY5ODBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD087u/BQb4rNxCBiNlgCMvcM0irgM/2Ox28m/fdL0zwRf
VRmNuHVoVpi04o7EpU8kgcat2jqwvEess3SgWRZuLciNywKW9DCAikrr2TBUTr0h
k6jIsq5VeY9X3w9/DTBc0T8rS8H3XAdRieeBpsKeERKcxi1bNO8KavZVZQkHgsPy
/l1lSXeJ3EHRL/JdhYJug+0qRfLnFhL2KDD8mv9Bg6+eEE3xnigy5f0XyUelqpL+
77RfyR7mX+VtClmZ+6BxWvZVBC48FRHwS+DxLZrNpCW3SLaKB3GUSiN6SGo/+7P5
yHd6JP4nsfvky/ETG5D4jF6+NWwahTFMm9Ig0u8xAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUClkEDI3orztAVs/5ofkJIDzaBqswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmZjAyM2RlLTUyNDEtNDQxOC04N2I3LTVmZTc3OTZkZjBiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwK2GDANBgkqhkiG9w0BAQsFAAOCAQEAspBeYFkrJX7a3Lu7JrGz91BqwXMC
Kl5cJCSjFMT4SDtqxQ7LhJ8003NPti/1ZRooeZCyhqmWXQdVIcJUcrlBM9ZNkah+
uN79Qm49qhwKQGIiPbYqg4woPfB3mQnIFchNTUP6k/zFBYNEaBJZiZdKyuGJfjOp
7rswefyqDc0a/G3/eCt3rCyPef37MJi5H0VFhObz3eyCYH6dULm8c7+biqVYNfgY
XqoN2vzeciVpFNzhfacOTH/lIv56GD0UwhDvCXeN0mXAVQFnsFaEPBvvurz9UWxp
eEsHhRgrbWtA004pnAlAhVgY2LcX5qjhXuPKUUp8ocjwBRelnq7zseMn7A==
-----END CERTIFICATE-----