Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b218021a-fde6-4671-ac7f-c325d6b1b02a.roa
File:                     b218021a-fde6-4671-ac7f-c325d6b1b02a.roa (raw, json)
Hash identifier:          6BzyiDa5D3rGchsd/W0qOjtmWKV2iO+Yhr/wgg17t8s=
Subject key identifier:   AF:92:10:E7:B6:EC:97:DB:B5:D1:6B:A0:A0:60:50:1F:A8:89:35:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EA6E7AE47F5F06B535D05813CBCFCC86EF42F63
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b218021a-fde6-4671-ac7f-c325d6b1b02a.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        199.15.112.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a6:e7:ae:47:f5:f0:6b:53:5d:05:81:3c:bc:fc:c8:6e:f4:2f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=e31b005800f3d3b160398c88ea2338de5f5c716557b83fd10c0216b2b42dc20d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:35:43:9a:da:1e:23:a1:ec:f3:15:c2:44:5d:
                    8a:36:4b:cd:6b:f2:a0:0f:f9:f3:d5:90:98:51:c8:
                    b9:d4:01:2f:64:9a:09:bf:2d:6c:1d:c8:d4:18:25:
                    ef:7f:9a:8e:72:5e:05:f5:d3:b8:9f:9e:66:24:11:
                    a3:14:c1:43:0d:f7:22:6d:5b:d1:2b:f6:ec:0b:50:
                    ae:bb:8d:66:f0:40:8f:86:04:13:b7:23:d9:10:77:
                    fe:d0:21:58:a1:52:75:63:27:78:69:8a:61:69:9f:
                    22:75:b5:c0:25:80:27:c5:90:b6:6c:a3:1b:32:9d:
                    53:1a:98:fa:54:34:de:60:83:82:71:75:e8:f4:ba:
                    42:c8:5c:58:93:2d:86:31:81:34:9c:7a:3d:01:33:
                    c5:00:7e:d9:55:85:be:50:b2:3b:0d:34:77:f4:18:
                    05:68:d4:58:6b:70:6e:aa:56:f0:82:73:5b:4b:84:
                    ff:27:29:70:72:f4:e2:3a:fc:eb:b7:ba:6b:28:0a:
                    fb:c2:8a:69:c5:61:4b:04:2b:1e:93:3f:a4:60:d1:
                    a5:7b:52:4f:33:90:9c:3a:c3:73:b7:5d:2b:93:ef:
                    42:12:9c:79:e8:5c:02:09:7c:c7:74:90:4b:d3:56:
                    c5:b4:22:1b:c9:a6:67:40:f0:22:f1:9a:02:61:13:
                    f0:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:92:10:E7:B6:EC:97:DB:B5:D1:6B:A0:A0:60:50:1F:A8:89:35:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b218021a-fde6-4671-ac7f-c325d6b1b02a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.15.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:b5:48:c8:e9:a0:6a:68:28:cc:9d:4a:2d:e2:90:66:d1:46:
         aa:ee:28:11:47:e5:c5:2e:07:cd:f3:b8:a0:20:b3:cf:d4:3f:
         f6:a8:d0:c3:20:32:6e:8b:bc:4b:af:f6:97:fc:48:7c:23:9d:
         f0:37:c4:68:9a:bb:05:0b:10:dc:3d:90:85:b9:9e:32:d0:ee:
         b8:d0:3e:f8:04:24:7f:dd:d1:bb:e4:85:7c:8b:e6:cd:f1:c8:
         a5:ae:b9:7e:fe:75:58:43:62:ee:43:f8:7d:d9:88:29:26:4f:
         0b:bc:d9:c9:14:ee:24:95:4a:cc:a5:32:36:9d:ef:46:54:6d:
         88:a4:90:24:e4:ed:4e:83:ed:69:63:a9:f3:34:45:08:81:ad:
         ec:93:e3:ce:2d:cc:e1:51:bc:bd:9e:f2:ca:6d:c1:43:70:e8:
         9d:47:cf:6d:c5:59:61:09:26:82:88:43:cd:e5:a8:6b:fd:9f:
         4f:d1:ba:60:04:1f:7b:72:3d:93:e7:f9:d9:3a:af:a3:7d:15:
         8d:2f:a1:43:e6:0b:69:eb:0d:d7:41:e4:57:7f:22:5e:2b:ff:
         ca:ba:90:b6:88:92:bf:bf:95:f3:72:d7:b6:38:0f:c9:45:85:
         1f:fc:96:dc:f7:0c:f7:02:7b:86:dd:be:36:dd:c1:18:60:d8:
         db:04:24:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHqbnrkf18GtTXQWBPLz8yG70L2MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzFiMDA1ODAwZjNkM2IxNjAzOThjODhlYTIzMzhkZTVm
NWM3MTY1NTdiODNmZDEwYzAyMTZiMmI0MmRjMjBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjNUOa2h4joezzFcJEXYo2S81r8qAP+fPVkJhRyLnUAS9k
mgm/LWwdyNQYJe9/mo5yXgX107ifnmYkEaMUwUMN9yJtW9Er9uwLUK67jWbwQI+G
BBO3I9kQd/7QIVihUnVjJ3hpimFpnyJ1tcAlgCfFkLZsoxsynVMamPpUNN5gg4Jx
dej0ukLIXFiTLYYxgTScej0BM8UAftlVhb5QsjsNNHf0GAVo1FhrcG6qVvCCc1tL
hP8nKXBy9OI6/Ou3umsoCvvCimnFYUsEKx6TP6Rg0aV7Uk8zkJw6w3O3XSuT70IS
nHnoXAIJfMd0kEvTVsW0IhvJpmdA8CLxmgJhE/DhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUr5IQ57bsl9u10WugoGBQH6iJNQEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyMTgwMjFhLWZkZTYtNDY3MS1hYzdmLWMzMjVkNmIxYjAyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPHD3AwDQYJKoZIhvcNAQELBQADggEBADC1SMjpoGpoKMydSi3ikGbRRqru
KBFH5cUuB83zuKAgs8/UP/ao0MMgMm6LvEuv9pf8SHwjnfA3xGiauwULENw9kIW5
njLQ7rjQPvgEJH/d0bvkhXyL5s3xyKWuuX7+dVhDYu5D+H3ZiCkmTwu82ckU7iSV
SsylMjad70ZUbYikkCTk7U6D7WljqfM0RQiBreyT484tzOFRvL2e8sptwUNw6J1H
z23FWWEJJoKIQ83lqGv9n0/RumAEH3tyPZPn+dk6r6N9FY0voUPmC2nrDddB5Fd/
Il4r/8q6kLaIkr+/lfNy17Y4D8lFhR/8ltz3DPcCe4bdvjbdwRhg2NsEJBk=
-----END CERTIFICATE-----