Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/baf81711-5572-45f8-a92c-90099fc5332f.roa
File:                     baf81711-5572-45f8-a92c-90099fc5332f.roa (raw, json)
Hash identifier:          HBDrQ1KwDje+xA635FLR6A7FKdO3RA9YQcq9RUFfyks=
Subject key identifier:   59:75:B3:74:11:94:20:0F:A8:6B:50:01:C1:37:2A:76:C5:36:B5:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20A45470066B428C60E6032C4E72F651F9B3810D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/baf81711-5572-45f8-a92c-90099fc5332f.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        164.152.168.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a4:54:70:06:6b:42:8c:60:e6:03:2c:4e:72:f6:51:f9:b3:81:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=4dcfef066d808b4d4cb82a0df873b94e24b15ed871ce817bc89a255786d1ad69, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6e:1f:72:8d:6b:7b:ab:e5:fb:7e:be:be:d5:
                    2a:1d:20:42:6e:63:0c:65:76:ba:59:f2:cc:4c:c8:
                    bb:1c:c0:76:cc:21:21:30:f7:6b:c7:bc:b8:d6:13:
                    ce:d8:77:58:4d:13:82:87:70:20:ea:7b:28:79:a8:
                    e5:51:66:94:9a:69:0d:d8:30:21:c4:ae:91:16:64:
                    be:a1:07:78:3f:82:9e:7a:2c:25:52:55:9e:ba:dd:
                    b0:80:16:00:d3:c5:9e:d5:9f:a7:79:da:1b:e4:47:
                    4a:d0:89:00:ef:40:02:6b:00:a3:6a:d3:c8:ca:1c:
                    24:69:89:30:ac:7e:a5:36:cd:ca:85:1d:8b:4c:7b:
                    a5:24:cc:d8:ed:7b:da:9c:5d:f5:b3:59:e6:36:cb:
                    a3:74:e9:1f:5b:58:a0:0d:cc:33:df:7c:f7:a7:9f:
                    ed:9d:34:b2:48:52:76:72:21:1f:52:43:e7:a2:0e:
                    e2:4e:b6:69:95:16:1e:8d:42:e7:9a:ce:e3:9f:2e:
                    7a:5e:2d:dc:5a:31:84:25:3f:e8:c3:58:0e:8c:46:
                    43:4b:d6:32:41:f6:a0:7f:94:e5:47:fe:fa:da:03:
                    1a:7e:44:d1:1a:36:c7:d8:3b:03:d1:22:ac:e0:1d:
                    bb:0c:87:a9:f8:eb:a6:78:35:1f:47:57:5b:23:e1:
                    5e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:75:B3:74:11:94:20:0F:A8:6B:50:01:C1:37:2A:76:C5:36:B5:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/baf81711-5572-45f8-a92c-90099fc5332f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5a:59:a3:c2:dc:60:a0:61:cc:92:41:5c:c3:3e:9a:e3:0f:2e:
         c2:23:ad:9a:e1:2b:b3:53:ac:f0:3f:27:63:70:c7:80:5e:3f:
         72:12:4f:80:7a:20:60:51:2a:ce:d2:f9:0c:c5:eb:48:1f:3d:
         38:a1:d7:e6:85:d5:29:04:c1:4b:13:cd:a9:8a:c7:fe:05:81:
         c6:08:f4:e5:a7:fc:af:b6:b5:4b:3b:43:d6:3b:b5:bb:40:5d:
         58:f0:29:80:1c:59:bb:00:58:af:4b:71:86:6c:98:b6:0c:bd:
         70:64:d7:b1:13:37:3f:2a:c1:39:29:44:5f:ec:b0:ab:c8:6f:
         c1:ff:a0:a4:06:28:e4:f4:02:bd:49:af:9d:48:c8:d2:fb:63:
         a6:56:ed:9b:4b:f0:54:99:87:98:45:d0:78:0b:02:b7:52:3e:
         15:15:56:42:3f:e8:2f:32:b9:32:9f:e5:5d:da:1f:54:d4:9e:
         66:e4:a8:ea:33:73:3e:92:62:83:0b:87:8d:44:db:c1:ab:10:
         94:7b:8f:53:2a:b9:ac:05:bd:3e:41:82:c0:40:a0:36:87:33:
         ee:33:eb:40:47:b9:47:c7:d9:29:68:84:fe:50:81:be:83:b6:
         88:f7:ed:2d:25:78:7b:7c:2e:bf:c3:a3:20:f4:3b:c6:fd:47:
         ec:6e:be:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIKRUcAZrQoxg5gMsTnL2UfmzgQ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGNmZWYwNjZkODA4YjRkNGNiODJhMGRmODczYjk0ZTI0
YjE1ZWQ4NzFjZTgxN2JjODlhMjU1Nzg2ZDFhZDY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDObh9yjWt7q+X7fr6+1SodIEJuYwxldrpZ8sxMyLscwHbM
ISEw92vHvLjWE87Yd1hNE4KHcCDqeyh5qOVRZpSaaQ3YMCHErpEWZL6hB3g/gp56
LCVSVZ663bCAFgDTxZ7Vn6d52hvkR0rQiQDvQAJrAKNq08jKHCRpiTCsfqU2zcqF
HYtMe6UkzNjte9qcXfWzWeY2y6N06R9bWKANzDPffPenn+2dNLJIUnZyIR9SQ+ei
DuJOtmmVFh6NQueazuOfLnpeLdxaMYQlP+jDWA6MRkNL1jJB9qB/lOVH/vraAxp+
RNEaNsfYOwPRIqzgHbsMh6n466Z4NR9HV1sj4V75AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWXWzdBGUIA+oa1ABwTcqdsU2tSUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhZjgxNzExLTU1NzItNDVmOC1hOTJjLTkwMDk5ZmM1MzMyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOkmKgwDQYJKoZIhvcNAQELBQADggEBAFpZo8LcYKBhzJJBXMM+muMPLsIj
rZrhK7NTrPA/J2Nwx4BeP3IST4B6IGBRKs7S+QzF60gfPTih1+aF1SkEwUsTzamK
x/4FgcYI9OWn/K+2tUs7Q9Y7tbtAXVjwKYAcWbsAWK9LcYZsmLYMvXBk17ETNz8q
wTkpRF/ssKvIb8H/oKQGKOT0Ar1Jr51IyNL7Y6ZW7ZtL8FSZh5hF0HgLArdSPhUV
VkI/6C8yuTKf5V3aH1TUnmbkqOozcz6SYoMLh41E28GrEJR7j1MquawFvT5BgsBA
oDaHM+4z60BHuUfH2SlohP5Qgb6Dtoj37S0leHt8Lr/DoyD0O8b9R+xuvjs=
-----END CERTIFICATE-----