Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c035706f-a735-4261-afd0-cab138d21d5a.roa
File:                     c035706f-a735-4261-afd0-cab138d21d5a.roa (raw, json)
Hash identifier:          JZra4FMht6JTCVEHF+c2w8zdPF8IshVLeJGqxAxhgxY=
Subject key identifier:   60:A7:AE:AB:3B:66:04:39:71:FA:90:CE:6B:79:7B:C2:8D:55:B8:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       506BE2458F25897A025BA9E6897D69101DED05E7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c035706f-a735-4261-afd0-cab138d21d5a.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.182.224.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:6b:e2:45:8f:25:89:7a:02:5b:a9:e6:89:7d:69:10:1d:ed:05:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=3553a9fe246c656ac8000c5d72c21b13f85f4a39a0a73969cf5efbd0fc902b40, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:7a:86:aa:7e:57:1d:4d:d0:fd:fb:e5:74:11:
                    8a:cb:5b:e2:66:b5:5b:f1:2f:81:46:6f:66:8d:b7:
                    0c:f2:3e:30:da:8e:e0:a6:3f:83:f9:9c:e6:f4:6c:
                    21:03:db:79:b2:69:4f:9e:1d:1c:ac:70:2a:4c:e5:
                    da:38:38:d4:71:d3:b5:0e:44:19:5a:c2:2b:cd:3e:
                    9c:90:43:47:49:ab:f1:88:3f:c2:f1:e3:2a:0c:fe:
                    ab:11:54:d6:dd:42:bb:2c:6d:d9:09:c8:51:6a:86:
                    14:94:33:cf:70:9d:1a:51:a1:70:46:c5:3f:07:7b:
                    a9:52:0b:31:1a:11:7c:38:90:8e:b0:9f:c2:37:71:
                    a7:b6:00:ef:4c:59:ce:b5:2b:d4:3b:51:b8:18:bc:
                    a4:6b:58:ca:b6:81:70:5c:61:fe:00:22:62:14:53:
                    6e:94:68:28:bf:fe:b2:78:92:18:66:74:1a:55:c9:
                    46:d5:8c:4c:69:13:fe:a1:db:9c:ae:16:e4:44:1e:
                    2f:17:1f:41:96:d0:28:7a:06:b2:f4:18:c0:3b:8d:
                    47:d7:f4:bd:1c:6e:fd:c3:5d:ac:1f:a6:71:2b:84:
                    6e:f7:60:d4:29:9d:e0:a4:a9:19:c4:16:83:d2:e9:
                    53:cc:6b:8b:b1:a8:48:ca:9f:43:c4:80:f3:06:00:
                    43:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:A7:AE:AB:3B:66:04:39:71:FA:90:CE:6B:79:7B:C2:8D:55:B8:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c035706f-a735-4261-afd0-cab138d21d5a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         11:ce:b8:f5:aa:df:9e:84:50:4f:21:45:37:44:a0:e1:9b:f0:
         24:e5:88:20:01:b9:e3:46:57:b0:16:38:2c:96:7c:04:aa:dd:
         72:e2:5f:9d:f7:dd:0c:9e:db:b7:78:6b:53:ad:bc:52:eb:dc:
         cb:86:39:89:b4:fc:fa:a3:55:95:19:2d:84:0d:2e:b7:e2:6f:
         43:93:db:23:3e:46:19:6f:c0:75:6e:c9:22:08:cb:ae:61:59:
         01:40:77:f8:f9:0c:9f:db:91:39:d4:b2:69:71:6a:6d:3a:3b:
         3d:17:9a:60:af:32:11:a8:22:96:d0:05:b0:b0:a4:bb:78:e7:
         c5:90:d4:18:9a:42:35:7d:53:f7:50:30:58:84:5e:0f:21:b4:
         b8:40:ca:23:fa:dc:19:e7:5a:31:44:2e:3e:6f:8e:b4:39:51:
         b5:48:26:75:95:6f:2f:43:24:fc:eb:80:62:63:68:63:e7:11:
         f5:0c:24:27:0d:75:e9:b2:31:f4:c3:da:58:9c:eb:dc:df:94:
         51:6c:6c:66:7a:82:15:75:03:f3:19:5f:9a:7b:c4:bc:c2:27:
         62:8b:51:b7:d7:88:f7:c1:76:6b:17:53:24:1c:de:70:ba:e4:
         8b:04:4d:9b:ea:4e:e4:db:47:6d:b7:de:88:d5:17:37:a8:8c:
         30:9f:09:56
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUGviRY8liXoCW6nmiX1pEB3tBecwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTUzYTlmZTI0NmM2NTZhYzgwMDBjNWQ3MmMyMWIxM2Y4
NWY0YTM5YTBhNzM5NjljZjVlZmJkMGZjOTAyYjQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTeoaqflcdTdD9++V0EYrLW+JmtVvxL4FGb2aNtwzyPjDa
juCmP4P5nOb0bCED23myaU+eHRyscCpM5do4ONRx07UORBlawivNPpyQQ0dJq/GI
P8Lx4yoM/qsRVNbdQrssbdkJyFFqhhSUM89wnRpRoXBGxT8He6lSCzEaEXw4kI6w
n8I3cae2AO9MWc61K9Q7UbgYvKRrWMq2gXBcYf4AImIUU26UaCi//rJ4khhmdBpV
yUbVjExpE/6h25yuFuREHi8XH0GW0Ch6BrL0GMA7jUfX9L0cbv3DXawfpnErhG73
YNQpneCkqRnEFoPS6VPMa4uxqEjKn0PEgPMGAEP9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYKeuqztmBDlx+pDOa3l7wo1VuGkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwMzU3MDZmLWE3MzUtNDI2MS1hZmQwLWNhYjEzOGQyMWQ1YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYtuAwDQYJKoZIhvcNAQELBQADggEBABHOuPWq356EUE8hRTdEoOGb8CTl
iCABueNGV7AWOCyWfASq3XLiX5333Qye27d4a1OtvFLr3MuGOYm0/PqjVZUZLYQN
Lrfib0OT2yM+RhlvwHVuySIIy65hWQFAd/j5DJ/bkTnUsmlxam06Oz0XmmCvMhGo
IpbQBbCwpLt458WQ1BiaQjV9U/dQMFiEXg8htLhAyiP63BnnWjFELj5vjrQ5UbVI
JnWVby9DJPzrgGJjaGPnEfUMJCcNdemyMfTD2lic69zflFFsbGZ6ghV1A/MZX5p7
xLzCJ2KLUbfXiPfBdmsXUyQc3nC65IsETZvqTuTbR2233ojVFzeojDCfCVY=
-----END CERTIFICATE-----