Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c20a9f77-2bcd-4f0c-bac1-dc3a1939599e.roa
File:                     c20a9f77-2bcd-4f0c-bac1-dc3a1939599e.roa (raw, json)
Hash identifier:          sPX0w6oFFEBPLzBqf1VAbRaEb9iA1yqen7gbGjYNZeY=
Subject key identifier:   03:3F:A8:F3:53:79:65:66:F4:2B:4F:AA:C4:8B:54:7B:4B:39:30:6D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A51020E98740D7EDF69A7C0F3CE7D700A3C5706
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c20a9f77-2bcd-4f0c-bac1-dc3a1939599e.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.24.192.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:51:02:0e:98:74:0d:7e:df:69:a7:c0:f3:ce:7d:70:0a:3c:57:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=dda55f12c89b519471429fcbc496f243bebd1657a3680a0ee0cd855dbf4b7bed, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:4e:8c:b2:c9:76:b6:84:82:70:ea:b3:4b:1d:
                    85:f5:1a:88:bc:f3:79:e1:3d:17:ec:37:b7:a8:5c:
                    db:32:d9:d1:89:4c:25:d6:23:8e:dc:41:af:b3:25:
                    d5:65:00:2e:ee:1b:d6:5e:23:35:2b:08:20:70:69:
                    ce:20:24:c4:56:00:18:da:1b:8a:a2:f9:9e:ec:60:
                    5c:17:e8:58:d1:5e:1a:a3:76:f5:bb:43:3a:19:ab:
                    39:ee:02:8e:c9:16:21:b6:fa:35:f6:ba:07:0c:00:
                    a0:7b:36:0e:a5:29:f8:30:09:e6:4a:60:fb:4e:89:
                    91:e5:f4:af:3b:ea:c2:5b:1d:82:37:22:99:05:63:
                    95:ff:df:9f:46:b3:37:49:07:70:6e:e3:1d:2f:69:
                    9e:01:07:4a:57:16:28:02:da:f6:15:73:20:19:dc:
                    16:59:86:32:52:92:53:61:ad:50:b7:02:40:e4:2f:
                    a6:9a:48:bb:0e:05:7c:de:d9:58:9b:79:71:19:df:
                    b8:3e:37:cf:20:da:5b:31:bd:7d:77:68:fa:e1:47:
                    ae:ef:36:96:b8:fa:36:96:05:5e:e6:b5:7b:9e:ef:
                    97:14:ea:e6:cb:14:50:22:88:48:3d:e3:b8:f8:8d:
                    d6:c7:2a:0e:c5:e6:ea:3c:99:d3:6c:7f:cb:c8:b5:
                    db:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:3F:A8:F3:53:79:65:66:F4:2B:4F:AA:C4:8B:54:7B:4B:39:30:6D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c20a9f77-2bcd-4f0c-bac1-dc3a1939599e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.24.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         bc:a0:eb:65:07:c6:2b:68:f0:bd:41:61:1b:e7:d6:18:f0:04:
         4b:1d:4a:b8:ad:38:10:00:51:8f:e5:0b:e6:74:8d:8d:25:83:
         4f:62:09:96:21:57:75:5a:e4:fc:93:d3:83:58:6f:f9:0c:b6:
         e3:1d:e4:08:cc:65:7a:55:67:b7:88:cf:c8:f6:b1:57:47:fc:
         e6:19:a3:bb:4f:ab:f9:67:fe:dc:b3:5e:14:af:ee:c3:d1:c3:
         84:0c:0a:b8:e9:f3:df:d8:9f:04:90:46:a2:21:fa:e6:c2:5d:
         1c:91:84:39:c3:26:d7:09:58:4d:c3:57:e8:aa:a2:a6:f9:9e:
         3a:a1:f3:2a:e9:eb:5b:1f:26:f4:28:25:dd:ad:1b:63:26:7b:
         12:ab:13:e6:2c:b4:ec:bc:09:73:05:64:ea:e7:27:21:a2:78:
         d1:78:f9:b9:55:4f:a5:f1:28:52:48:4f:f7:01:92:d0:a9:00:
         aa:c3:b1:3d:19:71:b4:ef:ac:06:be:c8:b2:4f:77:ba:43:94:
         48:0a:16:ff:54:27:2d:42:ce:2a:cf:28:22:04:de:82:78:a4:
         21:1d:e3:89:a2:bd:e7:7b:b9:a0:46:4b:23:fc:8e:72:be:9b:
         9e:18:6f:75:75:90:89:d4:e2:72:be:97:f4:46:da:4b:2e:ef:
         c8:7b:95:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSlECDph0DX7faafA8859cAo8VwYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZGE1NWYxMmM4OWI1MTk0NzE0MjlmY2JjNDk2ZjI0M2Jl
YmQxNjU3YTM2ODBhMGVlMGNkODU1ZGJmNGI3YmVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoToyyyXa2hIJw6rNLHYX1Goi883nhPRfsN7eoXNsy2dGJ
TCXWI47cQa+zJdVlAC7uG9ZeIzUrCCBwac4gJMRWABjaG4qi+Z7sYFwX6FjRXhqj
dvW7QzoZqznuAo7JFiG2+jX2ugcMAKB7Ng6lKfgwCeZKYPtOiZHl9K876sJbHYI3
IpkFY5X/359GszdJB3Bu4x0vaZ4BB0pXFigC2vYVcyAZ3BZZhjJSklNhrVC3AkDk
L6aaSLsOBXze2VibeXEZ37g+N88g2lsxvX13aPrhR67vNpa4+jaWBV7mtXue75cU
6ubLFFAiiEg947j4jdbHKg7F5uo8mdNsf8vItdvnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAz+o81N5ZWb0K0+qxItUe0s5MG0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyMGE5Zjc3LTJiY2QtNGYwYy1iYWMxLWRjM2ExOTM5NTk5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYGMAwDQYJKoZIhvcNAQELBQADggEBALyg62UHxito8L1BYRvn1hjwBEsd
SritOBAAUY/lC+Z0jY0lg09iCZYhV3Va5PyT04NYb/kMtuMd5AjMZXpVZ7eIz8j2
sVdH/OYZo7tPq/ln/tyzXhSv7sPRw4QMCrjp89/YnwSQRqIh+ubCXRyRhDnDJtcJ
WE3DV+iqoqb5njqh8yrp61sfJvQoJd2tG2MmexKrE+YstOy8CXMFZOrnJyGieNF4
+blVT6XxKFJIT/cBktCpAKrDsT0ZcbTvrAa+yLJPd7pDlEgKFv9UJy1CzirPKCIE
3oJ4pCEd44mived7uaBGSyP8jnK+m54Yb3V1kInU4nK+l/RG2ksu78h7leo=
-----END CERTIFICATE-----