Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2657b36-9417-4838-b13e-541841e2a18f.roa
File:                     c2657b36-9417-4838-b13e-541841e2a18f.roa (raw, json)
Hash identifier:          SqOL6Y0iWguNJV/EqwDhqnLYaFneLTKiDRs4mrkZSG0=
Subject key identifier:   9D:CA:81:DF:0E:19:39:A6:E8:B1:0E:3F:B8:9A:D4:B5:69:E8:CB:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E2DE14584C56479C97402FDF7FD7F5E2BDF65A1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2657b36-9417-4838-b13e-541841e2a18f.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        216.182.224.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:2d:e1:45:84:c5:64:79:c9:74:02:fd:f7:fd:7f:5e:2b:df:65:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=34bb04b50d1f4ebf0319f0299810c39c74bea6372ee683fd89e85695008d227d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:eb:1c:1c:7e:99:71:33:9a:68:62:52:97:03:
                    6b:ed:3e:6a:54:42:d0:c0:ec:b1:97:5f:bc:50:d3:
                    6f:a2:1c:d8:9b:e1:71:39:dd:79:5e:d0:33:74:05:
                    e6:1a:19:70:5a:2d:f0:a0:80:96:15:46:ff:eb:a4:
                    7a:28:62:0d:5b:55:7a:ab:72:46:45:fe:7f:48:7b:
                    0d:53:10:f5:68:33:44:aa:50:18:8d:f9:3e:74:4d:
                    6a:3e:8b:c2:9e:51:74:12:a6:b1:27:6e:78:4e:1e:
                    40:a1:1f:cf:58:22:37:da:19:54:a3:c1:3c:34:36:
                    04:0b:64:c2:92:e1:9d:12:fb:d4:60:a2:5a:18:01:
                    a4:03:f7:4c:93:a1:cf:00:57:f6:56:5c:4e:7b:4a:
                    0c:fd:79:e3:5a:5c:db:64:ed:f2:e8:81:61:4d:bf:
                    eb:79:79:07:d3:81:d0:39:d3:5b:e8:bd:05:4d:66:
                    47:54:63:4e:15:d9:06:cd:d0:f7:68:01:14:58:f2:
                    98:15:3d:dd:a6:22:f7:25:d3:85:bd:62:f1:5e:c5:
                    1a:0e:95:ec:1d:60:56:41:97:b1:51:6a:ab:93:36:
                    57:30:03:3c:aa:dd:77:ae:2b:bb:d9:de:bf:58:da:
                    9d:fb:d6:ae:94:8a:60:82:02:ae:92:c3:44:81:d7:
                    39:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:CA:81:DF:0E:19:39:A6:E8:B1:0E:3F:B8:9A:D4:B5:69:E8:CB:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2657b36-9417-4838-b13e-541841e2a18f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.182.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9e:13:60:73:9a:20:a5:c2:1c:5c:f2:89:e2:22:b6:52:a4:b4:
         36:ab:f1:9f:ab:d0:f6:fb:01:e6:02:1e:f4:5c:3b:50:20:88:
         ea:6a:80:46:51:2b:3a:f2:68:36:63:25:07:be:52:94:20:86:
         8e:cd:3a:58:c9:f3:0c:7a:26:70:89:7c:9f:a9:36:94:d9:e0:
         45:ba:8a:6c:9d:16:b7:54:0d:c6:a7:86:76:04:96:22:88:0e:
         41:56:8d:2b:09:df:04:3a:af:d8:c0:55:b5:42:92:c9:08:4b:
         33:4f:b0:a5:3e:e4:5e:ba:e8:1c:8c:b6:11:5e:bd:52:06:bc:
         28:56:f4:40:ff:ab:64:db:66:dd:90:01:84:d1:2a:a6:e2:ac:
         c9:67:dd:0e:4d:30:9d:ec:4a:d8:23:0b:d2:15:d9:4c:11:2b:
         4d:78:f7:72:0f:ab:df:88:8c:74:c7:e8:25:93:97:ee:8e:2e:
         6b:0b:a9:01:7a:50:66:a2:33:c2:2f:48:23:cb:31:a0:71:cc:
         a1:67:08:af:43:1a:07:09:8a:9e:ca:40:e5:79:6d:99:f8:c1:
         1a:89:bc:0e:99:54:81:92:ee:0e:c8:ec:bd:5c:af:c7:ee:00:
         04:90:7a:8d:45:96:bd:31:ba:0b:cb:36:82:24:9e:39:12:b9:
         80:1e:d1:5d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHi3hRYTFZHnJdAL99/1/XivfZaEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNGJiMDRiNTBkMWY0ZWJmMDMxOWYwMjk5ODEwYzM5Yzc0
YmVhNjM3MmVlNjgzZmQ4OWU4NTY5NTAwOGQyMjdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCT6xwcfplxM5poYlKXA2vtPmpUQtDA7LGXX7xQ02+iHNib
4XE53Xle0DN0BeYaGXBaLfCggJYVRv/rpHooYg1bVXqrckZF/n9Iew1TEPVoM0Sq
UBiN+T50TWo+i8KeUXQSprEnbnhOHkChH89YIjfaGVSjwTw0NgQLZMKS4Z0S+9Rg
oloYAaQD90yToc8AV/ZWXE57Sgz9eeNaXNtk7fLogWFNv+t5eQfTgdA501vovQVN
ZkdUY04V2QbN0PdoARRY8pgVPd2mIvcl04W9YvFexRoOlewdYFZBl7FRaquTNlcw
Azyq3XeuK7vZ3r9Y2p371q6UimCCAq6Sw0SB1znZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUncqB3w4ZOabosQ4/uJrUtWnoy7YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyNjU3YjM2LTk0MTctNDgzOC1iMTNlLTU0MTg0MWUyYTE4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATYtuAwDQYJKoZIhvcNAQELBQADggEBAJ4TYHOaIKXCHFzyieIitlKktDar
8Z+r0Pb7AeYCHvRcO1AgiOpqgEZRKzryaDZjJQe+UpQgho7NOljJ8wx6JnCJfJ+p
NpTZ4EW6imydFrdUDcanhnYEliKIDkFWjSsJ3wQ6r9jAVbVCkskISzNPsKU+5F66
6ByMthFevVIGvChW9ED/q2TbZt2QAYTRKqbirMln3Q5NMJ3sStgjC9IV2UwRK014
93IPq9+IjHTH6CWTl+6OLmsLqQF6UGaiM8IvSCPLMaBxzKFnCK9DGgcJip7KQOV5
bZn4wRqJvA6ZVIGS7g7I7L1cr8fuAASQeo1Flr0xugvLNoIknjkSuYAe0V0=
-----END CERTIFICATE-----