Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7d67e56-2227-482a-8843-f6d4147549a3.roa
File:                     c7d67e56-2227-482a-8843-f6d4147549a3.roa (raw, json)
Hash identifier:          dVz+C+7fEQPEgVyIkdApwgV/mUSqcKpYbK6hajaho9k=
Subject key identifier:   5B:93:BB:3D:BD:02:86:24:13:7F:64:72:4B:B4:61:B3:9B:82:C6:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30B222E93404EF4CD65E08AB8F486FA050F1D3FA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7d67e56-2227-482a-8843-f6d4147549a3.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        207.8.192.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:b2:22:e9:34:04:ef:4c:d6:5e:08:ab:8f:48:6f:a0:50:f1:d3:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=692226a5b067f943f8742bcec0bc7decb17313de6f7f71f982d19df107f0f7d1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0a:d5:d7:a2:06:c4:10:00:34:5a:46:ff:e9:
                    b1:f5:f8:d8:4d:3c:22:72:e9:50:32:8b:c5:a5:fd:
                    b3:02:5d:20:76:73:da:63:dd:1c:e0:b8:a0:b5:cc:
                    f4:cc:73:4a:55:16:bf:2b:23:59:95:df:0e:1b:a0:
                    dc:78:98:e2:ae:a9:83:07:e8:c1:f0:2b:b3:48:d4:
                    81:9e:91:5e:60:59:99:f0:ed:81:28:b5:cc:86:bb:
                    7c:a0:35:5d:c6:a1:4e:78:a1:e8:2d:4f:02:45:e5:
                    0b:ec:b3:c1:a1:22:da:c4:90:b7:2c:2c:ca:21:d1:
                    09:ec:d6:44:83:28:80:fe:d9:c7:40:70:72:9c:91:
                    d1:73:bc:9e:ba:79:64:fe:cc:f0:84:a4:50:a4:37:
                    fd:f9:94:ae:c4:98:d5:4b:bd:08:b6:a7:ab:46:74:
                    23:a1:84:cb:b5:af:f6:6e:66:38:dc:80:dc:27:bf:
                    44:7c:a7:f3:0e:5d:08:3d:14:8f:52:6d:b8:a8:07:
                    c1:36:74:fb:1a:61:cc:dd:15:e8:0b:0b:98:a1:a5:
                    fa:1d:bf:19:23:16:40:6b:a5:c1:3f:b5:85:df:80:
                    da:5c:70:17:ba:c5:5f:ae:29:2e:06:28:a5:72:18:
                    91:ab:de:ab:38:d2:89:7d:2c:64:ff:22:62:7a:8e:
                    a3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:93:BB:3D:BD:02:86:24:13:7F:64:72:4B:B4:61:B3:9B:82:C6:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7d67e56-2227-482a-8843-f6d4147549a3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.8.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         24:47:e1:dc:fb:03:99:23:fe:01:1c:20:78:7f:62:f7:68:63:
         0d:db:e6:ff:cf:9a:a9:41:aa:ab:ff:f0:46:91:3a:c1:2f:7b:
         73:2d:cd:b6:87:0c:c2:d9:c2:06:86:5f:c1:fb:3f:72:cc:38:
         3d:81:4d:46:1b:1a:c5:48:d0:31:4f:48:91:83:ff:a2:63:66:
         14:97:93:fd:a5:97:58:2e:a6:c1:47:bf:25:1c:ad:14:e2:65:
         10:1c:23:21:b5:73:4d:ad:c5:8e:ff:da:e0:15:0a:40:76:bd:
         c7:8f:64:9a:62:38:0f:2e:49:b6:b0:a3:a1:a3:11:5d:73:1c:
         3e:e1:42:e4:e7:53:15:4a:36:4d:b8:69:38:29:45:50:66:57:
         f3:84:42:e6:67:30:82:17:54:a5:e0:63:98:3f:f5:7a:ee:a5:
         59:6b:33:88:cb:83:cc:92:23:c1:1e:46:d6:b2:2c:b2:a4:93:
         9c:9a:d1:0f:56:6c:bd:15:f7:5c:b1:e8:1d:c8:c7:ca:c1:44:
         43:ee:c6:39:4b:d1:02:7a:b3:20:41:21:99:e8:e0:a8:a4:24:
         78:83:22:ed:a0:f7:3e:6b:2a:0d:d9:e5:53:64:7d:e4:db:85:
         75:9e:d4:74:27:8f:74:ab:41:30:4c:f7:5f:78:b6:5a:e8:8c:
         f8:09:12:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMLIi6TQE70zWXgirj0hvoFDx0/owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTIyMjZhNWIwNjdmOTQzZjg3NDJiY2VjMGJjN2RlY2Ix
NzMxM2RlNmY3ZjcxZjk4MmQxOWRmMTA3ZjBmN2QxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+CtXXogbEEAA0Wkb/6bH1+NhNPCJy6VAyi8Wl/bMCXSB2
c9pj3RzguKC1zPTMc0pVFr8rI1mV3w4boNx4mOKuqYMH6MHwK7NI1IGekV5gWZnw
7YEotcyGu3ygNV3GoU54oegtTwJF5Qvss8GhItrEkLcsLMoh0Qns1kSDKID+2cdA
cHKckdFzvJ66eWT+zPCEpFCkN/35lK7EmNVLvQi2p6tGdCOhhMu1r/ZuZjjcgNwn
v0R8p/MOXQg9FI9SbbioB8E2dPsaYczdFegLC5ihpfodvxkjFkBrpcE/tYXfgNpc
cBe6xV+uKS4GKKVyGJGr3qs40ol9LGT/ImJ6jqPxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUW5O7Pb0ChiQTf2RyS7Rhs5uCxmUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3ZDY3ZTU2LTIyMjctNDgyYS04ODQzLWY2ZDQxNDc1NDlhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXPCMAwDQYJKoZIhvcNAQELBQADggEBACRH4dz7A5kj/gEcIHh/YvdoYw3b
5v/PmqlBqqv/8EaROsEve3MtzbaHDMLZwgaGX8H7P3LMOD2BTUYbGsVI0DFPSJGD
/6JjZhSXk/2ll1gupsFHvyUcrRTiZRAcIyG1c02txY7/2uAVCkB2vcePZJpiOA8u
Sbawo6GjEV1zHD7hQuTnUxVKNk24aTgpRVBmV/OEQuZnMIIXVKXgY5g/9XrupVlr
M4jLg8ySI8EeRtayLLKkk5ya0Q9WbL0V91yx6B3Ix8rBREPuxjlL0QJ6syBBIZno
4KikJHiDIu2g9z5rKg3Z5VNkfeTbhXWe1HQnj3SrQTBM9194tlrojPgJEi4=
-----END CERTIFICATE-----