Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cada2b49-45a9-40ad-bf9b-3b6818a5dd4d.roa
File:                     cada2b49-45a9-40ad-bf9b-3b6818a5dd4d.roa (raw, json)
Hash identifier:          Qp3BnOa8VZ8Q4VjZ1eId6nGOvsPGPrCCx43YcobF0Qs=
Subject key identifier:   69:D3:A0:97:DD:69:1D:09:BD:D9:A2:2E:67:3D:30:E0:7D:8E:E1:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DCFD8BCD317F51E4EC9C44C46DD914EA290297B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cada2b49-45a9-40ad-bf9b-3b6818a5dd4d.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        161.228.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:cf:d8:bc:d3:17:f5:1e:4e:c9:c4:4c:46:dd:91:4e:a2:90:29:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=3a137e8776c7f20fc088ded1b60f755c929e3606901ee35da598868897196293, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f4:ca:d6:1b:9b:8d:07:49:05:b4:d0:50:55:
                    79:71:1c:e4:ec:43:72:e8:ed:53:58:e6:da:5d:ce:
                    53:34:29:52:68:69:2a:e0:31:6e:56:6a:1c:d4:e2:
                    b5:3b:f5:d8:61:42:42:86:f1:a7:b3:0a:28:4c:68:
                    a1:21:5f:8d:77:e4:d7:f6:ad:48:0e:cb:be:04:6b:
                    57:6e:57:fb:65:64:be:32:bc:15:d4:c2:4a:8e:e3:
                    05:95:49:96:bb:bc:20:ba:b8:ce:06:a5:d4:ca:32:
                    6c:e7:be:f4:a2:bd:d4:ad:9d:2b:d8:a9:60:b3:c4:
                    8d:7b:47:95:b8:4b:63:24:f6:2d:62:b0:9d:69:42:
                    60:fe:06:c6:ec:dc:fd:c3:a5:e1:27:78:9e:5e:1b:
                    d8:e6:a7:a5:31:5d:75:d0:e5:9c:90:0f:d6:e8:c2:
                    b0:b6:6d:43:8c:50:33:1d:c8:f7:f3:87:bf:9a:96:
                    7d:07:15:2f:75:c0:68:35:6d:11:f6:07:3a:2d:0c:
                    8e:d4:c1:bc:8c:90:6f:29:3b:7b:ab:d9:ef:59:55:
                    b2:82:3c:16:5a:0f:32:47:69:1a:e2:63:05:f4:d3:
                    66:f1:73:77:42:02:eb:40:a4:af:59:ca:05:15:b2:
                    d7:e5:e2:c0:26:f1:5a:1a:b3:52:20:8a:14:c2:7b:
                    d3:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D3:A0:97:DD:69:1D:09:BD:D9:A2:2E:67:3D:30:E0:7D:8E:E1:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cada2b49-45a9-40ad-bf9b-3b6818a5dd4d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.228.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a3:1a:5a:c3:ca:10:b3:37:83:c0:b8:87:72:86:d0:d7:e9:4f:
         14:5a:0f:b8:e7:1b:32:29:73:3d:2f:9e:c6:19:eb:21:33:32:
         ff:22:5e:67:54:1b:49:74:bb:bc:e7:7b:42:7a:25:15:94:19:
         2c:d3:45:04:4e:34:b7:2c:cf:bc:49:50:27:49:16:ba:1a:92:
         0b:74:54:2f:bb:05:bd:90:49:1a:69:24:d7:13:1c:45:78:27:
         90:a2:96:5b:d8:57:1c:3b:51:31:7b:21:a8:5d:cd:8f:87:6e:
         25:8c:5c:de:99:0d:4f:78:8f:6e:78:77:0c:9f:81:3d:d5:b2:
         b0:5c:bc:47:31:57:52:f5:d1:c1:63:61:e9:1b:58:74:56:b5:
         68:1e:52:4b:1e:26:0d:85:fc:ee:53:0c:47:8f:57:72:4e:e7:
         89:24:cd:23:e8:75:76:11:46:21:99:65:a0:54:5d:cf:2a:a5:
         df:18:a2:43:e4:37:a7:ea:64:1e:85:41:b0:e9:c8:32:35:54:
         32:4a:f6:ac:89:53:50:bd:66:de:74:17:6b:ae:fe:1f:27:ee:
         e4:69:ba:ca:30:75:54:c1:39:8b:75:c3:b2:89:aa:fb:9d:ff:
         a3:e8:c1:9f:e6:b4:30:19:34:bc:66:d1:ab:e0:c9:70:1c:0d:
         e5:83:89:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfc/YvNMX9R5OycRMRt2RTqKQKXswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYTEzN2U4Nzc2YzdmMjBmYzA4OGRlZDFiNjBmNzU1Yzky
OWUzNjA2OTAxZWUzNWRhNTk4ODY4ODk3MTk2MjkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd9MrWG5uNB0kFtNBQVXlxHOTsQ3Lo7VNY5tpdzlM0KVJo
aSrgMW5WahzU4rU79dhhQkKG8aezCihMaKEhX4135Nf2rUgOy74Ea1duV/tlZL4y
vBXUwkqO4wWVSZa7vCC6uM4GpdTKMmznvvSivdStnSvYqWCzxI17R5W4S2Mk9i1i
sJ1pQmD+Bsbs3P3DpeEneJ5eG9jmp6UxXXXQ5ZyQD9bowrC2bUOMUDMdyPfzh7+a
ln0HFS91wGg1bRH2BzotDI7UwbyMkG8pO3ur2e9ZVbKCPBZaDzJHaRriYwX002bx
c3dCAutApK9ZygUVstfl4sAm8Voas1IgihTCe9ONAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUadOgl91pHQm92aIuZz0w4H2O4W8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhZGEyYjQ5LTQ1YTktNDBhZC1iZjliLTNiNjgxOGE1ZGQ0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAah5AAwDQYJKoZIhvcNAQELBQADggEBAKMaWsPKELM3g8C4h3KG0NfpTxRa
D7jnGzIpcz0vnsYZ6yEzMv8iXmdUG0l0u7zne0J6JRWUGSzTRQRONLcsz7xJUCdJ
Froakgt0VC+7Bb2QSRppJNcTHEV4J5CillvYVxw7UTF7IahdzY+HbiWMXN6ZDU94
j254dwyfgT3VsrBcvEcxV1L10cFjYekbWHRWtWgeUkseJg2F/O5TDEePV3JO54kk
zSPodXYRRiGZZaBUXc8qpd8YokPkN6fqZB6FQbDpyDI1VDJK9qyJU1C9Zt50F2uu
/h8n7uRpusowdVTBOYt1w7KJqvud/6PowZ/mtDAZNLxm0avgyXAcDeWDiRU=
-----END CERTIFICATE-----