Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf03db45-834d-4676-82d4-32f14b5b14f9.roa
File:                     cf03db45-834d-4676-82d4-32f14b5b14f9.roa (raw, json)
Hash identifier:          8Uq75bd8sKqBOWAKQ/L9NnupgBiNuPslhjAOb3fp9Y4=
Subject key identifier:   18:78:69:ED:BC:0A:E7:C5:D9:5A:E2:A0:1F:DC:2C:70:E7:9B:79:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3B51FFF993BFC589D7DA360B9079FA96565495D2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf03db45-834d-4676-82d4-32f14b5b14f9.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        67.202.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:51:ff:f9:93:bf:c5:89:d7:da:36:0b:90:79:fa:96:56:54:95:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:17:31:9a:be:23:b2:b3:83:46:4f:f4:f8:5a:
                    4d:1d:a2:d6:93:e7:3d:18:6f:95:df:f7:f8:ab:a7:
                    ed:9d:69:ef:0e:01:b2:97:42:5e:37:65:a1:a0:32:
                    c7:9d:28:59:b2:92:ba:09:71:36:4b:c7:5b:ea:fd:
                    9a:4f:80:6c:1a:4d:e6:47:98:54:e5:4d:b6:5c:1a:
                    fa:73:34:3d:73:2e:93:5b:c5:f4:03:d6:01:aa:62:
                    f5:ff:31:8b:48:9b:3e:19:fe:84:86:03:e4:51:58:
                    f4:64:45:e8:17:a4:14:4a:ae:e1:20:15:05:c3:11:
                    14:d1:33:a1:f5:6f:62:f3:e1:ca:8b:01:6a:a3:b5:
                    5e:35:39:15:e3:1f:cc:eb:ea:be:b6:cb:c7:b9:ed:
                    be:9c:3e:26:36:05:a1:30:5a:31:07:20:eb:39:fe:
                    6c:5e:05:93:fe:25:3e:04:55:5c:8a:62:95:e0:ac:
                    66:cd:3b:40:4e:f0:63:2f:f3:48:6f:04:dc:c5:74:
                    f3:2c:b6:55:71:be:26:46:12:2f:c5:55:32:84:b1:
                    88:27:de:d9:8a:b2:c1:7b:45:9a:47:87:e6:b1:f5:
                    60:e9:50:cd:15:b0:bd:34:c0:4d:ea:05:34:62:be:
                    75:0a:55:52:0e:f0:21:e0:8d:00:3c:0a:c3:75:89:
                    c8:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:78:69:ED:BC:0A:E7:C5:D9:5A:E2:A0:1F:DC:2C:70:E7:9B:79:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cf03db45-834d-4676-82d4-32f14b5b14f9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.202.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d2:a2:94:fa:14:01:80:b6:69:80:1b:fe:4b:70:82:0f:a4:b1:
         c8:94:dc:53:ae:b4:22:2a:10:f1:f9:b2:b0:52:13:32:f0:c2:
         59:33:c7:0a:88:85:26:8b:5d:25:41:d9:10:bd:a7:07:19:14:
         9d:1c:ff:71:1a:6d:56:4d:d9:5e:f7:35:37:02:bb:a4:4f:3f:
         d5:88:12:62:b4:60:45:77:21:c4:fb:96:6e:61:0f:1f:bc:f7:
         f5:cb:33:73:3b:f2:ae:4b:c1:90:b7:19:ac:15:02:4a:35:74:
         30:aa:12:56:c0:23:3c:19:82:f9:16:ef:1d:09:2d:30:09:9d:
         29:be:3d:ce:5f:ff:02:cd:57:fb:c3:84:0a:96:07:10:08:38:
         9a:9a:28:92:61:31:8b:90:c6:91:2d:f6:03:dc:98:10:fb:05:
         3b:33:f2:1a:ba:ed:c9:51:db:21:9c:f8:3f:59:f1:10:55:00:
         47:64:b2:92:d7:a2:8b:e0:22:ce:fc:5e:c3:0b:d7:76:13:81:
         f2:a8:9b:ad:33:95:11:16:98:28:35:4b:8e:d2:c5:60:60:d4:
         78:80:05:18:b6:87:e5:8b:68:49:71:b0:3c:d0:94:44:0a:1e:
         ae:26:90:9b:64:17:69:ef:52:4a:dd:0d:69:04:15:b2:89:83:
         63:f9:08:90
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO1H/+ZO/xYnX2jYLkHn6llZUldIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiNzU3ZTI1MTEyM2QwOGU2MWViZmIyYmI3ZWQzYjE3MGFm
YTBlOWIwYjg0MzBkMzk4NDBiNjViOGI1YTI4YTU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKFzGaviOys4NGT/T4Wk0dotaT5z0Yb5Xf9/irp+2dae8O
AbKXQl43ZaGgMsedKFmykroJcTZLx1vq/ZpPgGwaTeZHmFTlTbZcGvpzND1zLpNb
xfQD1gGqYvX/MYtImz4Z/oSGA+RRWPRkRegXpBRKruEgFQXDERTRM6H1b2Lz4cqL
AWqjtV41ORXjH8zr6r62y8e57b6cPiY2BaEwWjEHIOs5/mxeBZP+JT4EVVyKYpXg
rGbNO0BO8GMv80hvBNzFdPMstlVxviZGEi/FVTKEsYgn3tmKssF7RZpHh+ax9WDp
UM0VsL00wE3qBTRivnUKVVIO8CHgjQA8CsN1iciXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGHhp7bwK58XZWuKgH9wscOebeTMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NmMDNkYjQ1LTgzNGQtNDY3Ni04MmQ0LTMyZjE0YjViMTRmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZDygAwDQYJKoZIhvcNAQELBQADggEBANKilPoUAYC2aYAb/ktwgg+ksciU
3FOutCIqEPH5srBSEzLwwlkzxwqIhSaLXSVB2RC9pwcZFJ0c/3EabVZN2V73NTcC
u6RPP9WIEmK0YEV3IcT7lm5hDx+89/XLM3M78q5LwZC3GawVAko1dDCqElbAIzwZ
gvkW7x0JLTAJnSm+Pc5f/wLNV/vDhAqWBxAIOJqaKJJhMYuQxpEt9gPcmBD7BTsz
8hq67clR2yGc+D9Z8RBVAEdkspLXoovgIs78XsML13YTgfKom60zlREWmCg1S47S
xWBg1HiABRi2h+WLaElxsDzQlEQKHq4mkJtkF2nvUkrdDWkEFbKJg2P5CJA=
-----END CERTIFICATE-----