Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d42e456b-ed3b-46f1-98f2-74012b6a65e0.roa
File:                     d42e456b-ed3b-46f1-98f2-74012b6a65e0.roa (raw, json)
Hash identifier:          LeI4KcUrHh2ISerqdbY+l7BcnEpHyPS01nlGh2uFX3c=
Subject key identifier:   57:BE:05:85:66:EB:74:51:9D:D7:A7:68:F9:1A:00:9A:1C:86:25:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6609333A86F64210FDDA759F4F9AB22710390389
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d42e456b-ed3b-46f1-98f2-74012b6a65e0.roa
Signing time:             Sun 12 Jan 2025 00:00:00 +0000
ROA not before:           Sun 12 Jan 2025 00:00:00 +0000
ROA not after:            Sun 16 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.25.70.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:09:33:3a:86:f6:42:10:fd:da:75:9f:4f:9a:b2:27:10:39:03:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 12 00:00:00 2025 GMT
            Not After : Feb 16 23:59:59 2025 GMT
        Subject: serialNumber=9e4e56fc1d81934b0ee9a6f015ae824a8516d15e6c8e538c7265649315e6b120, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8f:e2:41:0b:73:c3:24:d8:3a:25:33:9a:2c:
                    be:06:0e:5e:ab:e6:b7:8a:c0:f4:d1:1c:07:c6:c7:
                    a0:78:0b:c5:0c:d6:06:e9:53:a7:fe:7c:e8:52:95:
                    18:20:04:e8:6c:64:99:8b:d1:19:68:52:83:d4:d7:
                    be:d4:9e:17:89:3e:ff:48:e3:94:98:67:dd:1e:cd:
                    a9:23:80:ae:4c:57:34:39:d9:97:0d:2f:e5:ab:d8:
                    48:b2:32:13:d6:bb:4d:77:bd:a5:b2:bb:a1:36:8c:
                    06:a7:f8:7c:ae:bd:7f:b2:2d:52:26:30:cb:c2:e6:
                    34:4f:67:80:03:2c:27:d9:89:b6:16:5b:ef:66:33:
                    b7:8a:29:cb:d4:04:6e:2d:95:0b:17:5f:66:a4:a4:
                    3b:80:29:de:da:43:ae:75:ac:53:5a:b9:2a:d2:33:
                    82:08:2f:02:7a:69:97:a8:28:e9:da:b8:c1:64:f0:
                    00:ed:88:51:c6:d2:2a:2b:a7:14:20:68:bc:e7:ea:
                    9a:37:85:fd:2b:29:6b:55:5e:52:65:ec:f3:ed:a1:
                    57:48:5c:17:58:5e:a6:d1:5d:7f:47:8a:77:64:41:
                    72:b7:4d:4c:91:b5:63:f7:47:28:7f:70:c3:60:aa:
                    c8:d9:e1:66:12:af:1b:1d:88:a7:22:ea:a4:d1:e5:
                    0d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:BE:05:85:66:EB:74:51:9D:D7:A7:68:F9:1A:00:9A:1C:86:25:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d42e456b-ed3b-46f1-98f2-74012b6a65e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d6:7b:67:6f:4c:e5:8f:d1:10:8c:24:3a:a1:a9:84:ed:83:87:
         a9:40:4e:2d:be:82:53:a9:0a:88:fb:77:6f:f9:3d:ff:76:4a:
         f3:65:26:5f:51:f9:e6:15:6b:86:e6:11:86:8a:c3:a7:2c:6c:
         b2:b4:3a:0a:cb:5c:da:82:bf:1d:99:b8:aa:89:25:33:ff:4d:
         8a:14:1e:c7:05:a5:7b:48:62:21:28:d3:ec:70:4b:4f:0c:36:
         bf:b9:81:c2:4d:39:f0:25:71:a1:4e:cf:a9:96:5a:56:04:1f:
         62:0c:10:08:07:a8:55:d0:c9:4c:f8:f8:ae:de:46:29:00:9c:
         06:ba:fc:5f:ac:9a:b0:da:13:11:7e:ed:ab:8e:dd:75:6f:85:
         81:16:52:8b:8e:a9:31:79:48:81:83:e7:a5:b1:07:0f:1e:55:
         5b:50:ff:ea:bb:1d:24:fb:51:60:dc:82:72:73:7b:b3:21:d7:
         92:c0:1f:38:2c:06:c5:95:74:1e:b4:4d:b9:af:78:ca:89:ad:
         ac:c3:2d:69:01:5a:b3:76:7c:b9:ac:86:2d:6d:4f:85:b3:23:
         35:59:19:4f:81:16:b5:c2:79:97:ae:a6:de:48:5a:9f:3c:2f:
         ea:65:ed:51:f5:c4:dc:f3:28:c6:31:89:b8:76:99:0b:77:27:
         a5:34:bf:9d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZgkzOob2QhD92nWfT5qyJxA5A4kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEyMDAwMDAwWhcNMjUwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZTRlNTZmYzFkODE5MzRiMGVlOWE2ZjAxNWFlODI0YTg1
MTZkMTVlNmM4ZTUzOGM3MjY1NjQ5MzE1ZTZiMTIwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLj+JBC3PDJNg6JTOaLL4GDl6r5reKwPTRHAfGx6B4C8UM
1gbpU6f+fOhSlRggBOhsZJmL0RloUoPU177UnheJPv9I45SYZ90ezakjgK5MVzQ5
2ZcNL+Wr2EiyMhPWu013vaWyu6E2jAan+HyuvX+yLVImMMvC5jRPZ4ADLCfZibYW
W+9mM7eKKcvUBG4tlQsXX2akpDuAKd7aQ651rFNauSrSM4IILwJ6aZeoKOnauMFk
8ADtiFHG0iorpxQgaLzn6po3hf0rKWtVXlJl7PPtoVdIXBdYXqbRXX9HindkQXK3
TUyRtWP3Ryh/cMNgqsjZ4WYSrxsdiKci6qTR5Q2zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV74FhWbrdFGd16do+RoAmhyGJR0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0MmU0NTZiLWVkM2ItNDZmMS05OGYyLTc0MDEyYjZhNjVlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUYwDQYJKoZIhvcNAQELBQADggEBANZ7Z29M5Y/REIwkOqGphO2Dh6lA
Ti2+glOpCoj7d2/5Pf92SvNlJl9R+eYVa4bmEYaKw6csbLK0OgrLXNqCvx2ZuKqJ
JTP/TYoUHscFpXtIYiEo0+xwS08MNr+5gcJNOfAlcaFOz6mWWlYEH2IMEAgHqFXQ
yUz4+K7eRikAnAa6/F+smrDaExF+7auO3XVvhYEWUouOqTF5SIGD56WxBw8eVVtQ
/+q7HST7UWDcgnJze7Mh15LAHzgsBsWVdB60TbmveMqJrazDLWkBWrN2fLmshi1t
T4WzIzVZGU+BFrXCeZeupt5IWp88L+pl7VH1xNzzKMYxibh2mQt3J6U0v50=
-----END CERTIFICATE-----