Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/deb11980-4794-4da9-9217-81f5bc27064f.roa
File:                     deb11980-4794-4da9-9217-81f5bc27064f.roa (raw, json)
Hash identifier:          Yp6vcxYzK+nAdjnVu2JeUGGPo/H+FPLe+pXOwpONXOg=
Subject key identifier:   49:B8:33:1A:17:6D:E3:DF:F2:DF:ED:02:17:A5:1B:25:71:33:AE:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6EB38E314455328FB75AB27CB1CE92A5EA0C9050
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/deb11980-4794-4da9-9217-81f5bc27064f.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        164.152.168.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:b3:8e:31:44:55:32:8f:b7:5a:b2:7c:b1:ce:92:a5:ea:0c:90:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=0caa5aa9ad7a29c3bdde71e5cae948bd4d8c5039a974503c4812f789e9a258d6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d4:86:db:bb:6d:61:c9:2a:5c:0f:aa:2d:70:
                    15:09:42:11:13:1f:ad:51:bc:38:6b:3e:16:57:a0:
                    2f:11:c4:27:44:44:56:9a:83:cf:d3:08:30:6e:92:
                    b3:2e:a1:4d:d8:90:33:80:82:54:f8:5a:63:85:95:
                    f1:4e:f4:f9:4d:3f:68:e2:6c:d7:de:c0:14:af:85:
                    c0:8f:4e:ff:46:5f:bd:4e:dc:00:a2:8c:75:da:0a:
                    9e:e2:75:05:fb:ee:e9:5f:b2:72:db:1c:01:af:3b:
                    11:3b:d5:19:d4:f1:54:37:ed:64:43:4b:bc:92:0b:
                    f1:c0:6d:89:0b:8a:97:79:e7:a1:55:e6:59:b5:14:
                    8f:1e:86:35:76:ef:76:02:2f:e7:df:fe:63:1d:83:
                    d6:19:ae:be:78:4f:d1:16:d8:04:14:e8:b5:42:ea:
                    55:e5:bb:5e:a6:8c:83:e1:28:8a:c7:15:0f:ad:61:
                    b4:87:07:f8:a2:1d:5d:6e:11:5c:0d:8a:7a:47:c3:
                    33:55:8c:58:e7:b0:4c:94:d3:96:fa:4d:84:ec:0b:
                    31:88:e4:49:68:00:b7:3b:cb:a1:8d:fd:4e:c0:ea:
                    7a:07:c7:c7:6f:ea:1f:52:00:d4:c2:65:14:ee:22:
                    bb:bd:66:e5:25:fa:81:f6:aa:38:40:3b:de:70:7f:
                    47:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:B8:33:1A:17:6D:E3:DF:F2:DF:ED:02:17:A5:1B:25:71:33:AE:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/deb11980-4794-4da9-9217-81f5bc27064f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.152.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         13:ee:71:79:a8:3c:bb:dc:f7:14:8c:4e:6d:49:65:e5:66:23:
         18:6c:dc:13:c2:19:27:f7:62:c4:cc:62:47:78:7f:fd:bc:8e:
         f0:7b:83:23:51:ab:df:cb:37:a4:2d:c0:ad:93:6c:c6:79:c0:
         4b:0e:b0:3b:b4:a3:71:d2:2a:de:ae:5b:0a:24:37:25:89:dc:
         16:1b:9f:15:ed:2b:6a:40:91:81:3c:92:b0:09:38:fe:37:0c:
         f2:ca:68:43:b5:df:7a:19:ec:71:a8:9b:5a:23:e0:11:44:98:
         9e:d8:f5:20:10:cf:e1:2b:01:63:d4:e4:bb:d7:e4:db:dc:dd:
         af:9b:51:ce:d1:2b:97:a0:51:14:66:ea:7a:b6:80:06:b8:47:
         40:16:14:a2:76:1b:69:fc:7e:ed:39:ab:07:5a:bc:04:d3:b7:
         2e:f2:2b:56:73:38:d6:86:96:40:21:be:ca:17:a1:2f:27:49:
         5a:fc:23:69:67:36:d7:35:15:ba:20:f1:d8:41:59:4d:8c:45:
         67:8c:e3:c5:ec:3f:47:01:41:f6:69:45:e9:2f:93:c3:15:f9:
         d2:a9:16:2d:d3:fe:e7:6e:4e:29:e9:4f:5e:3f:43:17:d5:40:
         b2:1e:30:9d:ac:8c:44:f8:f7:ce:a1:01:e4:ef:10:1c:54:5c:
         09:cd:6b:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbrOOMURVMo+3WrJ8sc6SpeoMkFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwY2FhNWFhOWFkN2EyOWMzYmRkZTcxZTVjYWU5NDhiZDRk
OGM1MDM5YTk3NDUwM2M0ODEyZjc4OWU5YTI1OGQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy1Ibbu21hySpcD6otcBUJQhETH61RvDhrPhZXoC8RxCdE
RFaag8/TCDBukrMuoU3YkDOAglT4WmOFlfFO9PlNP2jibNfewBSvhcCPTv9GX71O
3ACijHXaCp7idQX77ulfsnLbHAGvOxE71RnU8VQ37WRDS7ySC/HAbYkLipd556FV
5lm1FI8ehjV273YCL+ff/mMdg9YZrr54T9EW2AQU6LVC6lXlu16mjIPhKIrHFQ+t
YbSHB/iiHV1uEVwNinpHwzNVjFjnsEyU05b6TYTsCzGI5EloALc7y6GN/U7A6noH
x8dv6h9SANTCZRTuIru9ZuUl+oH2qjhAO95wf0cJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUSbgzGhdt49/y3+0CF6UbJXEzrmAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlYjExOTgwLTQ3OTQtNGRhOS05MjE3LTgxZjViYzI3MDY0Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOkmKgwDQYJKoZIhvcNAQELBQADggEBABPucXmoPLvc9xSMTm1JZeVmIxhs
3BPCGSf3YsTMYkd4f/28jvB7gyNRq9/LN6QtwK2TbMZ5wEsOsDu0o3HSKt6uWwok
NyWJ3BYbnxXtK2pAkYE8krAJOP43DPLKaEO133oZ7HGom1oj4BFEmJ7Y9SAQz+Er
AWPU5LvX5Nvc3a+bUc7RK5egURRm6nq2gAa4R0AWFKJ2G2n8fu05qwdavATTty7y
K1ZzONaGlkAhvsoXoS8nSVr8I2lnNtc1Fbog8dhBWU2MRWeM48XsP0cBQfZpRekv
k8MV+dKpFi3T/uduTinpT14/QxfVQLIeMJ2sjET4986hAeTvEBxUXAnNa5Y=
-----END CERTIFICATE-----