Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3665bc5-5197-44fd-aae1-76c2573b225e.roa
File:                     e3665bc5-5197-44fd-aae1-76c2573b225e.roa (raw, json)
Hash identifier:          vePuxkKQy3WNr6rHezsUSk3rEfcy1jmunqcRzux2MNI=
Subject key identifier:   6C:DC:69:CB:53:12:EE:BC:16:3D:22:28:2A:A4:D1:1B:5C:90:A0:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4B42AFF264485FBA418E87142632E078BC118889
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3665bc5-5197-44fd-aae1-76c2573b225e.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        138.70.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:42:af:f2:64:48:5f:ba:41:8e:87:14:26:32:e0:78:bc:11:88:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=1104f5279e66c1403b37056442d59dadb1e4fb39d1462650868554186f2ae711, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:e2:6c:b0:a1:00:d5:eb:b1:52:87:e2:50:
                    4a:53:cb:99:52:a0:fa:9a:0b:f7:37:b7:0a:61:07:
                    74:1e:df:59:6a:46:ac:54:bf:2a:ba:25:2a:34:b9:
                    ae:6d:91:86:00:f1:16:1a:c4:98:a9:ab:3c:5c:24:
                    b9:20:76:4d:c0:c3:d4:1e:39:b0:9b:0d:0b:d0:c5:
                    24:1a:3b:f6:91:78:39:ba:0c:61:af:a2:11:7b:6f:
                    a0:01:38:58:ac:18:79:06:0d:55:f9:fd:d1:d4:90:
                    97:30:4e:e7:fd:dc:53:47:31:2f:6a:52:1d:62:9d:
                    b0:aa:cf:cd:9a:2e:35:00:9a:3b:b8:e8:23:c0:16:
                    5d:37:c9:58:83:61:cd:f3:d4:48:3f:68:59:5c:2d:
                    95:3b:51:2c:59:dd:26:f5:df:c1:5f:10:20:35:c2:
                    2c:c5:21:43:3a:fd:5d:a2:09:d2:19:95:7f:ac:31:
                    d4:22:8f:9c:7e:bd:75:94:c4:c8:7a:ab:42:c1:14:
                    ec:3e:5f:16:21:ea:c7:1a:8e:3c:cb:0b:ca:1a:af:
                    b9:69:85:43:82:30:9c:26:45:41:4e:b9:57:f3:0f:
                    49:74:69:c4:0c:25:96:e5:48:43:38:54:09:2a:89:
                    12:ee:90:c0:5f:f2:0f:af:fb:51:c9:22:d3:7e:32:
                    d7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DC:69:CB:53:12:EE:BC:16:3D:22:28:2A:A4:D1:1B:5C:90:A0:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e3665bc5-5197-44fd-aae1-76c2573b225e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.70.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:16:5a:a3:d4:62:ab:32:5c:af:42:f3:b9:70:79:58:95:43:
         91:50:b9:52:2d:58:70:36:09:2e:1c:44:bb:55:16:42:36:be:
         2c:ca:8f:23:da:b4:47:80:b5:77:13:86:23:10:5e:7d:3c:c1:
         d6:8b:4a:3a:52:42:ea:34:b8:e8:31:80:d6:06:06:a8:6e:5a:
         f2:a5:18:50:89:f0:b1:f6:d6:7b:da:08:90:7e:8f:89:67:5e:
         b2:60:d0:b0:81:5c:24:a7:c7:64:75:6b:cf:41:1a:5d:a7:08:
         cb:44:20:21:ed:1c:d4:0c:54:ab:e6:98:a8:b4:3b:59:a5:8e:
         01:bc:32:5e:58:4f:fe:dc:12:a5:7c:9e:74:8d:d7:1a:f1:ca:
         6c:f2:63:4e:c6:f2:86:57:63:e7:f4:80:77:0a:79:3d:90:f4:
         c6:72:33:80:4a:3f:35:2c:21:c3:42:a4:31:d3:97:4b:c4:b1:
         81:e3:d4:19:9a:32:ac:0c:6d:fd:6f:8b:30:1e:ee:4b:97:11:
         21:08:1e:3c:62:97:44:10:b5:36:64:90:11:a8:b4:22:e5:22:
         85:6c:c8:76:12:f6:21:c2:2e:b7:9b:a1:c1:52:55:1e:3f:ac:
         e3:f9:33:ca:fc:ba:a6:c4:8d:ad:27:78:85:dc:6c:6a:50:2f:
         d8:63:a7:93
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUS0Kv8mRIX7pBjocUJjLgeLwRiIkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTA0ZjUyNzllNjZjMTQwM2IzNzA1NjQ0MmQ1OWRhZGIx
ZTRmYjM5ZDE0NjI2NTA4Njg1NTQxODZmMmFlNzExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2buJssKEA1euxUofiUEpTy5lSoPqaC/c3twphB3Qe31lq
RqxUvyq6JSo0ua5tkYYA8RYaxJipqzxcJLkgdk3Aw9QeObCbDQvQxSQaO/aReDm6
DGGvohF7b6ABOFisGHkGDVX5/dHUkJcwTuf93FNHMS9qUh1inbCqz82aLjUAmju4
6CPAFl03yViDYc3z1Eg/aFlcLZU7USxZ3Sb138FfECA1wizFIUM6/V2iCdIZlX+s
MdQij5x+vXWUxMh6q0LBFOw+XxYh6scajjzLC8oar7lphUOCMJwmRUFOuVfzD0l0
acQMJZblSEM4VAkqiRLukMBf8g+v+1HJItN+MteZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUbNxpy1MS7rwWPSIoKqTRG1yQoMwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2UzNjY1YmM1LTUxOTctNDRmZC1hYWUxLTc2YzI1NzNiMjI1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCKRjANBgkqhkiG9w0BAQsFAAOCAQEAURZao9RiqzJcr0LzuXB5WJVDkVC5
Ui1YcDYJLhxEu1UWQja+LMqPI9q0R4C1dxOGIxBefTzB1otKOlJC6jS46DGA1gYG
qG5a8qUYUInwsfbWe9oIkH6PiWdesmDQsIFcJKfHZHVrz0EaXacIy0QgIe0c1AxU
q+aYqLQ7WaWOAbwyXlhP/twSpXyedI3XGvHKbPJjTsbyhldj5/SAdwp5PZD0xnIz
gEo/NSwhw0KkMdOXS8SxgePUGZoyrAxt/W+LMB7uS5cRIQgePGKXRBC1NmSQEai0
IuUihWzIdhL2IcIut5uhwVJVHj+s4/kzyvy6psSNrSd4hdxsalAv2GOnkw==
-----END CERTIFICATE-----