Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec11fe3a-34f2-4a78-9605-dc6cc6467bf5.roa
File:                     ec11fe3a-34f2-4a78-9605-dc6cc6467bf5.roa (raw, json)
Hash identifier:          m9Oqmj53ZVEwzzvmxRLw/AZHPmve2hacHfjDAYNJBSQ=
Subject key identifier:   B7:F3:18:E4:76:3F:D8:3B:D4:0C:14:0A:12:FE:1F:89:2B:97:53:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       31440286A5A0E0FE497EE287D3E7094BA19FA64D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec11fe3a-34f2-4a78-9605-dc6cc6467bf5.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.68.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:44:02:86:a5:a0:e0:fe:49:7e:e2:87:d3:e7:09:4b:a1:9f:a6:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=401ffe8378f3d97e73b9c99fe2f0f8fa871da040b1ef7ea34297572251ba146f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e7:43:c3:d9:e8:b3:bc:d6:12:f8:62:35:c0:
                    b8:44:ff:cd:23:b5:f3:0d:25:69:f8:31:92:4e:8e:
                    2e:db:87:6b:42:53:2d:c7:bb:7b:42:1b:9e:98:7c:
                    a2:dd:b9:91:7e:a8:3e:6b:4a:d9:7b:43:db:b3:bd:
                    b9:33:cc:c7:a6:57:72:d9:7f:a3:36:eb:fa:25:f1:
                    84:72:2d:24:78:77:a4:af:ac:cd:24:95:ce:6a:3e:
                    25:04:ff:11:c5:e8:dc:e3:0d:a0:12:5e:ed:01:d7:
                    7e:a3:5e:54:56:c3:16:3a:c3:9e:f2:3e:8a:3a:50:
                    9b:14:33:48:76:1b:f7:e5:6a:ff:c9:15:a5:da:2a:
                    7f:a1:85:18:54:65:32:5b:96:dc:03:0d:14:bb:c8:
                    07:6f:3b:e8:fc:a9:03:8f:20:59:5a:05:88:a6:3e:
                    e5:9e:6c:51:47:f6:aa:5c:5c:a1:ca:a5:35:03:ee:
                    96:1a:52:6e:77:d0:ab:66:9e:ea:57:b1:08:a5:a5:
                    4d:f1:10:4b:8c:93:8f:ae:c1:83:85:2a:d0:a6:2a:
                    54:ce:1e:95:9d:c9:4b:72:c4:7d:24:64:4e:e6:19:
                    40:4b:71:05:e7:f2:94:54:da:48:1d:be:be:35:2b:
                    09:09:70:cc:8d:a3:69:a2:d5:90:b0:60:e6:ca:65:
                    d0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:F3:18:E4:76:3F:D8:3B:D4:0C:14:0A:12:FE:1F:89:2B:97:53:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec11fe3a-34f2-4a78-9605-dc6cc6467bf5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:f2:2b:f6:d9:cd:c1:2d:b7:b9:7a:c1:1f:e5:2a:60:23:76:
         bb:8f:45:6a:7b:44:33:e8:65:b7:de:80:09:ba:72:3a:25:af:
         9b:4f:2a:4e:bf:11:44:17:79:6d:fa:70:4d:63:56:cf:ae:d6:
         97:2f:da:6b:aa:8b:3e:01:c3:0f:e1:c5:a1:0a:b6:37:76:74:
         b6:13:ce:04:48:4b:8c:4f:4c:a2:c0:84:3a:a6:95:3e:2e:8a:
         5c:3c:a5:d3:88:0a:26:93:d9:44:f5:c8:d6:6b:39:b4:8d:08:
         80:f7:9f:c8:f6:ec:18:a9:c0:cb:64:45:67:49:7b:f3:df:99:
         46:cd:d2:2f:3e:e3:ad:f0:16:d7:8c:92:3c:ea:cf:bc:b0:06:
         2b:4b:4d:40:a1:ad:81:d1:34:8d:8e:00:c6:d4:a8:f8:24:31:
         a5:f6:fa:dc:d9:d8:1d:1e:ce:97:a5:65:5a:e8:2a:bb:4f:18:
         2e:b0:e4:ae:f3:6f:e6:27:f5:ec:63:d4:15:32:62:12:66:39:
         2f:13:7e:8e:e0:d1:88:bb:1f:ba:d7:be:56:60:95:42:b7:be:
         31:c8:89:f6:bc:b6:04:91:d0:1f:2f:29:68:03:4c:c6:e1:a9:
         82:52:dc:81:e8:4b:e7:7d:db:d0:2c:f1:28:3d:63:48:1a:f4:
         b0:fd:79:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMUQChqWg4P5JfuKH0+cJS6Gfpk0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MDFmZmU4Mzc4ZjNkOTdlNzNiOWM5OWZlMmYwZjhmYTg3
MWRhMDQwYjFlZjdlYTM0Mjk3NTcyMjUxYmExNDZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp50PD2eizvNYS+GI1wLhE/80jtfMNJWn4MZJOji7bh2tC
Uy3Hu3tCG56YfKLduZF+qD5rStl7Q9uzvbkzzMemV3LZf6M26/ol8YRyLSR4d6Sv
rM0klc5qPiUE/xHF6NzjDaASXu0B136jXlRWwxY6w57yPoo6UJsUM0h2G/flav/J
FaXaKn+hhRhUZTJbltwDDRS7yAdvO+j8qQOPIFlaBYimPuWebFFH9qpcXKHKpTUD
7pYaUm530KtmnupXsQilpU3xEEuMk4+uwYOFKtCmKlTOHpWdyUtyxH0kZE7mGUBL
cQXn8pRU2kgdvr41KwkJcMyNo2mi1ZCwYObKZdBtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt/MY5HY/2DvUDBQKEv4fiSuXUx4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjMTFmZTNhLTM0ZjItNGE3OC05NjA1LWRjNmNjNjQ2N2JmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUQwDQYJKoZIhvcNAQELBQADggEBABryK/bZzcEtt7l6wR/lKmAjdruP
RWp7RDPoZbfegAm6cjolr5tPKk6/EUQXeW36cE1jVs+u1pcv2muqiz4Bww/hxaEK
tjd2dLYTzgRIS4xPTKLAhDqmlT4uilw8pdOICiaT2UT1yNZrObSNCID3n8j27Bip
wMtkRWdJe/PfmUbN0i8+463wFteMkjzqz7ywBitLTUChrYHRNI2OAMbUqPgkMaX2
+tzZ2B0ezpelZVroKrtPGC6w5K7zb+Yn9exj1BUyYhJmOS8Tfo7g0Yi7H7rXvlZg
lUK3vjHIifa8tgSR0B8vKWgDTMbhqYJS3IHoS+d929As8Sg9Y0ga9LD9efo=
-----END CERTIFICATE-----