Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd994899-e94f-4f77-902d-57047ef303ce.roa
File:                     fd994899-e94f-4f77-902d-57047ef303ce.roa (raw, json)
Hash identifier:          NZ2SPYY7BNW+7itDasgXgyXYYdRqlyQdppPYRvGK47I=
Subject key identifier:   7A:83:F9:DB:25:B1:41:7E:8A:E0:9A:E2:63:8F:12:7E:CC:05:61:19
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       16DA7326A4A1596B9CC7C019432D973E6A444911
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd994899-e94f-4f77-902d-57047ef303ce.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        204.236.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:da:73:26:a4:a1:59:6b:9c:c7:c0:19:43:2d:97:3e:6a:44:49:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:18:74:b0:24:85:ca:42:ae:3d:31:e9:69:47:
                    56:2e:d8:12:84:1f:31:65:85:24:95:90:a7:e0:0d:
                    7f:df:b6:b6:fb:fc:57:be:7c:c8:24:94:49:f8:dc:
                    73:04:23:27:25:f8:62:de:dc:88:77:fe:95:ba:a7:
                    64:90:29:ed:2e:f0:7f:9b:ee:3e:e3:1f:87:c9:44:
                    71:25:f8:ef:6b:de:ad:1a:1c:96:9d:69:86:27:1a:
                    62:52:9f:ae:ec:88:a6:de:bf:31:17:97:cb:a8:f8:
                    c9:f4:3c:08:3b:60:b6:6c:24:f6:02:0f:8d:ac:bd:
                    e9:a9:a7:90:27:14:36:a4:e9:ab:af:03:dc:d5:f2:
                    6e:a8:20:92:24:59:dd:82:5d:75:a8:0c:2a:d2:f0:
                    41:df:c1:c0:fb:b4:7b:4e:6e:7e:82:c2:67:c6:1c:
                    ba:a1:77:c5:b3:ce:5c:be:4c:3e:f5:9f:dd:7e:15:
                    2f:b3:46:a9:b8:c9:51:6c:07:da:de:2d:09:08:ad:
                    f7:fc:fc:ca:09:19:7d:29:31:97:e1:10:13:44:a0:
                    f9:c8:de:91:71:3b:13:f1:65:d8:be:c6:53:96:56:
                    c1:1d:fc:fc:6c:7d:e4:36:91:33:64:af:08:58:52:
                    f7:0a:10:d0:c1:f3:1a:17:6f:95:3a:f2:ae:5f:f3:
                    bf:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:83:F9:DB:25:B1:41:7E:8A:E0:9A:E2:63:8F:12:7E:CC:05:61:19
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fd994899-e94f-4f77-902d-57047ef303ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         21:11:c1:f7:03:f6:67:87:ef:62:43:53:e9:ed:f5:c3:64:13:
         e9:1d:01:56:53:bd:df:9a:00:83:46:34:5a:c5:bc:d4:ca:82:
         a4:23:dd:e3:22:26:ff:30:67:e0:4f:9a:5f:b7:e6:30:5f:4e:
         1b:b3:75:12:4e:fd:ee:93:6d:41:ee:45:71:3e:f7:3c:28:fe:
         8d:cc:b0:84:54:70:62:5d:3f:bd:3e:80:d4:ec:d4:5c:f6:83:
         29:35:4d:b5:06:a6:88:b8:2e:26:a0:6a:09:51:b1:a4:b8:bf:
         d4:c4:ef:86:70:18:7f:af:ab:86:92:c5:96:5a:3d:f2:37:c7:
         d5:18:fb:7e:fb:29:b6:c5:56:72:c2:fa:aa:59:a1:02:e7:d7:
         30:b9:ef:09:1b:cd:3f:bf:db:8d:9d:c6:b5:10:93:b9:43:5b:
         b3:a8:a7:c1:e5:9c:e1:2c:9b:d4:2d:c4:4a:49:15:34:27:bd:
         60:63:b1:14:4e:e3:c2:d5:2c:48:d1:50:86:86:42:da:f6:58:
         10:bb:b1:7a:4c:e8:ba:92:a1:ad:04:60:c0:f0:a7:39:01:85:
         d7:d3:6d:67:96:4d:8f:b3:ad:12:42:b2:d5:09:a1:6b:80:6c:
         26:f8:c4:3e:9a:a1:ef:c3:16:1a:dd:2d:d3:ac:8a:f1:30:54:
         ac:bf:b3:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFtpzJqShWWucx8AZQy2XPmpESREwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzcxMDYwYjkyMjA0MDU5YjJhZTBkNmE0NzMxYWQwZGFm
ZjE2ZjFiZGQwNzUyYmEzMzI2ZmRmNzBiZjA5ZGIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnGHSwJIXKQq49MelpR1Yu2BKEHzFlhSSVkKfgDX/ftrb7
/Fe+fMgklEn43HMEIycl+GLe3Ih3/pW6p2SQKe0u8H+b7j7jH4fJRHEl+O9r3q0a
HJadaYYnGmJSn67siKbevzEXl8uo+Mn0PAg7YLZsJPYCD42svempp5AnFDak6auv
A9zV8m6oIJIkWd2CXXWoDCrS8EHfwcD7tHtObn6CwmfGHLqhd8Wzzly+TD71n91+
FS+zRqm4yVFsB9reLQkIrff8/MoJGX0pMZfhEBNEoPnI3pFxOxPxZdi+xlOWVsEd
/PxsfeQ2kTNkrwhYUvcKENDB8xoXb5U68q5f87/bAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeoP52yWxQX6K4JriY48SfswFYRkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZkOTk0ODk5LWU5NGYtNGY3Ny05MDJkLTU3MDQ3ZWYzMDNjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfM7IAwDQYJKoZIhvcNAQELBQADggEBACERwfcD9meH72JDU+nt9cNkE+kd
AVZTvd+aAINGNFrFvNTKgqQj3eMiJv8wZ+BPml+35jBfThuzdRJO/e6TbUHuRXE+
9zwo/o3MsIRUcGJdP70+gNTs1Fz2gyk1TbUGpoi4LiagaglRsaS4v9TE74ZwGH+v
q4aSxZZaPfI3x9UY+377KbbFVnLC+qpZoQLn1zC57wkbzT+/242dxrUQk7lDW7Oo
p8HlnOEsm9QtxEpJFTQnvWBjsRRO48LVLEjRUIaGQtr2WBC7sXpM6LqSoa0EYMDw
pzkBhdfTbWeWTY+zrRJCstUJoWuAbCb4xD6aoe/DFhrdLdOsivEwVKy/s98=
-----END CERTIFICATE-----