Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/67eddc17-30ea-48fe-880d-7b5a8b03a030.roa
File:                     67eddc17-30ea-48fe-880d-7b5a8b03a030.roa (raw, json)
Hash identifier:          gU27uv0kzGEBsytcZ4TEZSk0v/kGzOnAFzDgSnPZYeE=
Subject key identifier:   35:9F:E8:5E:A7:62:02:E2:99:A6:72:A3:2F:6B:38:D8:3B:C1:BF:7E
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       07B1F2DDC47C4769F0366742815723080F559927
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/67eddc17-30ea-48fe-880d-7b5a8b03a030.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.246.173.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:b1:f2:dd:c4:7c:47:69:f0:36:67:42:81:57:23:08:0f:55:99:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=97565c98039754e403f015cf939a7d918b3d01caa89e37ab9053193be7582526, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:79:f7:24:a7:ca:34:1a:ae:0a:28:b8:00:54:
                    cc:2c:12:54:ea:22:63:72:1c:62:b7:75:de:e4:14:
                    3e:aa:71:00:93:80:4b:93:0a:55:f7:e4:af:54:35:
                    8e:dc:e4:5d:5f:b5:c3:e7:cd:19:6f:f7:1c:a8:ac:
                    70:a6:67:f9:f0:40:91:4a:2a:b0:e5:d7:1e:21:3a:
                    6b:f5:9a:3b:2d:ed:c6:c5:10:c2:7b:61:2f:86:ac:
                    90:5d:4d:28:87:9f:ea:ec:52:9a:f4:7e:a7:64:db:
                    f2:8c:0d:c4:c0:dc:a4:36:44:7a:7e:86:d5:4d:e6:
                    71:da:f5:ef:8b:77:fe:b4:8d:5a:2e:32:45:43:35:
                    64:72:1d:25:38:a2:5f:b0:c8:e0:76:7c:2c:66:e2:
                    ba:ab:e6:f1:8b:81:87:27:c4:72:6f:c1:e2:4b:69:
                    ff:4b:56:3b:c5:dc:13:1b:4d:cd:f1:08:e7:f2:4e:
                    ff:cb:a1:49:80:7d:0c:21:a3:61:46:ff:9f:a8:6d:
                    e1:f0:d2:99:c2:e1:77:11:bd:73:40:c5:ff:3e:15:
                    e8:3f:2c:11:85:79:06:d4:ab:7c:44:77:47:a2:fb:
                    15:28:e8:54:f4:85:96:9b:1d:ed:87:ac:66:49:67:
                    42:89:97:5c:77:ad:8d:ba:65:29:ca:e2:09:26:55:
                    49:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9F:E8:5E:A7:62:02:E2:99:A6:72:A3:2F:6B:38:D8:3B:C1:BF:7E
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/67eddc17-30ea-48fe-880d-7b5a8b03a030.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.246.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:18:97:4e:17:fe:ba:ca:75:f8:59:86:fc:ba:59:55:2b:67:
         28:18:ff:0c:34:6f:ac:51:ad:75:e2:54:b1:1c:7f:1f:db:b0:
         05:35:f7:62:fa:36:6b:1e:50:de:b7:a5:ce:35:0c:34:c6:1c:
         b7:eb:c0:10:d9:8d:f0:14:42:07:12:4b:16:cf:99:aa:9a:31:
         0a:8a:57:3a:ff:47:93:e0:e7:9d:d4:17:4f:1b:f3:fa:c7:1a:
         14:19:4a:01:0a:ea:ec:b7:fb:a5:47:18:5c:0e:7a:ae:98:e6:
         70:cd:0c:9b:dc:59:ca:70:a8:6b:9f:94:d7:f9:4b:d9:bb:de:
         7e:b6:05:10:b8:2d:a4:ea:b2:9c:3e:b3:ca:bc:c2:ef:ef:37:
         24:3f:61:32:6b:14:29:f4:a2:85:c6:8e:d2:90:45:d5:b0:58:
         e4:75:f6:c8:f7:f2:48:35:f4:8b:9d:ba:f4:9d:83:b0:76:50:
         2f:ed:bd:df:81:82:50:c5:dd:3e:4c:06:a5:bb:ab:56:2f:7e:
         08:dc:36:e5:e0:0d:fa:a2:1c:75:6a:5b:52:aa:23:ba:cd:8d:
         58:a5:7b:77:ec:60:b7:28:11:d7:ac:90:13:ef:e8:5f:0a:aa:
         c0:2b:f1:24:2b:e6:62:f5:2e:7d:19:73:22:f0:da:9b:b5:5b:
         23:35:2d:1d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUB7Hy3cR8R2nwNmdCgVcjCA9VmScwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzU2NWM5ODAzOTc1NGU0MDNmMDE1Y2Y5MzlhN2Q5MThi
M2QwMWNhYTg5ZTM3YWI5MDUzMTkzYmU3NTgyNTI2MS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKefckp8o0Gq4KKLgAVMwsElTqImNyHGK3dd7kFD6qcQCT
gEuTClX35K9UNY7c5F1ftcPnzRlv9xyorHCmZ/nwQJFKKrDl1x4hOmv1mjst7cbF
EMJ7YS+GrJBdTSiHn+rsUpr0fqdk2/KMDcTA3KQ2RHp+htVN5nHa9e+Ld/60jVou
MkVDNWRyHSU4ol+wyOB2fCxm4rqr5vGLgYcnxHJvweJLaf9LVjvF3BMbTc3xCOfy
Tv/LoUmAfQwho2FG/5+obeHw0pnC4XcRvXNAxf8+Feg/LBGFeQbUq3xEd0ei+xUo
6FT0hZabHe2HrGZJZ0KJl1x3rY26ZSnK4gkmVUnPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNZ/oXqdiAuKZpnKjL2s42DvBv34wHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzY3ZWRkYzE3LTMwZWEtNDhmZS04ODBkLTdiNWE4YjAzYTAzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADM9q0wDQYJKoZIhvcNAQELBQADggEBAAQYl04X/rrKdfhZhvy6WVUrZygY
/ww0b6xRrXXiVLEcfx/bsAU192L6NmseUN63pc41DDTGHLfrwBDZjfAUQgcSSxbP
maqaMQqKVzr/R5Pg553UF08b8/rHGhQZSgEK6uy3+6VHGFwOeq6Y5nDNDJvcWcpw
qGuflNf5S9m73n62BRC4LaTqspw+s8q8wu/vNyQ/YTJrFCn0ooXGjtKQRdWwWOR1
9sj38kg19IuduvSdg7B2UC/tvd+BglDF3T5MBqW7q1YvfgjcNuXgDfqiHHVqW1Kq
I7rNjVile3fsYLcoEdeskBPv6F8KqsAr8SQr5mL1Ln0ZcyLw2pu1WyM1LR0=
-----END CERTIFICATE-----