Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/7b60dddc-79ff-4630-ae39-5d29920471be.roa
File:                     7b60dddc-79ff-4630-ae39-5d29920471be.roa (raw, json)
Hash identifier:          xV64TH+f5g4XSldzDfAZWVEYG9znYPQVwHPloj9Ln98=
Subject key identifier:   3E:80:84:CC:A8:C1:DC:16:54:9D:BE:37:6F:0D:C4:AA:E5:8F:44:D7
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       24CBEDC6D089B756754CAAE29AB83BB12DBA94CA
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/7b60dddc-79ff-4630-ae39-5d29920471be.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.246.176.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:cb:ed:c6:d0:89:b7:56:75:4c:aa:e2:9a:b8:3b:b1:2d:ba:94:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=7b9ed2f82f83a9c9ad28b54491356d3dc306cc8a68861d257a714f34591c6c9b, CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b8:dc:51:9e:b8:65:ae:e1:af:55:f4:a3:15:
                    38:f8:be:2f:62:e6:8b:04:78:07:2c:38:bc:4d:f2:
                    4d:95:d5:fc:ea:1a:b6:57:e8:e1:56:c1:3f:63:b8:
                    83:02:41:95:d8:18:a3:b6:c6:be:83:8e:94:51:91:
                    b8:e0:0e:79:15:d6:07:d5:6b:39:da:3e:6a:0c:8d:
                    46:d4:21:7b:d0:e5:4e:63:8c:4a:0e:84:58:ef:9f:
                    4e:02:65:01:fc:44:75:c6:04:f3:8b:8e:ae:6c:5f:
                    87:68:51:b9:13:f5:73:54:1e:aa:ff:f3:1b:1e:23:
                    07:d6:dc:14:fc:bd:d3:62:9f:eb:f7:23:1a:b5:fd:
                    0d:c2:a6:a7:90:47:70:dd:32:84:e2:36:d1:d5:44:
                    4e:07:89:2a:02:a6:92:23:a5:34:0d:ab:b9:5b:26:
                    2d:0e:44:89:5b:04:f6:03:0f:87:ee:75:65:3d:50:
                    86:84:2b:24:5c:40:81:16:34:e1:9e:d3:6a:57:5e:
                    71:01:49:77:9a:49:98:ad:65:a5:ba:17:2a:d1:2d:
                    be:e9:99:75:9c:4a:cf:e3:1c:28:50:21:5d:38:42:
                    0c:69:da:8c:26:06:90:18:65:aa:47:3a:a8:31:8e:
                    0a:95:a4:6a:b1:ad:cd:cf:a7:e7:62:30:d2:ef:12:
                    c7:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:80:84:CC:A8:C1:DC:16:54:9D:BE:37:6F:0D:C4:AA:E5:8F:44:D7
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/7b60dddc-79ff-4630-ae39-5d29920471be.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.246.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:3c:58:dd:fc:89:8f:19:98:eb:2f:34:9e:1d:f7:b8:31:2d:
         42:10:eb:57:0a:7e:9b:67:a2:2a:bc:9d:6e:0e:b4:81:63:af:
         11:53:98:6b:8f:4d:5a:8e:1a:c4:2e:17:9c:b9:59:8d:93:87:
         93:82:33:d4:a7:bc:ba:17:4e:be:43:ec:47:ed:77:50:41:97:
         17:d1:a5:94:94:60:79:76:bf:24:0f:af:0c:35:68:b0:89:e9:
         28:88:e9:8a:56:48:ad:52:12:e3:73:7b:b0:67:ae:0b:10:8b:
         85:c6:72:ff:19:78:ab:10:8c:8f:81:1f:f5:2d:93:da:e0:16:
         ec:b0:db:1b:43:93:44:9a:c3:38:9b:f6:db:2a:92:b9:43:d3:
         95:79:54:7a:1a:27:74:ec:fc:97:a3:9c:5e:8f:82:13:be:c5:
         7f:5d:d3:a4:d5:9d:f4:49:c2:d8:df:52:97:18:25:19:3b:e2:
         60:b0:74:0b:dd:00:e3:7b:eb:f2:4f:f6:99:0b:5d:14:c8:7d:
         63:75:63:1a:9a:9c:83:71:44:10:0f:6b:dd:3e:39:48:66:8b:
         48:08:c1:ea:25:bc:66:cb:10:2d:2d:25:e3:7c:83:63:e2:8f:
         33:ee:44:4f:e5:56:eb:4f:57:a4:1f:ee:83:7b:f0:78:01:6f:
         c6:eb:1c:c8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUJMvtxtCJt1Z1TKrimrg7sS26lMowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjllZDJmODJmODNhOWM5YWQyOGI1NDQ5MTM1NmQzZGMz
MDZjYzhhNjg4NjFkMjU3YTcxNGYzNDU5MWM2YzliMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOuNxRnrhlruGvVfSjFTj4vi9i5osEeAcsOLxN8k2V1fzq
GrZX6OFWwT9juIMCQZXYGKO2xr6DjpRRkbjgDnkV1gfVaznaPmoMjUbUIXvQ5U5j
jEoOhFjvn04CZQH8RHXGBPOLjq5sX4doUbkT9XNUHqr/8xseIwfW3BT8vdNin+v3
Ixq1/Q3CpqeQR3DdMoTiNtHVRE4HiSoCppIjpTQNq7lbJi0ORIlbBPYDD4fudWU9
UIaEKyRcQIEWNOGe02pXXnEBSXeaSZitZaW6FyrRLb7pmXWcSs/jHChQIV04Qgxp
2owmBpAYZapHOqgxjgqVpGqxrc3Pp+diMNLvEscFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPoCEzKjB3BZUnb43bw3EquWPRNcwHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1LzdiNjBkZGRjLTc5ZmYtNDYzMC1hZTM5LTVkMjk5MjA0NzFiZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATM9rAwDQYJKoZIhvcNAQELBQADggEBAIc8WN38iY8ZmOsvNJ4d97gxLUIQ
61cKfptnoiq8nW4OtIFjrxFTmGuPTVqOGsQuF5y5WY2Th5OCM9SnvLoXTr5D7Eft
d1BBlxfRpZSUYHl2vyQPrww1aLCJ6SiI6YpWSK1SEuNze7BnrgsQi4XGcv8ZeKsQ
jI+BH/Utk9rgFuyw2xtDk0Sawzib9tsqkrlD05V5VHoaJ3Ts/JejnF6PghO+xX9d
06TVnfRJwtjfUpcYJRk74mCwdAvdAON76/JP9pkLXRTIfWN1YxqanINxRBAPa90+
OUhmi0gIweolvGbLEC0tJeN8g2PijzPuRE/lVutPV6Qf7oN78HgBb8brHMg=
-----END CERTIFICATE-----