Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31df66e8-7ddc-4b58-b43c-358c66531a8d.roa
File:                     31df66e8-7ddc-4b58-b43c-358c66531a8d.roa (raw, json)
Hash identifier:          wT+s0p7l2iAwW2BBahrOpwlbm77KgE5ijOz0pzjIzds=
Subject key identifier:   19:7C:E0:63:8D:77:AA:89:F3:CD:CE:BA:DB:21:CC:D3:AF:0A:43:1B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F852380209C4D7D8F23A6DF62896376A8EE8833
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31df66e8-7ddc-4b58-b43c-358c66531a8d.roa
Signing time:             Sun 12 Jan 2025 00:00:00 +0000
ROA not before:           Sun 12 Jan 2025 00:00:00 +0000
ROA not after:            Sun 16 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.69.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:85:23:80:20:9c:4d:7d:8f:23:a6:df:62:89:63:76:a8:ee:88:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 12 00:00:00 2025 GMT
            Not After : Feb 16 23:59:59 2025 GMT
        Subject: serialNumber=e31fb7299ea9659a89a7c1cae4395cc6470677bfc3b0cfff709799ef029b8cb2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b4:60:28:a7:42:a5:81:4b:b8:48:3d:a0:83:
                    08:98:5c:99:ff:c5:6b:51:a8:0d:38:92:32:70:ab:
                    ff:97:52:d0:c7:e9:42:dd:6a:5c:9a:c9:b1:eb:a7:
                    ff:f5:71:ae:05:dc:0c:70:2e:ab:9f:70:f9:82:31:
                    81:45:60:e5:b5:74:8c:39:f1:f6:d5:c7:f5:9f:1e:
                    09:3f:9a:83:4b:6e:56:bb:f0:98:ed:f1:a0:cc:68:
                    67:8c:03:5e:e7:46:eb:65:a8:52:f8:07:9e:02:7e:
                    75:23:72:ad:fb:4c:8b:76:74:57:bb:54:b4:cd:b7:
                    65:00:6d:6c:3a:8b:13:a9:9a:47:45:52:25:12:bc:
                    0e:97:2e:26:c2:eb:90:00:7e:74:17:c6:c2:84:1d:
                    bd:92:63:58:16:45:ea:6a:5b:82:0c:68:b5:a4:13:
                    4b:e2:f7:91:bc:8c:1d:c4:ab:ee:68:76:eb:c1:b7:
                    32:d9:c3:19:8a:7d:6c:51:9f:6f:59:25:b8:9e:35:
                    b4:c6:d5:72:da:3d:36:ed:90:1d:e0:1d:92:ef:47:
                    f8:ac:69:3f:fb:c6:41:a6:54:f1:dd:e1:eb:4a:69:
                    dd:bb:05:51:a6:03:87:f3:8d:f0:7a:95:a0:e5:9b:
                    93:cd:25:c3:a2:c6:3a:de:36:20:ef:52:d4:e4:65:
                    f3:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:7C:E0:63:8D:77:AA:89:F3:CD:CE:BA:DB:21:CC:D3:AF:0A:43:1B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/31df66e8-7ddc-4b58-b43c-358c66531a8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:b2:74:a9:e9:26:11:ba:a4:f4:50:46:80:2f:04:65:6a:4b:
         9a:a5:0a:a5:e8:9d:59:1f:88:f2:3d:fd:91:c3:68:c2:d9:29:
         03:4f:4d:c0:9f:09:22:71:05:74:b7:01:b8:3a:20:ef:98:2c:
         97:ba:9a:18:fc:cd:20:aa:76:eb:0b:be:84:2a:a5:e3:45:7f:
         66:ae:ff:f4:8b:d8:e3:e6:42:aa:ed:ba:24:c7:89:8f:d1:c7:
         3a:bb:1e:49:d2:46:58:68:c4:83:b6:b7:f4:01:46:8c:23:a4:
         de:d3:2b:e6:83:4f:6b:3f:21:6b:ea:5f:20:45:df:ad:11:30:
         6c:4f:ff:ac:a9:da:e8:e3:96:42:51:8c:90:83:4c:ac:46:95:
         bf:ce:75:a3:85:03:68:2b:9b:83:dc:a5:e0:54:68:36:80:54:
         ea:24:e6:61:db:ed:df:d2:0f:ac:3d:b6:d9:20:53:bd:b2:ae:
         61:eb:d1:09:a5:84:79:78:ec:35:da:14:4e:bc:dc:55:7f:d4:
         6e:87:07:34:b2:b9:01:a3:39:7f:ab:33:32:04:41:0c:09:0e:
         78:bd:3f:31:17:da:2e:99:11:77:cd:bd:9f:86:ef:90:f9:1b:
         a2:d7:a0:14:a8:6c:c8:23:1a:b8:f7:4a:cf:f0:ed:19:11:4a:
         8f:69:62:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb4UjgCCcTX2PI6bfYoljdqjuiDMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEyMDAwMDAwWhcNMjUwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlMzFmYjcyOTllYTk2NTlhODlhN2MxY2FlNDM5NWNjNjQ3
MDY3N2JmYzNiMGNmZmY3MDk3OTllZjAyOWI4Y2IyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCktGAop0KlgUu4SD2ggwiYXJn/xWtRqA04kjJwq/+XUtDH
6ULdalyaybHrp//1ca4F3AxwLqufcPmCMYFFYOW1dIw58fbVx/WfHgk/moNLbla7
8Jjt8aDMaGeMA17nRutlqFL4B54CfnUjcq37TIt2dFe7VLTNt2UAbWw6ixOpmkdF
UiUSvA6XLibC65AAfnQXxsKEHb2SY1gWRepqW4IMaLWkE0vi95G8jB3Eq+5oduvB
tzLZwxmKfWxRn29ZJbieNbTG1XLaPTbtkB3gHZLvR/isaT/7xkGmVPHd4etKad27
BVGmA4fzjfB6laDlm5PNJcOixjreNiDvUtTkZfOVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGXzgY413qonzzc662yHM068KQxswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMxZGY2NmU4LTdkZGMtNGI1OC1iNDNjLTM1OGM2NjUzMWE4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUUwDQYJKoZIhvcNAQELBQADggEBABSydKnpJhG6pPRQRoAvBGVqS5ql
CqXonVkfiPI9/ZHDaMLZKQNPTcCfCSJxBXS3Abg6IO+YLJe6mhj8zSCqdusLvoQq
peNFf2au//SL2OPmQqrtuiTHiY/Rxzq7HknSRlhoxIO2t/QBRowjpN7TK+aDT2s/
IWvqXyBF360RMGxP/6yp2ujjlkJRjJCDTKxGlb/OdaOFA2grm4PcpeBUaDaAVOok
5mHb7d/SD6w9ttkgU72yrmHr0QmlhHl47DXaFE683FV/1G6HBzSyuQGjOX+rMzIE
QQwJDni9PzEX2i6ZEXfNvZ+G75D5G6LXoBSobMgjGrj3Ss/w7RkRSo9pYgI=
-----END CERTIFICATE-----