Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85966c74-c3e4-427d-8f2c-983e0d0689a5.roa
File:                     85966c74-c3e4-427d-8f2c-983e0d0689a5.roa (raw, json)
Hash identifier:          S/NLItvKwwbC6q2GYYzujGfzI12irAMGRM3uPlcvHMU=
Subject key identifier:   9B:A6:26:99:AD:EF:34:1F:20:EE:92:E8:C1:3D:CA:B7:29:06:E2:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1FC997FC7E35ECB431B848494222DA9351FE5E23
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85966c74-c3e4-427d-8f2c-983e0d0689a5.roa
Signing time:             Sun 12 Jan 2025 00:00:00 +0000
ROA not before:           Sun 12 Jan 2025 00:00:00 +0000
ROA not after:            Sun 16 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.67.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:c9:97:fc:7e:35:ec:b4:31:b8:48:49:42:22:da:93:51:fe:5e:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 12 00:00:00 2025 GMT
            Not After : Feb 16 23:59:59 2025 GMT
        Subject: serialNumber=fadb294c15bf99b97148bff0186c1f6cdfc3e62601c5c638731607dbd56cc506, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:08:eb:ef:d2:04:2b:27:21:46:a3:7a:79:06:
                    d9:e8:8c:3f:db:1c:c1:a2:fc:3c:df:95:3d:98:08:
                    de:7b:11:1f:25:40:3b:8c:56:88:d3:91:dd:cd:13:
                    0a:e9:c5:06:a3:da:47:21:83:32:d4:70:1f:ab:91:
                    8e:1b:33:81:11:4f:0d:3b:f7:45:4a:94:14:da:ed:
                    81:ee:13:e6:2b:ca:9b:6c:52:7a:df:74:1a:49:6a:
                    b1:83:ae:10:85:d2:9a:57:c6:58:b4:f5:4c:a6:5e:
                    56:54:76:a0:54:0b:1a:09:4d:54:c3:f4:d9:93:7b:
                    c1:cb:05:e4:3b:79:04:9e:bd:14:2b:5a:ee:d0:e8:
                    63:b8:8c:ec:c6:29:8f:3a:5e:09:8b:39:cb:c4:cc:
                    1a:6f:a7:be:43:51:14:8d:98:aa:89:b1:30:0b:1f:
                    60:b4:2d:e6:22:06:48:9c:04:ec:c2:e8:3a:f1:4b:
                    e5:ab:09:ff:b6:f4:06:df:73:cc:0c:7c:6a:af:5b:
                    bd:2c:fb:6e:62:fd:ff:f6:e7:80:21:c8:e2:4b:3f:
                    b8:a3:d9:60:4a:d8:76:b0:0f:8d:b6:a1:ed:f5:f1:
                    e3:eb:6f:5a:99:fa:ec:22:ea:7b:92:a4:0b:03:3b:
                    8e:56:b2:53:7d:1d:f0:99:d7:7b:34:5b:8e:d6:3b:
                    be:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:A6:26:99:AD:EF:34:1F:20:EE:92:E8:C1:3D:CA:B7:29:06:E2:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/85966c74-c3e4-427d-8f2c-983e0d0689a5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:e6:fd:60:b4:9c:f5:46:af:2f:6a:6e:25:5e:2f:3d:a0:d3:
         36:c7:55:91:b0:39:56:85:4e:1b:1e:5f:9f:58:b1:08:2b:23:
         d5:ef:0e:c5:73:74:ce:b9:b2:31:c4:7c:cf:1c:c4:27:c8:77:
         fc:fa:3f:b6:c8:dc:b9:8d:89:5f:f2:80:0b:a8:b3:16:a0:28:
         97:fb:a2:a7:7d:ae:f6:5f:8d:3b:cd:0e:36:ad:36:05:6d:a9:
         39:0b:f7:b3:b0:78:0c:bc:be:8d:50:7c:90:a9:e7:b8:5a:09:
         c4:0c:54:63:e3:77:e0:c1:d9:c1:6d:d7:19:3b:76:92:84:d6:
         9a:79:00:fa:b5:27:24:60:12:e0:a3:08:dd:24:28:70:7b:c5:
         f0:ae:d7:a9:51:d0:af:88:1d:2a:58:0d:79:81:1d:a7:55:5e:
         84:1a:01:0d:f7:de:f7:b3:29:df:84:d9:c2:20:9c:3d:ff:41:
         4c:1f:9d:7f:e8:8b:4a:ef:d3:1f:5b:ff:fe:bf:53:d6:d9:6c:
         3c:b4:1d:13:f8:bc:38:6f:e2:51:4b:c6:79:03:56:af:8a:10:
         e7:ae:d2:cc:fb:32:98:55:b9:d0:df:07:70:85:ca:74:8e:9d:
         1f:08:f7:ec:46:67:55:28:20:06:b4:46:a8:37:44:e3:ee:61:
         3a:db:2b:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH8mX/H417LQxuEhJQiLak1H+XiMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEyMDAwMDAwWhcNMjUwMjE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWRiMjk0YzE1YmY5OWI5NzE0OGJmZjAxODZjMWY2Y2Rm
YzNlNjI2MDFjNWM2Mzg3MzE2MDdkYmQ1NmNjNTA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3COvv0gQrJyFGo3p5BtnojD/bHMGi/DzflT2YCN57ER8l
QDuMVojTkd3NEwrpxQaj2kchgzLUcB+rkY4bM4ERTw0790VKlBTa7YHuE+Yrypts
UnrfdBpJarGDrhCF0ppXxli09UymXlZUdqBUCxoJTVTD9NmTe8HLBeQ7eQSevRQr
Wu7Q6GO4jOzGKY86XgmLOcvEzBpvp75DURSNmKqJsTALH2C0LeYiBkicBOzC6Drx
S+WrCf+29Abfc8wMfGqvW70s+25i/f/254AhyOJLP7ij2WBK2HawD422oe318ePr
b1qZ+uwi6nuSpAsDO45WslN9HfCZ13s0W47WO75rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUm6Ymma3vNB8g7pLowT3KtykG4vowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg1OTY2Yzc0LWMzZTQtNDI3ZC04ZjJjLTk4M2UwZDA2ODlhNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUMwDQYJKoZIhvcNAQELBQADggEBANLm/WC0nPVGry9qbiVeLz2g0zbH
VZGwOVaFThseX59YsQgrI9XvDsVzdM65sjHEfM8cxCfId/z6P7bI3LmNiV/ygAuo
sxagKJf7oqd9rvZfjTvNDjatNgVtqTkL97OweAy8vo1QfJCp57haCcQMVGPjd+DB
2cFt1xk7dpKE1pp5APq1JyRgEuCjCN0kKHB7xfCu16lR0K+IHSpYDXmBHadVXoQa
AQ333vezKd+E2cIgnD3/QUwfnX/oi0rv0x9b//6/U9bZbDy0HRP4vDhv4lFLxnkD
Vq+KEOeu0sz7MphVudDfB3CFynSOnR8I9+xGZ1UoIAa0Rqg3ROPuYTrbK90=
-----END CERTIFICATE-----