Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b940b195-8563-486c-a210-19537de5eb03.roa
File:                     b940b195-8563-486c-a210-19537de5eb03.roa (raw, json)
Hash identifier:          4n6frwIu2gUnMzDdUoVQL8xa78/94ZroJqYtj7A7/dI=
Subject key identifier:   D0:A6:3C:BF:64:03:9C:F4:CA:97:42:89:1A:6F:A0:22:EC:C4:6C:74
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6019E8B43F17ABE3BC03C7F7A35D147F238D9CDA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b940b195-8563-486c-a210-19537de5eb03.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.25.69.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:19:e8:b4:3f:17:ab:e3:bc:03:c7:f7:a3:5d:14:7f:23:8d:9c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=b0156e9053c3fcc12be488503477eace669168096761ecf21a5fbdfc8948d3f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:02:10:3e:93:78:45:bb:8a:a7:ab:e3:04:2f:
                    51:fe:66:be:95:f7:ff:8d:a1:99:f3:79:05:9b:91:
                    e7:30:58:0f:05:07:ca:98:73:31:e9:77:91:7c:78:
                    5a:8c:82:75:e3:71:ce:67:1b:5f:d1:95:5f:bf:0b:
                    70:30:37:ab:3f:c5:8b:c1:7f:a8:5d:87:88:c1:0f:
                    3b:1e:b4:5d:ba:6a:cf:ab:b5:70:a4:2f:5a:6a:e0:
                    1b:4f:ea:58:28:d6:b0:b2:40:69:59:58:46:32:69:
                    c6:f8:a0:59:69:c5:0c:c4:3d:07:42:63:a9:f0:44:
                    64:22:0d:bc:60:1c:3b:df:be:7f:73:1c:51:16:7f:
                    fe:5e:d0:3a:fd:43:f5:ec:c3:96:c8:de:55:4b:61:
                    50:6c:9a:04:90:3e:b5:f7:f8:c2:8e:c5:08:21:76:
                    65:6b:4b:74:07:d0:b7:6c:8b:db:59:64:f8:e6:99:
                    ba:bd:9b:75:3a:4a:31:c5:52:7c:6a:d3:13:08:5a:
                    4d:4f:79:38:c4:e3:e7:e5:37:5f:cf:2d:28:5c:f7:
                    e2:b3:69:6a:20:d6:4b:da:65:e5:df:9b:8b:ed:ac:
                    8a:a6:fa:18:d3:22:fa:6e:63:43:67:20:5a:80:27:
                    5b:16:4f:f8:2a:92:12:68:ba:58:1c:1b:91:8b:bd:
                    ea:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:A6:3C:BF:64:03:9C:F4:CA:97:42:89:1A:6F:A0:22:EC:C4:6C:74
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b940b195-8563-486c-a210-19537de5eb03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.25.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:1b:fe:e6:81:a6:2c:44:1a:90:95:0d:7c:58:49:16:6b:5d:
         04:16:15:39:31:6c:0a:9a:12:b2:af:33:db:32:19:ea:a4:41:
         4f:69:1a:86:08:16:e2:c1:d3:fe:b3:61:cd:72:a0:5e:b6:c6:
         d1:a6:8c:1d:1c:32:db:35:78:5a:11:a0:12:0c:63:0d:8e:b9:
         04:d7:6b:55:82:63:ac:1e:7d:4e:1b:bd:70:d5:99:9e:00:da:
         54:dc:92:5b:75:aa:7d:1a:f1:db:b2:bd:85:63:6d:8d:39:d4:
         1b:1c:75:b1:99:ff:22:0d:53:19:05:71:bf:5b:b7:ba:dc:2d:
         9a:16:ea:3e:62:85:d7:06:26:c6:4f:ad:2c:3d:96:29:5a:fa:
         1e:46:83:98:63:6f:5c:1d:db:d1:cc:26:86:a7:95:23:b9:09:
         cb:9e:ef:cf:f1:a0:8a:32:be:50:2e:28:95:b9:c1:46:0c:af:
         ce:4a:90:d3:5d:da:ff:b4:b9:dc:ec:63:f8:ee:63:31:d8:bd:
         df:c7:b1:21:6e:de:ec:bc:39:98:99:56:0f:77:a6:bb:0c:ff:
         5a:ec:bd:d4:cd:93:11:cb:74:75:10:08:74:ac:6a:ed:fa:00:
         30:18:60:ea:3b:31:a6:fa:90:e8:26:b1:d0:90:02:d8:aa:2e:
         09:ca:cf:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYBnotD8Xq+O8A8f3o10UfyONnNowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMDE1NmU5MDUzYzNmY2MxMmJlNDg4NTAzNDc3ZWFjZTY2
OTE2ODA5Njc2MWVjZjIxYTVmYmRmYzg5NDhkM2Y0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDGAhA+k3hFu4qnq+MEL1H+Zr6V9/+NoZnzeQWbkecwWA8F
B8qYczHpd5F8eFqMgnXjcc5nG1/RlV+/C3AwN6s/xYvBf6hdh4jBDzsetF26as+r
tXCkL1pq4BtP6lgo1rCyQGlZWEYyacb4oFlpxQzEPQdCY6nwRGQiDbxgHDvfvn9z
HFEWf/5e0Dr9Q/Xsw5bI3lVLYVBsmgSQPrX3+MKOxQghdmVrS3QH0Ldsi9tZZPjm
mbq9m3U6SjHFUnxq0xMIWk1PeTjE4+flN1/PLShc9+KzaWog1kvaZeXfm4vtrIqm
+hjTIvpuY0NnIFqAJ1sWT/gqkhJoulgcG5GLveprAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0KY8v2QDnPTKl0KJGm+gIuzEbHQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I5NDBiMTk1LTg1NjMtNDg2Yy1hMjEwLTE5NTM3ZGU1ZWIwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA2GUUwDQYJKoZIhvcNAQELBQADggEBAGEb/uaBpixEGpCVDXxYSRZrXQQW
FTkxbAqaErKvM9syGeqkQU9pGoYIFuLB0/6zYc1yoF62xtGmjB0cMts1eFoRoBIM
Yw2OuQTXa1WCY6wefU4bvXDVmZ4A2lTcklt1qn0a8duyvYVjbY051BscdbGZ/yIN
UxkFcb9bt7rcLZoW6j5ihdcGJsZPrSw9lila+h5Gg5hjb1wd29HMJoanlSO5Ccue
78/xoIoyvlAuKJW5wUYMr85KkNNd2v+0udzsY/juYzHYvd/HsSFu3uy8OZiZVg93
prsM/1rsvdTNkxHLdHUQCHSsau36ADAYYOo7Mab6kOgmsdCQAtiqLgnKz2E=
-----END CERTIFICATE-----