Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb054371-a140-41e1-915a-758e59f442df.roa
File:                     bb054371-a140-41e1-915a-758e59f442df.roa (raw, json)
Hash identifier:          vff7Draq5uj74hGid7rUpq1f07RFkv8jVoKHxMc8OHE=
Subject key identifier:   FF:3E:3B:69:2A:D9:95:17:B8:BA:45:62:C4:FD:E4:69:9B:65:5B:93
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39C339660B7647EB26D1FCC51D516C103D15EBD4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb054371-a140-41e1-915a-758e59f442df.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.140.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:c3:39:66:0b:76:47:eb:26:d1:fc:c5:1d:51:6c:10:3d:15:eb:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=1517c127b96085b30e4c5b58f1cdbf576226ecf64b36f29fa87dbc8da72a795c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:4f:55:11:5e:81:a9:e9:e2:b7:fc:4b:48:96:
                    22:15:e1:62:e2:4a:73:29:36:d5:10:fc:88:ee:b4:
                    a1:e9:51:ee:c0:9a:3f:bc:94:79:a5:15:49:eb:5d:
                    5c:15:c8:8f:d0:93:f0:ad:2a:79:9c:3b:56:e2:72:
                    1e:6c:56:55:2a:29:23:87:cd:36:d0:44:c7:11:a7:
                    55:31:fe:10:ca:1d:c7:5f:59:9c:b4:04:31:56:b2:
                    13:c1:61:b4:e1:60:5a:9b:ac:13:61:c7:03:e9:af:
                    38:97:22:72:fa:b5:a0:a9:d1:6a:58:5f:a4:b6:94:
                    83:ff:46:66:d4:b6:2a:04:9b:3f:11:34:b8:93:b3:
                    a9:da:55:a0:43:17:c4:26:6f:79:40:16:c0:81:65:
                    f1:1b:33:b1:3b:61:52:dc:b5:5e:4f:25:84:ea:51:
                    cb:e1:98:dd:37:9b:e4:9e:2f:aa:ff:af:9e:cf:17:
                    6f:06:41:1c:98:cd:fe:a2:ea:17:4b:22:11:c5:36:
                    08:83:54:da:2f:7c:a8:ce:1d:8b:94:68:1d:f1:a3:
                    53:72:4d:7a:91:b3:0e:56:e3:13:43:68:a9:83:fa:
                    73:3e:91:65:5b:47:24:3c:39:d3:ce:3c:63:e6:9e:
                    e2:b7:b3:6d:3f:25:5d:d1:e0:a6:c1:57:96:fa:7e:
                    fa:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:3E:3B:69:2A:D9:95:17:B8:BA:45:62:C4:FD:E4:69:9B:65:5B:93
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bb054371-a140-41e1-915a-758e59f442df.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:07:b9:84:18:5f:2b:6f:1e:49:5a:aa:a3:15:f6:b0:90:ce:
         d7:93:f7:de:fe:9e:d5:a6:66:6d:df:ab:5f:d9:63:58:74:72:
         ad:e1:51:a1:3a:9b:2a:01:65:6c:c9:4f:07:22:ca:42:a6:e8:
         df:15:0e:5d:c4:a9:c2:a4:a5:d2:6d:7f:09:c7:18:c9:b7:ab:
         27:1d:b7:b5:9a:ad:61:01:ae:82:e2:51:07:a6:30:36:9c:3d:
         8a:10:f4:31:7f:46:ab:76:a0:96:30:e6:14:0d:6b:c9:a8:76:
         12:7c:52:7d:82:cf:12:80:5d:09:e3:ae:c3:48:3c:69:e4:79:
         50:38:88:6b:91:60:5d:2b:51:b2:7b:47:0b:fa:a0:8b:e9:3e:
         9d:34:f9:2e:d7:c1:29:36:08:02:8d:5d:91:54:a2:66:ba:6d:
         c8:c0:ac:6d:c8:b4:cb:d4:ff:bd:96:20:15:80:b7:ba:43:70:
         05:2d:99:1a:5f:89:5d:d3:89:61:4d:02:77:a6:55:62:31:b3:
         7f:5e:82:85:31:99:cc:69:e3:0c:d2:c7:2b:bc:68:3a:59:c2:
         6e:53:3f:3f:e4:1f:55:17:58:8c:77:e2:a4:e7:74:3e:51:6c:
         a6:c6:a9:59:b0:d3:f6:f6:74:f9:5a:d1:23:92:4c:38:5c:8d:
         7d:a5:a5:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOcM5Zgt2R+sm0fzFHVFsED0V69QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNTE3YzEyN2I5NjA4NWIzMGU0YzViNThmMWNkYmY1NzYy
MjZlY2Y2NGIzNmYyOWZhODdkYmM4ZGE3MmE3OTVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpT1URXoGp6eK3/EtIliIV4WLiSnMpNtUQ/IjutKHpUe7A
mj+8lHmlFUnrXVwVyI/Qk/CtKnmcO1bich5sVlUqKSOHzTbQRMcRp1Ux/hDKHcdf
WZy0BDFWshPBYbThYFqbrBNhxwPprziXInL6taCp0WpYX6S2lIP/RmbUtioEmz8R
NLiTs6naVaBDF8Qmb3lAFsCBZfEbM7E7YVLctV5PJYTqUcvhmN03m+SeL6r/r57P
F28GQRyYzf6i6hdLIhHFNgiDVNovfKjOHYuUaB3xo1NyTXqRsw5W4xNDaKmD+nM+
kWVbRyQ8OdPOPGPmnuK3s20/JV3R4KbBV5b6fvrJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/z47aSrZlRe4ukVixP3kaZtlW5MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiMDU0MzcxLWExNDAtNDFlMS05MTVhLTc1OGU1OWY0NDJkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGIEowwDQYJKoZIhvcNAQELBQADggEBAAcHuYQYXytvHklaqqMV9rCQzteT
997+ntWmZm3fq1/ZY1h0cq3hUaE6myoBZWzJTwciykKm6N8VDl3EqcKkpdJtfwnH
GMm3qycdt7WarWEBroLiUQemMDacPYoQ9DF/Rqt2oJYw5hQNa8modhJ8Un2CzxKA
XQnjrsNIPGnkeVA4iGuRYF0rUbJ7Rwv6oIvpPp00+S7XwSk2CAKNXZFUoma6bcjA
rG3ItMvU/72WIBWAt7pDcAUtmRpfiV3TiWFNAnemVWIxs39egoUxmcxp4wzSxyu8
aDpZwm5TPz/kH1UXWIx34qTndD5RbKbGqVmw0/b2dPla0SOSTDhcjX2lpfw=
-----END CERTIFICATE-----