Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/156312a9-6781-4455-ae05-29fa05e0c91a.roa
File:                     156312a9-6781-4455-ae05-29fa05e0c91a.roa (raw, json)
Hash identifier:          941xqopCvas/99ZykQjklpPYzDHw4dhrOsX74WQ1UuU=
Subject key identifier:   E4:3D:D2:EC:39:C4:6F:25:B1:E3:23:55:5A:57:68:04:C7:31:B7:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7E66180AE126FD1B26B4B4DC607BC63312110390
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/156312a9-6781-4455-ae05-29fa05e0c91a.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        129.220.96.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:66:18:0a:e1:26:fd:1b:26:b4:b4:dc:60:7b:c6:33:12:11:03:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=6debf0ac94725c0c7d0ea46b0eb82ba811c243837d9727782f3ae2ecd4efce3e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:60:51:d8:26:9d:03:f6:90:f7:ae:a3:db:13:
                    86:7d:fa:cf:02:b3:3f:87:c5:24:6c:11:b9:0c:3e:
                    d5:37:19:eb:d0:46:7f:36:af:8b:11:74:b9:3e:bd:
                    1f:43:64:99:a9:4c:e2:76:17:03:fd:6b:82:ba:90:
                    24:c6:db:c0:7b:3a:80:f1:bd:e5:5f:8d:82:48:00:
                    ce:eb:f7:c3:be:c0:03:2a:f0:14:32:4a:ff:b1:2c:
                    94:bc:94:20:2f:38:1f:0b:a9:1c:c5:3c:34:87:5f:
                    e5:52:77:61:ba:a3:bd:a0:44:ca:61:9b:dd:b7:7e:
                    4e:4d:08:82:4c:bf:dd:66:60:42:f1:58:7c:95:de:
                    b9:fb:cb:cf:31:19:a4:a2:57:21:e5:3b:27:ad:32:
                    cd:29:af:28:7e:39:8c:ac:ae:89:30:79:9c:81:37:
                    1f:15:f9:8c:05:44:3c:a1:38:5f:96:f1:26:f1:cc:
                    b8:b8:f3:92:45:25:91:2c:2f:20:a1:65:d5:72:66:
                    a5:35:0b:11:0b:50:01:2d:ff:63:6d:54:4b:03:26:
                    67:c5:fd:21:d9:5b:c7:97:df:a9:2b:74:d8:0b:7f:
                    e8:49:22:cf:20:6c:8c:4a:06:c1:ba:a1:fb:9f:5a:
                    a1:70:7f:c6:56:6e:6b:a9:e1:07:1f:94:c5:06:91:
                    4c:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:3D:D2:EC:39:C4:6F:25:B1:E3:23:55:5A:57:68:04:C7:31:B7:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/156312a9-6781-4455-ae05-29fa05e0c91a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.220.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         78:73:31:6d:24:de:32:fb:b4:a5:b3:53:c6:10:f0:33:d6:77:
         e2:e0:07:b1:cb:5a:e4:1b:97:54:01:ee:9b:4c:90:89:4b:3e:
         0c:1e:29:11:c5:bf:97:39:ca:fd:65:6a:6a:01:fe:4f:93:e8:
         37:bc:49:a9:c0:60:91:25:b9:14:b3:b0:ee:16:1a:67:28:e0:
         2a:5a:9d:b2:b7:a9:f0:60:3d:be:0c:e5:5b:86:f4:3a:78:25:
         29:12:30:4f:f0:a8:07:d5:b3:f8:e5:22:4f:e6:e1:46:27:e0:
         d1:e1:da:55:ff:ec:49:56:7e:00:09:8c:e5:30:60:0b:29:4d:
         1d:f3:89:2d:fa:69:09:aa:cc:1d:2e:89:a2:73:90:d2:c3:03:
         79:37:50:8e:05:c3:52:95:db:e8:85:4c:1a:0b:c2:a2:cc:9f:
         1f:e4:a9:6a:5e:9c:f6:39:ec:29:7a:e0:7d:9e:aa:19:0c:8a:
         1f:b2:a9:45:83:03:97:e6:64:f9:22:a7:67:74:c6:e6:d0:d5:
         87:1e:fa:9a:d5:92:12:3a:47:c3:da:fa:51:1c:37:6e:ca:79:
         17:58:89:51:d5:48:e6:c9:7e:ff:15:34:2f:7c:92:bc:a7:29:
         0f:c8:cf:6a:b2:ce:41:d8:78:b1:cc:e8:8b:ff:96:9a:b3:bf:
         1e:30:34:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfmYYCuEm/RsmtLTcYHvGMxIRA5AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZGViZjBhYzk0NzI1YzBjN2QwZWE0NmIwZWI4MmJhODEx
YzI0MzgzN2Q5NzI3NzgyZjNhZTJlY2Q0ZWZjZTNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6YFHYJp0D9pD3rqPbE4Z9+s8Csz+HxSRsEbkMPtU3GevQ
Rn82r4sRdLk+vR9DZJmpTOJ2FwP9a4K6kCTG28B7OoDxveVfjYJIAM7r98O+wAMq
8BQySv+xLJS8lCAvOB8LqRzFPDSHX+VSd2G6o72gRMphm923fk5NCIJMv91mYELx
WHyV3rn7y88xGaSiVyHlOyetMs0pryh+OYysrokweZyBNx8V+YwFRDyhOF+W8Sbx
zLi485JFJZEsLyChZdVyZqU1CxELUAEt/2NtVEsDJmfF/SHZW8eX36krdNgLf+hJ
Is8gbIxKBsG6ofufWqFwf8ZWbmup4QcflMUGkUxLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5D3S7DnEbyWx4yNVWldoBMcxt7owHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1NjMxMmE5LTY3ODEtNDQ1NS1hZTA1LTI5ZmEwNWUwYzkxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAWB3GAwDQYJKoZIhvcNAQELBQADggEBAHhzMW0k3jL7tKWzU8YQ8DPWd+Lg
B7HLWuQbl1QB7ptMkIlLPgweKRHFv5c5yv1lamoB/k+T6De8SanAYJEluRSzsO4W
Gmco4CpanbK3qfBgPb4M5VuG9Dp4JSkSME/wqAfVs/jlIk/m4UYn4NHh2lX/7ElW
fgAJjOUwYAspTR3ziS36aQmqzB0uiaJzkNLDA3k3UI4Fw1KV2+iFTBoLwqLMnx/k
qWpenPY57Cl64H2eqhkMih+yqUWDA5fmZPkip2d0xubQ1Yce+prVkhI6R8Pa+lEc
N27KeRdYiVHVSObJfv8VNC98krynKQ/Iz2qyzkHYeLHM6Iv/lpqzvx4wNNI=
-----END CERTIFICATE-----