Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29f09bbf-3e6d-42b9-8055-ec19c6797b9b.roa
File:                     29f09bbf-3e6d-42b9-8055-ec19c6797b9b.roa (raw, json)
Hash identifier:          SHGIg7Ju2YhymloIdBdS5XrgdgXG9kVv7OwTsKHv66I=
Subject key identifier:   DB:11:FC:19:F7:0B:9E:A3:2F:6C:8A:98:56:55:20:0D:17:AA:3E:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EF453A515FE66F1001CAC71A1FA31F27B0985DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29f09bbf-3e6d-42b9-8055-ec19c6797b9b.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        158.138.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:f4:53:a5:15:fe:66:f1:00:1c:ac:71:a1:fa:31:f2:7b:09:85:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=84ee11c97e3e75ae560f445ded223f16bf3b847f497e026a4c22452dbf93740c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c7:f0:59:a3:0e:a1:32:5f:7d:f1:ba:36:41:
                    b1:7d:d7:c8:e6:2e:c9:87:0e:32:f1:e2:0f:fd:d6:
                    3c:a5:96:6f:df:f9:b1:c1:50:80:97:bc:04:6d:08:
                    0f:60:f2:79:5f:df:85:02:1b:4b:36:3e:0c:35:e4:
                    0c:23:57:ef:14:81:a4:af:f2:a3:e5:a8:55:07:a0:
                    e2:77:5e:79:3a:e8:dc:b5:8d:dd:e7:3c:7b:24:c5:
                    67:e8:f2:ff:30:6e:e1:b5:12:41:eb:6f:18:2a:6f:
                    8e:f4:34:a8:c3:e6:ae:0b:80:e3:7f:8f:d7:83:3a:
                    8f:8e:51:73:89:74:a1:11:53:24:92:ea:20:7b:62:
                    51:b1:fd:01:8d:14:1b:86:f4:c9:0b:45:d2:24:ae:
                    8e:52:6d:36:ab:9b:4c:cc:7e:05:f4:7a:c6:ef:41:
                    a1:b4:89:80:4b:e3:d4:83:86:d1:23:cd:a5:ba:3a:
                    70:e0:f6:33:ae:1b:43:88:11:79:31:43:61:e1:c3:
                    f7:0a:02:d7:75:9a:a0:bb:37:19:be:45:bc:87:dc:
                    ee:d3:bb:d0:46:d0:30:09:61:58:59:cb:4d:23:e6:
                    4a:56:c1:96:19:7e:72:7f:90:45:ac:b5:8e:82:e1:
                    ed:3c:ae:29:a8:e9:d1:2c:c3:2d:bf:c7:25:5d:02:
                    bf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:11:FC:19:F7:0B:9E:A3:2F:6C:8A:98:56:55:20:0D:17:AA:3E:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29f09bbf-3e6d-42b9-8055-ec19c6797b9b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.138.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b1:3c:9e:bc:3a:f8:f2:9f:83:f8:41:d4:87:93:3b:4d:32:8a:
         9b:9e:04:f1:d1:ca:42:09:b3:51:a9:b0:b5:b7:e8:40:a1:f5:
         58:7a:41:61:92:51:1d:99:d2:78:6b:e4:9f:50:5f:19:a4:59:
         cd:83:bd:84:9f:2a:a5:4b:e7:8a:ff:bc:72:3f:79:31:6c:54:
         79:83:12:84:97:d7:32:5a:45:14:cf:c0:18:ca:f3:68:41:49:
         ef:7b:34:95:d6:80:47:4b:d9:8a:e9:ff:04:1f:18:59:20:70:
         90:e2:39:81:81:70:3d:e1:57:dc:ef:a3:ba:ff:ec:37:f4:80:
         42:4e:4d:b4:57:04:d2:ec:4b:73:40:d4:b1:b8:79:28:05:63:
         62:d2:8e:9e:ba:22:09:15:fb:87:05:7e:cd:fa:ec:1c:ea:f7:
         c3:9e:0e:04:9f:6a:e9:09:0f:a2:13:72:5d:6e:d3:cb:57:f8:
         33:76:46:5b:04:18:1e:07:31:eb:8d:4a:83:c3:c6:66:80:d5:
         59:9c:cf:28:44:85:13:06:06:e3:d1:5b:cd:6a:97:1a:a9:79:
         7c:22:bc:b9:18:e5:af:99:bb:52:e3:71:f6:57:48:99:1a:32:
         fe:67:e4:0d:f3:6c:61:d5:09:8a:6f:a5:d8:4f:dc:5d:f9:31:
         89:16:9d:6d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTvRTpRX+ZvEAHKxxofox8nsJhdowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NGVlMTFjOTdlM2U3NWFlNTYwZjQ0NWRlZDIyM2YxNmJm
M2I4NDdmNDk3ZTAyNmE0YzIyNDUyZGJmOTM3NDBjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUx/BZow6hMl998bo2QbF918jmLsmHDjLx4g/91jyllm/f
+bHBUICXvARtCA9g8nlf34UCG0s2Pgw15AwjV+8UgaSv8qPlqFUHoOJ3Xnk66Ny1
jd3nPHskxWfo8v8wbuG1EkHrbxgqb470NKjD5q4LgON/j9eDOo+OUXOJdKERUySS
6iB7YlGx/QGNFBuG9MkLRdIkro5SbTarm0zMfgX0esbvQaG0iYBL49SDhtEjzaW6
OnDg9jOuG0OIEXkxQ2Hhw/cKAtd1mqC7Nxm+RbyH3O7Tu9BG0DAJYVhZy00j5kpW
wZYZfnJ/kEWstY6C4e08rimo6dEswy2/xyVdAr8PAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2xH8GfcLnqMvbIqYVlUgDReqPk8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5ZjA5YmJmLTNlNmQtNDJiOS04MDU1LWVjMTljNjc5N2I5Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCeijANBgkqhkiG9w0BAQsFAAOCAQEAsTyevDr48p+D+EHUh5M7TTKKm54E
8dHKQgmzUamwtbfoQKH1WHpBYZJRHZnSeGvkn1BfGaRZzYO9hJ8qpUvniv+8cj95
MWxUeYMShJfXMlpFFM/AGMrzaEFJ73s0ldaAR0vZiun/BB8YWSBwkOI5gYFwPeFX
3O+juv/sN/SAQk5NtFcE0uxLc0DUsbh5KAVjYtKOnroiCRX7hwV+zfrsHOr3w54O
BJ9q6QkPohNyXW7Ty1f4M3ZGWwQYHgcx641Kg8PGZoDVWZzPKESFEwYG49FbzWqX
Gql5fCK8uRjlr5m7UuNx9ldImRoy/mfkDfNsYdUJim+l2E/cXfkxiRadbQ==
-----END CERTIFICATE-----