Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f3e9a87-f7d1-4e56-a255-87fe00b48d3b.roa
File:                     2f3e9a87-f7d1-4e56-a255-87fe00b48d3b.roa (raw, json)
Hash identifier:          aw5LArvW8TqvHLXujlKGNTzjcQkYUwtNxN0+rGhqAn4=
Subject key identifier:   0E:D9:78:9E:1F:87:26:DE:A5:54:72:1D:E0:C4:24:16:1E:EA:5E:7D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4968C01A77E9B482D5DDC1228A5C30B7BA1A4242
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f3e9a87-f7d1-4e56-a255-87fe00b48d3b.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        182.29.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:68:c0:1a:77:e9:b4:82:d5:dd:c1:22:8a:5c:30:b7:ba:1a:42:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=d3854cba0e0c43e7fdc43d5acc8a876ec7b17e90658d4ac508ef276a727667e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ec:d6:89:18:40:ce:d1:6c:b8:41:17:0c:b3:
                    e2:08:ad:0a:89:dc:23:c1:27:fd:d4:ba:d7:93:e3:
                    6e:85:f2:f6:66:59:27:ca:46:7d:d0:c5:ef:66:92:
                    25:57:9c:86:18:25:f1:35:92:fd:9c:db:7a:25:63:
                    cc:61:b7:d4:cf:3a:9b:7a:6d:27:9a:ea:17:a8:c7:
                    7b:e0:d3:1f:63:82:cd:23:61:26:04:ed:19:4c:f4:
                    25:fc:a1:bf:84:99:7e:f3:60:4b:e7:06:e4:1a:ee:
                    f3:31:a8:47:41:dd:6e:b7:45:55:8a:f6:b5:f0:56:
                    be:12:af:27:e1:a4:3c:50:8b:26:6f:ec:ae:3c:d5:
                    37:58:72:47:22:c7:41:f7:a9:c9:eb:a9:2c:26:74:
                    31:8b:2a:84:47:4e:ee:18:de:6b:e3:37:94:6a:66:
                    17:32:2a:22:f5:cc:8e:09:07:28:71:bc:c2:c1:56:
                    ca:5d:ff:2f:b9:03:2b:d6:f9:04:0f:5d:b3:f4:19:
                    47:99:47:18:88:56:eb:f4:21:8c:8c:d5:15:21:8a:
                    ef:ab:b6:60:03:e4:29:42:99:36:42:ff:ea:31:fb:
                    96:86:9e:c2:32:27:65:4c:ad:f0:48:36:c4:d4:ca:
                    41:aa:e8:fe:ba:39:a0:ea:4a:da:11:67:fc:b5:d4:
                    55:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D9:78:9E:1F:87:26:DE:A5:54:72:1D:E0:C4:24:16:1E:EA:5E:7D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f3e9a87-f7d1-4e56-a255-87fe00b48d3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  182.29.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         91:ee:fc:e4:57:1f:77:b8:f7:a6:e7:12:2a:93:f3:00:84:9a:
         77:52:ae:6f:f7:32:93:e6:f4:6a:d4:e8:8c:57:6c:39:50:dc:
         b9:3b:04:06:11:a7:c5:bb:6c:00:05:73:94:ae:39:36:8e:c2:
         4f:a0:f9:85:18:17:2a:99:69:6e:fa:93:bb:5a:f9:d0:64:27:
         b4:f9:e9:f5:fd:d5:d9:34:3b:fd:3c:05:c7:81:64:18:ba:5a:
         c6:ba:db:88:3a:4d:34:45:c8:06:be:92:94:52:32:fe:d1:75:
         06:88:1e:ba:f9:0c:17:cf:96:c3:17:5a:73:bb:de:45:66:af:
         32:bc:35:b3:fd:0a:74:f9:49:6e:78:d8:71:79:96:20:1a:e9:
         a0:75:67:4f:93:48:cf:59:9e:62:cf:2f:1d:4d:28:27:f9:81:
         8c:23:1c:0e:6a:9c:00:bd:1c:06:54:8e:a0:be:b5:39:99:7e:
         31:42:78:4c:52:08:a4:ce:16:14:41:86:cb:40:e1:36:01:ac:
         24:af:b8:68:d0:ef:1f:75:b6:2f:ce:6b:b7:6d:24:43:a1:3f:
         14:3d:9d:1e:74:db:c5:e9:10:e6:cc:94:ce:8b:37:fb:90:6c:
         45:5a:96:b0:10:88:d0:cc:ef:3a:f2:45:0f:d2:4f:53:e2:db:
         91:35:21:97
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSWjAGnfptILV3cEiilwwt7oaQkIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMzg1NGNiYTBlMGM0M2U3ZmRjNDNkNWFjYzhhODc2ZWM3
YjE3ZTkwNjU4ZDRhYzUwOGVmMjc2YTcyNzY2N2UzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm7NaJGEDO0Wy4QRcMs+IIrQqJ3CPBJ/3UuteT426F8vZm
WSfKRn3Qxe9mkiVXnIYYJfE1kv2c23olY8xht9TPOpt6bSea6heox3vg0x9jgs0j
YSYE7RlM9CX8ob+EmX7zYEvnBuQa7vMxqEdB3W63RVWK9rXwVr4SryfhpDxQiyZv
7K481TdYckcix0H3qcnrqSwmdDGLKoRHTu4Y3mvjN5RqZhcyKiL1zI4JByhxvMLB
Vspd/y+5AyvW+QQPXbP0GUeZRxiIVuv0IYyM1RUhiu+rtmAD5ClCmTZC/+ox+5aG
nsIyJ2VMrfBINsTUykGq6P66OaDqStoRZ/y11FUZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDtl4nh+HJt6lVHId4MQkFh7qXn0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmM2U5YTg3LWY3ZDEtNGU1Ni1hMjU1LTg3ZmUwMGI0OGQzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwC2HTANBgkqhkiG9w0BAQsFAAOCAQEAke785Fcfd7j3pucSKpPzAISad1Ku
b/cyk+b0atTojFdsOVDcuTsEBhGnxbtsAAVzlK45No7CT6D5hRgXKplpbvqTu1r5
0GQntPnp9f3V2TQ7/TwFx4FkGLpaxrrbiDpNNEXIBr6SlFIy/tF1BogeuvkMF8+W
wxdac7veRWavMrw1s/0KdPlJbnjYcXmWIBrpoHVnT5NIz1meYs8vHU0oJ/mBjCMc
DmqcAL0cBlSOoL61OZl+MUJ4TFIIpM4WFEGGy0DhNgGsJK+4aNDvH3W2L85rt20k
Q6E/FD2dHnTbxekQ5syUzos3+5BsRVqWsBCI0MzvOvJFD9JPU+LbkTUhlw==
-----END CERTIFICATE-----