Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68d3591c-60c8-42bb-973c-ab95a5a3453b.roa
File:                     68d3591c-60c8-42bb-973c-ab95a5a3453b.roa (raw, json)
Hash identifier:          UIx/1WThyELQN+JWdgB7nFPjm3iG/m0/+bqB0xG8Y4w=
Subject key identifier:   A2:4A:B1:CA:37:3A:84:7F:90:A4:63:AD:5B:AD:65:55:2F:D5:5A:D0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       616C6902085239CD30515407D9B4B747E604E460
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68d3591c-60c8-42bb-973c-ab95a5a3453b.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        149.181.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:6c:69:02:08:52:39:cd:30:51:54:07:d9:b4:b7:47:e6:04:e4:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=b9093609437953432895b539c2aea1ef9be89f9e8287af2407d58eee4c318cfe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:48:2a:33:0f:c7:ec:06:c3:14:3e:a9:f6:ee:
                    ec:19:1d:ff:e9:fc:b2:0a:1e:e8:51:16:b5:b1:38:
                    03:6a:d6:71:21:9a:11:99:b0:59:5b:98:20:8a:9f:
                    08:8a:ef:84:1c:86:d7:91:a8:db:29:21:e9:c1:cf:
                    9b:11:f5:67:de:c5:63:f1:9f:2b:7b:e7:a0:e3:7c:
                    d7:82:27:dc:2b:f4:cd:d6:9a:b3:79:ba:2d:fc:35:
                    1c:0a:2c:ec:95:5d:58:a4:d4:8b:03:eb:f8:5a:a7:
                    78:5a:8c:0b:a3:0e:a3:de:7e:c4:5d:23:25:6b:da:
                    8d:b6:3c:f2:85:f6:9c:03:76:50:5f:58:6d:4f:b5:
                    dd:bf:f0:99:3f:f9:27:e7:13:d7:60:96:20:ef:6d:
                    a2:63:66:8b:f5:b7:37:49:96:0a:7f:bd:bf:0b:9e:
                    f5:8f:2f:f0:db:9f:1d:33:77:9c:c5:61:e2:90:2c:
                    d3:c8:f4:e8:fc:41:db:31:19:53:2b:44:f4:d2:f9:
                    92:86:1d:e1:63:d0:d4:92:f9:e4:cf:a1:b8:6b:19:
                    c2:4e:a7:1d:03:cf:01:59:5a:3a:37:66:40:e0:a2:
                    97:9c:b3:73:67:0c:3a:77:6e:e1:36:f2:4a:7b:9d:
                    ca:db:66:22:9e:4e:14:4b:ad:51:89:53:5d:13:d2:
                    71:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4A:B1:CA:37:3A:84:7F:90:A4:63:AD:5B:AD:65:55:2F:D5:5A:D0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68d3591c-60c8-42bb-973c-ab95a5a3453b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.181.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         0e:fd:61:11:31:2b:d3:1a:8d:2c:e8:1a:4f:72:9e:d2:12:9e:
         9d:2b:8e:94:39:56:31:44:85:70:8d:fb:a7:4b:20:02:24:e8:
         92:5c:6c:4f:2c:0b:f6:23:29:76:ac:8c:94:ad:4c:b2:1f:be:
         2e:78:b4:34:d9:9a:46:4f:80:67:b7:f2:9f:30:e9:03:45:fb:
         59:0c:89:aa:7b:bc:99:b0:25:fe:0d:fa:a2:01:21:b6:95:c6:
         42:a4:8d:48:25:5c:22:54:17:1c:7e:71:4e:9c:29:7e:c8:fa:
         bd:fc:ee:6f:5b:03:3e:c0:b4:90:af:25:01:10:bb:27:37:d9:
         43:87:0c:87:4c:b2:27:47:bd:b9:65:1f:d0:59:35:58:7d:66:
         c6:82:4b:67:a2:c4:b0:f5:b7:8a:ea:9d:f2:cb:f3:b7:58:76:
         7d:f3:fb:40:88:10:ad:ea:cb:66:8a:89:fa:8f:2a:74:7f:ca:
         2d:63:47:60:f8:3f:5d:35:5a:ec:7e:57:51:4c:41:b3:cd:75:
         de:67:dc:d5:06:60:89:13:40:34:59:5e:09:1f:1d:ee:82:3e:
         5d:69:d5:2f:4d:be:62:0c:a5:18:7c:6c:3b:fb:a5:5e:f3:f4:
         b3:25:da:c7:b1:9a:18:29:a0:91:69:9d:e8:e7:48:80:98:30:
         3b:e7:c3:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYWxpAghSOc0wUVQH2bS3R+YE5GAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiOTA5MzYwOTQzNzk1MzQzMjg5NWI1MzljMmFlYTFlZjli
ZTg5ZjllODI4N2FmMjQwN2Q1OGVlZTRjMzE4Y2ZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvSCozD8fsBsMUPqn27uwZHf/p/LIKHuhRFrWxOANq1nEh
mhGZsFlbmCCKnwiK74QchteRqNspIenBz5sR9WfexWPxnyt756DjfNeCJ9wr9M3W
mrN5ui38NRwKLOyVXVik1IsD6/hap3hajAujDqPefsRdIyVr2o22PPKF9pwDdlBf
WG1Ptd2/8Jk/+SfnE9dgliDvbaJjZov1tzdJlgp/vb8LnvWPL/Dbnx0zd5zFYeKQ
LNPI9Oj8QdsxGVMrRPTS+ZKGHeFj0NSS+eTPobhrGcJOpx0DzwFZWjo3ZkDgopec
s3NnDDp3buE28kp7ncrbZiKeThRLrVGJU10T0nEbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUokqxyjc6hH+QpGOtW61lVS/VWtAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4ZDM1OTFjLTYwYzgtNDJiYi05NzNjLWFiOTVhNWEzNDUzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeVtQAwDQYJKoZIhvcNAQELBQADggEBAA79YRExK9MajSzoGk9yntISnp0r
jpQ5VjFEhXCN+6dLIAIk6JJcbE8sC/YjKXasjJStTLIfvi54tDTZmkZPgGe38p8w
6QNF+1kMiap7vJmwJf4N+qIBIbaVxkKkjUglXCJUFxx+cU6cKX7I+r387m9bAz7A
tJCvJQEQuyc32UOHDIdMsidHvbllH9BZNVh9ZsaCS2eixLD1t4rqnfLL87dYdn3z
+0CIEK3qy2aKifqPKnR/yi1jR2D4P101Wux+V1FMQbPNdd5n3NUGYIkTQDRZXgkf
He6CPl1p1S9NvmIMpRh8bDv7pV7z9LMl2sexmhgpoJFpnejnSICYMDvnw2c=
-----END CERTIFICATE-----