Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e4e3fb9-c22e-4204-bb19-523c1c1691c2.roa
File:                     6e4e3fb9-c22e-4204-bb19-523c1c1691c2.roa (raw, json)
Hash identifier:          YPbSOVvRd81pQCBB6gwqjAPnPZyF1PM+NU32Xdms7hI=
Subject key identifier:   C1:8D:23:0C:FB:7F:BE:59:ED:D7:7E:81:E9:FF:62:95:CB:B6:08:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       74A2BAA841E0E94EB14837AE27ABD2F084B9898D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e4e3fb9-c22e-4204-bb19-523c1c1691c2.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        156.153.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:a2:ba:a8:41:e0:e9:4e:b1:48:37:ae:27:ab:d2:f0:84:b9:89:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=bd45d717fab8808d56d62ba1561aba8c992133b104ced02d888753c892149dca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:5c:4b:d9:38:3b:0c:b8:aa:c0:c5:c4:d5:24:
                    e5:86:a7:e8:8a:c9:02:79:bf:46:3c:8b:f7:24:43:
                    bc:87:20:2c:f1:01:aa:19:7b:16:08:b6:ed:d7:5a:
                    45:08:71:e4:eb:cf:5e:33:69:4d:94:31:ba:c8:1c:
                    67:23:39:10:15:c7:c2:ba:43:31:fd:e4:60:9b:bc:
                    26:13:9c:fd:dd:16:2a:aa:cb:7d:a9:4a:ac:f6:d0:
                    16:62:04:dc:12:86:5f:9a:6c:4d:20:a2:75:6b:03:
                    a3:e4:78:f7:c0:e8:34:e0:e3:8c:65:db:ea:a8:ac:
                    ae:45:04:94:95:80:62:15:57:33:cd:f4:8a:0f:c4:
                    6e:f3:e9:f3:62:47:12:f7:7f:60:a2:3f:c7:61:df:
                    d7:79:b9:40:91:66:f2:cf:7c:f4:26:4b:3b:d9:a9:
                    69:18:18:30:6b:fe:b8:48:d7:2f:c2:f8:e4:a1:d2:
                    a8:b6:3c:54:09:78:4c:42:d4:7a:dc:59:56:a9:f3:
                    6e:18:99:96:f1:44:12:b6:22:b1:d7:d8:59:39:1f:
                    50:d3:43:f4:98:6f:fa:f8:35:61:8a:30:8a:cd:b5:
                    9c:2a:19:bb:66:6e:54:d7:03:a5:b6:99:1b:a3:15:
                    85:90:0e:fc:33:1d:1c:56:d3:01:43:fb:15:79:57:
                    0f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:8D:23:0C:FB:7F:BE:59:ED:D7:7E:81:E9:FF:62:95:CB:B6:08:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e4e3fb9-c22e-4204-bb19-523c1c1691c2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:a6:f9:a7:8b:69:a8:7e:b2:c4:03:26:f6:d8:d6:61:86:1a:
         df:12:2f:fe:fc:ed:91:59:fb:66:fd:7d:be:4a:ba:d8:b7:39:
         4e:18:24:4a:63:c1:15:19:57:75:0b:e1:11:20:78:15:8b:19:
         1e:14:a7:85:61:b0:d5:ce:92:05:50:8b:94:c9:cf:f6:a0:88:
         88:a6:e3:91:82:f8:1f:73:12:a7:97:1a:00:38:7a:26:7d:49:
         f8:b1:31:95:12:d7:fe:d1:0a:b1:75:48:3d:4d:9c:de:df:d0:
         be:8e:cf:b0:19:0b:fa:d2:e9:0f:1d:30:b9:6e:7e:28:2b:a5:
         74:a2:14:cb:48:5c:37:53:a4:64:88:7c:0f:d2:16:8d:8e:3a:
         67:cd:86:ba:fa:1e:cf:39:48:77:07:be:25:47:8c:7f:67:16:
         58:99:74:9a:72:07:2b:a7:97:4d:5d:d8:f4:c9:af:0c:bf:e9:
         fe:03:6f:df:34:a5:61:c4:af:15:84:68:3a:9a:c2:92:7b:5a:
         02:fb:4c:1b:49:da:bb:96:b2:01:f8:66:21:9e:3f:b7:d2:9c:
         49:c8:e4:10:e5:a5:01:c0:15:ab:57:fa:15:22:28:74:7b:44:
         e3:c4:c2:11:84:18:c5:f4:44:fe:5b:46:ba:47:dd:09:cb:09:
         0d:b1:27:42
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdKK6qEHg6U6xSDeuJ6vS8IS5iY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDQ1ZDcxN2ZhYjg4MDhkNTZkNjJiYTE1NjFhYmE4Yzk5
MjEzM2IxMDRjZWQwMmQ4ODg3NTNjODkyMTQ5ZGNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9XEvZODsMuKrAxcTVJOWGp+iKyQJ5v0Y8i/ckQ7yHICzx
AaoZexYItu3XWkUIceTrz14zaU2UMbrIHGcjORAVx8K6QzH95GCbvCYTnP3dFiqq
y32pSqz20BZiBNwShl+abE0gonVrA6PkePfA6DTg44xl2+qorK5FBJSVgGIVVzPN
9IoPxG7z6fNiRxL3f2CiP8dh39d5uUCRZvLPfPQmSzvZqWkYGDBr/rhI1y/C+OSh
0qi2PFQJeExC1HrcWVap824YmZbxRBK2IrHX2Fk5H1DTQ/SYb/r4NWGKMIrNtZwq
GbtmblTXA6W2mRujFYWQDvwzHRxW0wFD+xV5Vw/TAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwY0jDPt/vlnt136B6f9ilcu2CJwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlNGUzZmI5LWMyMmUtNDIwNC1iYjE5LTUyM2MxYzE2OTFjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcmTANBgkqhkiG9w0BAQsFAAOCAQEAlqb5p4tpqH6yxAMm9tjWYYYa3xIv
/vztkVn7Zv19vkq62Lc5ThgkSmPBFRlXdQvhESB4FYsZHhSnhWGw1c6SBVCLlMnP
9qCIiKbjkYL4H3MSp5caADh6Jn1J+LExlRLX/tEKsXVIPU2c3t/Qvo7PsBkL+tLp
Dx0wuW5+KCuldKIUy0hcN1OkZIh8D9IWjY46Z82GuvoezzlIdwe+JUeMf2cWWJl0
mnIHK6eXTV3Y9MmvDL/p/gNv3zSlYcSvFYRoOprCkntaAvtMG0nau5ayAfhmIZ4/
t9KcScjkEOWlAcAVq1f6FSIodHtE48TCEYQYxfRE/ltGukfdCcsJDbEnQg==
-----END CERTIFICATE-----