Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f288cd5-c89e-4272-bb47-d41d62f222c4.roa
File:                     7f288cd5-c89e-4272-bb47-d41d62f222c4.roa (raw, json)
Hash identifier:          4i1xS+SvRFobxWrsvdBvsGKDeXpS0a9D/khk3oF/uj8=
Subject key identifier:   21:D5:22:07:A2:A2:36:81:99:64:09:9E:AB:87:69:9C:AC:C8:ED:D7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       42135619A2A814CA0C515FE9E6BB2F4DC29D25FF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f288cd5-c89e-4272-bb47-d41d62f222c4.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        158.254.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:13:56:19:a2:a8:14:ca:0c:51:5f:e9:e6:bb:2f:4d:c2:9d:25:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=3b5f97ebd800514c224139ac603dc06e511a6b00241dcf96528548058d46b654, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:4b:e8:59:46:c1:57:67:9a:9d:3a:6a:32:59:
                    4c:26:74:d6:14:49:d8:4d:45:84:86:9c:ad:30:23:
                    03:20:35:be:81:e1:5e:a0:6c:f2:cb:54:cc:49:2b:
                    65:29:8d:e1:c5:ae:ff:4d:9b:f6:55:7d:5e:16:e9:
                    b0:9b:f5:e1:a5:76:40:0c:f7:75:db:eb:9c:2f:0e:
                    36:84:d6:51:42:06:c0:28:68:ec:2f:eb:d6:1e:bf:
                    d4:ad:12:26:18:9e:7f:5b:c7:01:43:27:1e:0e:77:
                    9b:db:5d:41:22:53:90:a2:66:4a:25:c7:75:54:c3:
                    e6:66:95:05:e7:5f:40:ed:76:3b:20:8e:96:78:e1:
                    33:35:22:fe:67:ad:b0:bd:92:c5:a2:53:32:87:5c:
                    86:31:9b:45:5e:96:31:d5:44:8d:df:4e:9a:49:cb:
                    3a:f7:03:d3:f0:28:f1:ee:0c:27:5e:bc:a0:e0:14:
                    3c:3e:d6:0d:9a:0c:ad:f8:18:99:1d:04:08:80:9d:
                    bb:73:9a:45:ab:2e:e5:f3:a0:d6:a6:fc:4c:f1:af:
                    34:6f:4f:4d:ff:bb:f8:05:e8:ef:f5:e4:9a:d7:16:
                    d1:c5:bd:16:15:d3:28:0b:03:30:8a:8f:d2:2d:5a:
                    ef:0f:57:35:99:55:bf:f1:f1:04:a4:ef:35:95:d1:
                    3f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D5:22:07:A2:A2:36:81:99:64:09:9E:AB:87:69:9C:AC:C8:ED:D7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f288cd5-c89e-4272-bb47-d41d62f222c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b7:72:7e:9c:78:cb:31:6f:33:17:00:3c:8b:66:6d:66:f6:d7:
         7f:75:f5:06:b2:45:8f:f0:cb:c3:f1:fe:d2:af:ed:3f:c5:56:
         a1:d8:51:de:e8:3e:f5:72:cf:56:f9:20:30:fe:64:3d:37:11:
         4e:a0:d6:25:35:17:06:78:aa:7f:38:f1:db:53:f1:be:b4:38:
         c6:6b:46:fe:81:9d:f8:da:b8:64:38:d4:c0:75:7e:6f:17:39:
         db:fc:3e:45:6c:95:19:e3:3a:11:17:e3:00:24:d5:58:31:03:
         78:e2:4a:4e:af:2a:72:f3:7e:22:17:09:c7:d2:5f:8e:39:f9:
         62:2f:5e:d4:20:a3:6f:95:5d:66:99:09:a6:65:a7:96:42:8b:
         37:06:f0:85:e4:c1:13:42:1f:15:dd:dc:23:a8:51:21:90:30:
         90:b0:fc:ae:c8:0c:86:7a:55:b3:af:dc:75:67:18:70:2f:85:
         d1:bf:7b:8e:18:d3:2b:ef:a4:8f:80:c2:68:20:ed:d7:a2:1a:
         36:25:88:de:92:54:57:a9:bd:74:09:a8:e5:9d:59:98:90:37:
         92:47:40:47:ba:75:a7:2d:17:d6:e2:45:ae:92:d7:27:09:e5:
         2b:de:4a:ec:ff:6b:cb:4e:77:67:5c:67:38:cd:a5:5e:f0:0c:
         0e:db:bf:53
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQhNWGaKoFMoMUV/p5rsvTcKdJf8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYjVmOTdlYmQ4MDA1MTRjMjI0MTM5YWM2MDNkYzA2ZTUx
MWE2YjAwMjQxZGNmOTY1Mjg1NDgwNThkNDZiNjU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3S+hZRsFXZ5qdOmoyWUwmdNYUSdhNRYSGnK0wIwMgNb6B
4V6gbPLLVMxJK2UpjeHFrv9Nm/ZVfV4W6bCb9eGldkAM93Xb65wvDjaE1lFCBsAo
aOwv69Yev9StEiYYnn9bxwFDJx4Od5vbXUEiU5CiZkolx3VUw+ZmlQXnX0Dtdjsg
jpZ44TM1Iv5nrbC9ksWiUzKHXIYxm0VeljHVRI3fTppJyzr3A9PwKPHuDCdevKDg
FDw+1g2aDK34GJkdBAiAnbtzmkWrLuXzoNam/EzxrzRvT03/u/gF6O/15JrXFtHF
vRYV0ygLAzCKj9ItWu8PVzWZVb/x8QSk7zWV0T89AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIdUiB6KiNoGZZAmeq4dpnKzI7dcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmMjg4Y2Q1LWM4OWUtNDI3Mi1iYjQ3LWQ0MWQ2MmYyMjJjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCe/jANBgkqhkiG9w0BAQsFAAOCAQEAt3J+nHjLMW8zFwA8i2ZtZvbXf3X1
BrJFj/DLw/H+0q/tP8VWodhR3ug+9XLPVvkgMP5kPTcRTqDWJTUXBniqfzjx21Px
vrQ4xmtG/oGd+Nq4ZDjUwHV+bxc52/w+RWyVGeM6ERfjACTVWDEDeOJKTq8qcvN+
IhcJx9Jfjjn5Yi9e1CCjb5VdZpkJpmWnlkKLNwbwheTBE0IfFd3cI6hRIZAwkLD8
rsgMhnpVs6/cdWcYcC+F0b97jhjTK++kj4DCaCDt16IaNiWI3pJUV6m9dAmo5Z1Z
mJA3kkdAR7p1py0X1uJFrpLXJwnlK95K7P9ry053Z1xnOM2lXvAMDtu/Uw==
-----END CERTIFICATE-----