Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82ae66ad-05a3-4453-84c9-cd60b4012157.roa
File:                     82ae66ad-05a3-4453-84c9-cd60b4012157.roa (raw, json)
Hash identifier:          keMQlihHdGhzXThqeS+hn8MrGTOodeQpBIJuNyXwL+4=
Subject key identifier:   7C:5B:E3:38:9F:33:16:08:2A:AD:8E:04:72:93:CC:C8:E2:01:A3:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       69A4286D2BD65BEB2A5645689D23D89661BE3FD3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82ae66ad-05a3-4453-84c9-cd60b4012157.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        156.5.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:a4:28:6d:2b:d6:5b:eb:2a:56:45:68:9d:23:d8:96:61:be:3f:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=938affe7ba840ffe3acbe9245b4133988d667ac0c75e2b396c4deb6390c34b45, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:ab:21:9c:5f:8b:b1:ee:69:36:94:77:fb:36:
                    8a:4e:61:63:98:71:51:3e:d0:53:c2:f9:95:24:d1:
                    0e:ed:09:5a:2b:df:a1:48:f6:92:28:ac:62:b3:7a:
                    a6:1f:d5:db:57:96:aa:1a:b3:50:23:99:ed:c6:89:
                    8d:a3:2c:db:5f:ca:c5:e3:ca:31:0b:66:79:86:dd:
                    26:63:2c:6f:74:fa:47:2f:e9:54:78:f8:64:dd:8a:
                    32:98:ae:f8:44:d1:f9:d9:ee:f4:c8:5e:d7:cc:9e:
                    45:89:e7:aa:68:00:df:65:3e:86:67:25:02:94:20:
                    6a:a8:fe:d5:10:46:2b:c1:c2:fd:7e:13:aa:30:51:
                    3b:3e:64:60:46:fc:fb:20:38:04:6b:b7:1d:27:c2:
                    36:fe:b8:31:2b:10:d2:89:87:61:b9:47:bb:b6:02:
                    c8:5e:73:e6:91:9c:8c:cb:4f:e1:f3:ed:74:93:a4:
                    b7:4b:dd:07:27:91:a3:8d:5e:cd:64:8c:7c:e9:22:
                    2f:31:a9:19:11:c6:b5:65:15:7e:62:0e:67:94:f7:
                    58:bb:53:a6:2b:94:f0:fd:7c:6e:56:2a:c8:9f:8f:
                    ec:3c:1f:ac:7c:81:37:79:73:44:60:a2:34:d6:d4:
                    f7:2f:c3:a9:f4:60:8b:ba:39:8f:4a:ef:c5:0e:94:
                    2d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:5B:E3:38:9F:33:16:08:2A:AD:8E:04:72:93:CC:C8:E2:01:A3:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82ae66ad-05a3-4453-84c9-cd60b4012157.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.5.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5e:a1:40:d1:bc:06:0d:48:93:97:79:cb:23:b7:e8:1a:76:e9:
         01:db:9a:b3:8a:6c:7d:3c:6a:ea:d9:c2:1c:9e:bd:17:5f:0f:
         27:77:08:91:18:fb:60:b6:0e:e1:f7:54:0d:38:54:75:44:a4:
         91:f0:32:2a:00:90:ba:f9:c5:2d:71:72:d7:d1:48:90:6f:9d:
         57:db:06:00:e3:59:29:5a:ab:e1:86:0a:9c:39:c5:c5:79:f4:
         35:01:36:35:05:6b:be:99:b6:d9:79:e2:80:b4:1f:79:e3:64:
         f4:1f:29:44:ed:1c:0f:92:4b:53:e3:c9:b6:ff:3b:b5:dd:9f:
         1b:54:89:08:53:5c:17:af:ce:41:9e:e7:45:8e:3b:08:84:48:
         25:4d:06:d1:11:98:b4:03:9e:bc:ed:b1:cd:fc:2b:e4:c4:18:
         b4:f0:65:62:43:c1:d2:b2:2f:48:5b:bd:d5:a7:d5:e1:d4:5f:
         58:65:09:9b:6d:7a:19:ce:62:3c:ea:7d:5f:9b:b3:9f:cb:35:
         3b:a4:b6:b1:37:b6:1c:95:2a:66:19:de:66:97:af:ee:e3:0d:
         30:22:0c:98:b8:48:c1:3a:24:3e:4f:ce:59:ca:bf:4e:12:7c:
         7b:d0:77:3f:b0:64:cb:90:04:55:62:98:89:35:4c:05:67:96:
         33:c3:61:d3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaaQobSvWW+sqVkVonSPYlmG+P9MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MzhhZmZlN2JhODQwZmZlM2FjYmU5MjQ1YjQxMzM5ODhk
NjY3YWMwYzc1ZTJiMzk2YzRkZWI2MzkwYzM0YjQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD5qyGcX4ux7mk2lHf7NopOYWOYcVE+0FPC+ZUk0Q7tCVor
36FI9pIorGKzeqYf1dtXlqoas1Ajme3GiY2jLNtfysXjyjELZnmG3SZjLG90+kcv
6VR4+GTdijKYrvhE0fnZ7vTIXtfMnkWJ56poAN9lPoZnJQKUIGqo/tUQRivBwv1+
E6owUTs+ZGBG/PsgOARrtx0nwjb+uDErENKJh2G5R7u2Ashec+aRnIzLT+Hz7XST
pLdL3QcnkaONXs1kjHzpIi8xqRkRxrVlFX5iDmeU91i7U6YrlPD9fG5WKsifj+w8
H6x8gTd5c0RgojTW1Pcvw6n0YIu6OY9K78UOlC1/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfFvjOJ8zFggqrY4EcpPMyOIBo1IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyYWU2NmFkLTA1YTMtNDQ1My04NGM5LWNkNjBiNDAxMjE1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcBTANBgkqhkiG9w0BAQsFAAOCAQEAXqFA0bwGDUiTl3nLI7foGnbpAdua
s4psfTxq6tnCHJ69F18PJ3cIkRj7YLYO4fdUDThUdUSkkfAyKgCQuvnFLXFy19FI
kG+dV9sGAONZKVqr4YYKnDnFxXn0NQE2NQVrvpm22XnigLQfeeNk9B8pRO0cD5JL
U+PJtv87td2fG1SJCFNcF6/OQZ7nRY47CIRIJU0G0RGYtAOevO2xzfwr5MQYtPBl
YkPB0rIvSFu91afV4dRfWGUJm216Gc5iPOp9X5uzn8s1O6S2sTe2HJUqZhneZpev
7uMNMCIMmLhIwTokPk/OWcq/ThJ8e9B3P7Bky5AEVWKYiTVMBWeWM8Nh0w==
-----END CERTIFICATE-----