Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89fcedac-138d-48cf-9895-dc577c53fc90.roa
File:                     89fcedac-138d-48cf-9895-dc577c53fc90.roa (raw, json)
Hash identifier:          jv/YRPnjLu21GRBNVzhZDBu+O9X5B3Dh9o1c2UmuoRQ=
Subject key identifier:   EE:C9:AB:A8:92:E4:B7:57:99:F2:D9:AB:95:F7:93:23:34:50:DB:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E8C247F2B330F97C9CAFC6648DE9CBC6B06E173
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89fcedac-138d-48cf-9895-dc577c53fc90.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        153.42.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:8c:24:7f:2b:33:0f:97:c9:ca:fc:66:48:de:9c:bc:6b:06:e1:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=4f3360919ffc814f5593ce7106baa42a2ef4ab864a8f33740bb26eca823e7cd5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:43:79:57:37:d6:8a:46:1b:e5:1e:d5:9d:3a:
                    1a:d1:35:ad:fc:84:90:27:1f:9b:05:03:37:c1:58:
                    bb:3b:50:c1:72:0b:22:03:60:df:35:66:a5:0d:91:
                    ac:2c:d8:d8:ec:9e:45:b6:16:5b:a2:c1:7f:c6:27:
                    84:5e:27:52:3b:85:94:6c:cc:97:77:0a:ea:d6:c8:
                    90:51:59:0a:cf:64:62:ae:f7:a0:92:46:0f:6c:e3:
                    a7:2a:97:e8:31:39:81:cb:ce:4e:00:31:0a:2d:2b:
                    9d:61:a2:44:3c:46:b1:05:19:c8:a9:eb:ed:f5:82:
                    5d:e5:a4:c5:e7:e3:c7:61:f7:c5:3e:3f:bb:2e:46:
                    9d:35:3a:2d:9a:ea:76:7b:79:a6:53:60:b1:46:22:
                    ec:80:db:6c:d2:1c:5e:f5:05:d3:bd:d1:a1:c0:91:
                    6a:89:b6:fb:c7:06:30:cd:e8:4c:0d:32:17:91:ad:
                    2e:48:bb:8f:3d:7a:79:69:8f:0d:24:01:fb:bf:86:
                    d7:b1:4e:0f:b8:ef:09:92:f8:e4:63:87:05:2e:bd:
                    9c:a4:4f:e9:cd:9a:de:29:ea:21:42:09:0a:16:07:
                    9e:e2:5e:6f:f9:d3:70:d4:a7:14:f1:6e:6b:26:9f:
                    a8:7e:1c:ab:e2:56:b3:2a:0a:09:f3:14:d1:95:c4:
                    a4:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C9:AB:A8:92:E4:B7:57:99:F2:D9:AB:95:F7:93:23:34:50:DB:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89fcedac-138d-48cf-9895-dc577c53fc90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.42.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         31:54:54:7a:f1:e7:eb:d1:54:44:08:47:00:ea:73:69:e9:32:
         74:f0:83:e6:e9:81:43:f5:8a:3d:41:64:89:bf:80:6a:f3:99:
         c0:08:7a:9b:bd:7c:c8:b5:28:1a:4f:02:46:6e:dc:0c:1a:e6:
         d9:5c:f6:02:c2:eb:a8:6b:95:68:93:f0:9e:17:a3:40:62:58:
         3a:6e:23:3d:03:cc:e9:16:4f:3b:ca:cf:99:02:95:d2:c0:06:
         00:ca:1d:38:d4:b0:69:74:08:05:7d:ff:fa:12:af:30:4c:50:
         16:e8:c8:ff:42:52:14:51:17:f3:d6:29:de:aa:d5:3a:e0:74:
         77:93:d6:2c:0f:5d:95:5f:56:94:21:b4:3f:27:4f:76:cd:c8:
         b3:65:66:87:3e:b4:86:93:d0:42:5f:28:e1:ce:83:dc:01:c2:
         77:25:9b:62:af:27:d7:a7:36:8b:19:6c:6e:99:2d:30:fc:45:
         3d:9d:6b:57:21:ba:5f:18:d5:41:a9:f2:c0:30:be:27:0e:e6:
         27:83:18:d2:c3:72:ac:af:87:ba:97:43:77:75:99:e2:16:e6:
         94:e6:42:4d:d2:c9:c3:f3:81:50:cc:be:95:5f:65:a7:d8:ab:
         e7:58:3b:84:f2:73:55:83:39:9e:02:4a:87:81:b2:8c:ed:9a:
         58:76:8b:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbowkfyszD5fJyvxmSN6cvGsG4XMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZjMzNjA5MTlmZmM4MTRmNTU5M2NlNzEwNmJhYTQyYTJl
ZjRhYjg2NGE4ZjMzNzQwYmIyNmVjYTgyM2U3Y2Q1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdQ3lXN9aKRhvlHtWdOhrRNa38hJAnH5sFAzfBWLs7UMFy
CyIDYN81ZqUNkaws2NjsnkW2FluiwX/GJ4ReJ1I7hZRszJd3CurWyJBRWQrPZGKu
96CSRg9s46cql+gxOYHLzk4AMQotK51hokQ8RrEFGcip6+31gl3lpMXn48dh98U+
P7suRp01Oi2a6nZ7eaZTYLFGIuyA22zSHF71BdO90aHAkWqJtvvHBjDN6EwNMheR
rS5Iu489enlpjw0kAfu/htexTg+47wmS+ORjhwUuvZykT+nNmt4p6iFCCQoWB57i
Xm/503DUpxTxbmsmn6h+HKviVrMqCgnzFNGVxKSpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7smrqJLkt1eZ8tmrlfeTIzRQ2/0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5ZmNlZGFjLTEzOGQtNDhjZi05ODk1LWRjNTc3YzUzZmM5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCZKjANBgkqhkiG9w0BAQsFAAOCAQEAMVRUevHn69FURAhHAOpzaekydPCD
5umBQ/WKPUFkib+AavOZwAh6m718yLUoGk8CRm7cDBrm2Vz2AsLrqGuVaJPwnhej
QGJYOm4jPQPM6RZPO8rPmQKV0sAGAModONSwaXQIBX3/+hKvMExQFujI/0JSFFEX
89Yp3qrVOuB0d5PWLA9dlV9WlCG0PydPds3Is2Vmhz60hpPQQl8o4c6D3AHCdyWb
Yq8n16c2ixlsbpktMPxFPZ1rVyG6XxjVQanywDC+Jw7mJ4MY0sNyrK+HupdDd3WZ
4hbmlOZCTdLJw/OBUMy+lV9lp9ir51g7hPJzVYM5ngJKh4GyjO2aWHaLxA==
-----END CERTIFICATE-----