Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98d030ea-05bd-4fad-b058-d0c3e9b95544.roa
File:                     98d030ea-05bd-4fad-b058-d0c3e9b95544.roa (raw, json)
Hash identifier:          V4f9hNkqInTYBhsk5iGoD4iCYQfN3CEltHxwOVRZ7SY=
Subject key identifier:   A7:2E:5D:DF:06:26:BF:60:A8:05:8D:67:2E:D0:35:85:D2:7D:CC:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       708DCA435424A00C35D3B94612F54D179FBC01DF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98d030ea-05bd-4fad-b058-d0c3e9b95544.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        149.128.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:8d:ca:43:54:24:a0:0c:35:d3:b9:46:12:f5:4d:17:9f:bc:01:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=9d0695a89daa8d41cb2ed165e5279ee2a644abd19013e99afb13ad677622e883, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4f:07:f2:08:dc:c7:65:f5:81:6c:64:8b:e8:
                    3b:92:9e:8d:8a:b9:8b:6c:3d:06:98:e6:09:23:13:
                    0c:a9:d2:a5:c8:53:42:f2:38:84:17:f4:4f:ab:4f:
                    7c:d6:52:3f:3c:3f:50:e8:b0:15:7c:1c:ee:95:a0:
                    1f:90:d8:76:19:08:e4:2e:5e:56:ca:be:c4:2b:9a:
                    e8:cf:b9:d3:cd:fc:4b:c4:ce:57:5b:85:58:cb:45:
                    eb:49:2b:b2:97:44:14:90:12:be:99:ff:ae:a1:73:
                    f4:c9:b7:e6:8d:6a:b5:a3:52:59:6f:f3:4e:d5:ee:
                    74:e0:2e:86:1a:dc:cd:f1:f6:24:a5:5d:18:8a:55:
                    69:8a:89:51:67:7e:d0:5c:c1:21:76:f7:22:e6:e8:
                    e8:89:8a:e5:14:84:8a:01:ef:9b:9e:b9:7f:c1:d9:
                    79:cb:a7:8e:86:ee:45:0b:d4:39:02:4d:00:78:23:
                    eb:c7:8d:55:68:f3:49:ae:ce:fd:9e:65:f3:fc:74:
                    b3:ce:4c:74:59:57:78:46:a9:f3:4b:6d:3a:5f:25:
                    65:96:db:17:2e:b9:c1:00:52:2f:37:a0:e6:ae:a1:
                    24:72:b0:36:b1:5b:73:d2:39:90:49:36:c9:22:b9:
                    50:78:42:3e:bc:5e:9f:ef:56:e3:46:24:5e:04:2a:
                    f5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2E:5D:DF:06:26:BF:60:A8:05:8D:67:2E:D0:35:85:D2:7D:CC:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98d030ea-05bd-4fad-b058-d0c3e9b95544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.128.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         5e:14:a0:fa:f8:6e:a0:4f:3b:dc:e7:62:19:c1:59:be:67:ed:
         22:3b:17:0e:82:3f:bc:c0:e8:42:d2:ef:86:87:ac:98:67:62:
         26:a9:ed:ad:5a:a7:aa:e4:b6:72:da:c9:51:7b:9f:82:10:8a:
         66:7d:60:97:27:2e:53:b3:74:07:4d:7f:59:9c:2c:ee:3c:10:
         fb:82:c7:11:fd:f3:4b:cc:7a:76:97:13:49:3c:59:9c:c9:ad:
         42:9e:93:fc:57:47:26:8e:ef:83:c7:dd:00:10:d1:ef:e9:1c:
         ef:cb:79:a3:03:f3:af:60:b8:6c:ad:14:b3:26:28:a5:d4:44:
         83:9d:2b:2d:e6:e0:98:95:3d:52:56:0d:e2:93:fd:e5:30:25:
         8a:a2:4f:a5:fb:cb:4b:49:9a:93:c6:94:42:1f:d0:27:f0:46:
         a5:53:e3:d1:69:c4:98:bd:aa:74:dd:00:e1:9a:42:57:a4:1a:
         59:0c:7b:ba:1c:f9:01:91:b0:d2:fb:f5:1a:f6:87:cc:3c:ab:
         96:72:03:47:2b:20:1e:c2:98:ce:6d:7f:39:28:c7:e7:33:78:
         c3:96:6f:64:05:3a:f4:d2:3d:8f:59:58:e2:f9:17:88:ec:ce:
         9e:dd:ff:f6:2c:66:f1:da:fc:22:cf:d9:50:7a:7e:99:24:a4:
         67:13:74:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcI3KQ1QkoAw107lGEvVNF5+8Ad8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDA2OTVhODlkYWE4ZDQxY2IyZWQxNjVlNTI3OWVlMmE2
NDRhYmQxOTAxM2U5OWFmYjEzYWQ2Nzc2MjJlODgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCFTwfyCNzHZfWBbGSL6DuSno2KuYtsPQaY5gkjEwyp0qXI
U0LyOIQX9E+rT3zWUj88P1DosBV8HO6VoB+Q2HYZCOQuXlbKvsQrmujPudPN/EvE
zldbhVjLRetJK7KXRBSQEr6Z/66hc/TJt+aNarWjUllv807V7nTgLoYa3M3x9iSl
XRiKVWmKiVFnftBcwSF29yLm6OiJiuUUhIoB75ueuX/B2XnLp46G7kUL1DkCTQB4
I+vHjVVo80muzv2eZfP8dLPOTHRZV3hGqfNLbTpfJWWW2xcuucEAUi83oOauoSRy
sDaxW3PSOZBJNskiuVB4Qj68Xp/vVuNGJF4EKvVlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpy5d3wYmv2CoBY1nLtA1hdJ9zEowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4ZDAzMGVhLTA1YmQtNGZhZC1iMDU4LWQwYzNlOWI5NTU0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeVgIAwDQYJKoZIhvcNAQELBQADggEBAF4UoPr4bqBPO9znYhnBWb5n7SI7
Fw6CP7zA6ELS74aHrJhnYiap7a1ap6rktnLayVF7n4IQimZ9YJcnLlOzdAdNf1mc
LO48EPuCxxH980vMenaXE0k8WZzJrUKek/xXRyaO74PH3QAQ0e/pHO/LeaMD869g
uGytFLMmKKXURIOdKy3m4JiVPVJWDeKT/eUwJYqiT6X7y0tJmpPGlEIf0CfwRqVT
49FpxJi9qnTdAOGaQlekGlkMe7oc+QGRsNL79Rr2h8w8q5ZyA0crIB7CmM5tfzko
x+czeMOWb2QFOvTSPY9ZWOL5F4jszp7d//YsZvHa/CLP2VB6fpkkpGcTdMA=
-----END CERTIFICATE-----