Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ca11630-dccb-4615-bfc0-ba88ec8f3c45.roa
File:                     9ca11630-dccb-4615-bfc0-ba88ec8f3c45.roa (raw, json)
Hash identifier:          fEwgnYmBUCc9cxxKflzvLUBc6tP4rnhQMj8NuN0MAlM=
Subject key identifier:   DD:17:7A:7C:D1:4A:20:A0:F0:AB:9E:30:42:21:2E:4C:04:63:D4:E3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0C654E06A7F59F2D692E56416D0DF0CCAE480B11
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ca11630-dccb-4615-bfc0-ba88ec8f3c45.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        156.4.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:65:4e:06:a7:f5:9f:2d:69:2e:56:41:6d:0d:f0:cc:ae:48:0b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=c9be0592f44817ce26ebe38276e01353dbb0df54b2f81ffad9b53dd46798ddce, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ad:3b:f8:2d:48:32:68:55:f3:f3:8e:67:93:
                    b2:3e:2c:04:56:29:f5:7e:3b:ec:cd:b5:31:1b:60:
                    44:bb:04:ee:ac:14:e5:5d:66:f4:24:03:3e:87:1d:
                    94:89:55:b6:46:5c:cb:74:62:6f:05:f7:5f:b9:ce:
                    de:53:a9:06:f0:a3:1a:80:72:c4:9f:37:13:46:d9:
                    ff:57:04:3a:1f:a9:18:cc:02:31:14:8a:77:77:56:
                    d6:8f:25:cd:a8:88:fd:a3:1b:f3:e4:aa:a9:21:d6:
                    7a:4f:5c:4c:a6:84:8d:35:7d:0a:7c:de:39:5c:cf:
                    55:72:e9:98:19:b4:dc:16:1b:da:a3:c2:20:e0:9f:
                    a6:17:a9:00:3e:81:ca:89:26:17:8c:cb:24:9c:17:
                    47:4a:b4:48:d0:73:f7:dc:8d:0c:40:7d:8a:f1:f8:
                    02:cd:78:8b:32:d2:ce:38:c1:d5:10:32:71:20:01:
                    97:e8:e5:96:29:1c:f5:ec:71:67:00:ae:0c:a7:99:
                    de:18:71:00:7a:40:42:c8:69:6b:22:f7:7f:78:a1:
                    03:89:90:8c:2b:88:6f:fd:2d:67:55:a2:ac:b0:96:
                    e6:3d:00:1b:7e:3b:18:04:58:6d:51:8d:39:90:f5:
                    32:2f:38:9c:ce:1a:c5:fb:5a:5c:fa:69:5a:af:53:
                    0b:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:17:7A:7C:D1:4A:20:A0:F0:AB:9E:30:42:21:2E:4C:04:63:D4:E3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9ca11630-dccb-4615-bfc0-ba88ec8f3c45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.4.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         52:33:11:9c:68:67:18:69:95:4b:76:9f:f7:40:da:15:f1:87:
         f5:3c:11:f3:3a:bf:f2:af:5b:0c:b7:ec:8f:4b:e2:85:67:4c:
         6a:5a:15:27:29:f8:3c:ca:c6:96:f0:94:e5:dd:93:e8:1a:2a:
         a2:3d:5c:04:ed:a9:b7:0c:af:6c:bb:a1:6f:89:ff:4e:fe:55:
         0f:02:26:69:d0:3b:cb:c1:6f:5f:9c:d6:df:81:21:db:51:f3:
         c7:7e:76:ab:84:1f:31:00:21:c1:27:ff:88:c7:22:b2:00:cb:
         61:9a:f9:c3:49:be:5a:89:ce:ed:67:24:41:7c:3b:d5:e8:05:
         06:b5:e5:e1:8c:ad:3c:f3:ca:69:45:4d:10:71:3f:82:b3:0f:
         cd:52:92:43:16:99:ba:a9:9c:bc:1d:1e:6b:ec:b1:12:ea:8f:
         01:c9:d4:54:81:51:82:2a:b7:23:ea:9e:7e:3b:f6:05:e1:d3:
         66:0c:ac:c3:6a:a4:d0:85:1d:ea:99:47:e4:0c:6d:12:84:68:
         19:1d:a1:58:d0:cd:60:c1:3e:a8:5a:29:4a:cf:15:86:ac:f9:
         97:f1:49:53:ee:a5:50:52:69:40:97:13:e9:35:9a:f7:18:40:
         1c:f1:35:27:0c:8b:84:27:c9:c5:39:1f:30:16:23:e7:04:94:
         14:75:84:65
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDGVOBqf1ny1pLlZBbQ3wzK5ICxEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOWJlMDU5MmY0NDgxN2NlMjZlYmUzODI3NmUwMTM1M2Ri
YjBkZjU0YjJmODFmZmFkOWI1M2RkNDY3OThkZGNlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDrTv4LUgyaFXz845nk7I+LARWKfV+O+zNtTEbYES7BO6s
FOVdZvQkAz6HHZSJVbZGXMt0Ym8F91+5zt5TqQbwoxqAcsSfNxNG2f9XBDofqRjM
AjEUind3VtaPJc2oiP2jG/Pkqqkh1npPXEymhI01fQp83jlcz1Vy6ZgZtNwWG9qj
wiDgn6YXqQA+gcqJJheMyyScF0dKtEjQc/fcjQxAfYrx+ALNeIsy0s44wdUQMnEg
AZfo5ZYpHPXscWcArgynmd4YcQB6QELIaWsi9394oQOJkIwriG/9LWdVoqywluY9
ABt+OxgEWG1RjTmQ9TIvOJzOGsX7Wlz6aVqvUwsdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3Rd6fNFKIKDwq54wQiEuTARj1OMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljYTExNjMwLWRjY2ItNDYxNS1iZmMwLWJhODhlYzhmM2M0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwGcBDANBgkqhkiG9w0BAQsFAAOCAQEAUjMRnGhnGGmVS3af90DaFfGH9TwR
8zq/8q9bDLfsj0vihWdMaloVJyn4PMrGlvCU5d2T6Boqoj1cBO2ptwyvbLuhb4n/
Tv5VDwImadA7y8FvX5zW34Eh21Hzx352q4QfMQAhwSf/iMcisgDLYZr5w0m+WonO
7WckQXw71egFBrXl4YytPPPKaUVNEHE/grMPzVKSQxaZuqmcvB0ea+yxEuqPAcnU
VIFRgiq3I+qefjv2BeHTZgysw2qk0IUd6plH5AxtEoRoGR2hWNDNYME+qFopSs8V
hqz5l/FJU+6lUFJpQJcT6TWa9xhAHPE1JwyLhCfJxTkfMBYj5wSUFHWEZQ==
-----END CERTIFICATE-----