Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d90d63ec-9d65-4d9f-a290-2ecb84f5e98f.roa
File:                     d90d63ec-9d65-4d9f-a290-2ecb84f5e98f.roa (raw, json)
Hash identifier:          dww4slwSoCgzA45u1YRVhuhkGmWfENstyV9+fkJ5LLY=
Subject key identifier:   09:87:45:87:6E:0C:C7:47:82:16:22:AA:A9:FA:A9:65:75:BE:3D:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77FC4530E8A643525B8086EC1D11403F9B3D450F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d90d63ec-9d65-4d9f-a290-2ecb84f5e98f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        194.148.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:fc:45:30:e8:a6:43:52:5b:80:86:ec:1d:11:40:3f:9b:3d:45:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=1f2074d46b500ac6e2f0b8eb4de8d85f9d9650a31fe8a13e19611c0670c81f58, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:09:a7:59:e3:5c:ff:2a:e9:3e:f4:6e:41:55:
                    09:94:44:14:26:86:9d:f8:e1:1f:95:65:a8:ac:28:
                    81:30:95:f9:7b:72:f2:96:64:4a:6e:1d:3a:88:aa:
                    86:c6:bc:c4:1c:23:5f:bc:41:f8:79:03:85:4a:b8:
                    39:1f:66:e5:66:f1:66:3c:5e:e6:e7:3b:22:eb:ad:
                    20:e6:16:6f:e4:7f:7e:b7:53:ee:35:f5:d3:25:2f:
                    2c:3b:d8:03:44:b2:6a:ce:6d:13:96:a9:96:83:bb:
                    6a:37:13:cb:35:21:d9:7c:91:7a:ca:00:9d:f8:2c:
                    53:5c:8e:5c:5d:33:ea:0e:8e:c2:8f:c9:ff:f0:46:
                    d9:2c:57:42:57:61:39:e3:2d:26:e4:c8:bd:e7:fc:
                    68:ec:43:ee:15:7d:ce:68:1d:13:ab:a1:da:38:a3:
                    8f:df:34:3d:83:3d:6b:16:f4:c1:20:47:ed:35:69:
                    21:30:82:5b:6b:33:30:4f:e7:2d:de:a6:89:cb:74:
                    af:df:3a:03:d7:69:cf:21:82:6d:54:5a:12:88:17:
                    9e:a0:6d:ef:f9:2d:76:25:a8:c1:0b:06:98:d9:be:
                    db:3b:4e:b5:72:a7:5b:2f:93:63:c8:ed:15:09:f8:
                    b7:07:d3:e1:39:7d:a6:56:a4:0e:3a:33:e1:ca:f6:
                    44:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:87:45:87:6E:0C:C7:47:82:16:22:AA:A9:FA:A9:65:75:BE:3D:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d90d63ec-9d65-4d9f-a290-2ecb84f5e98f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.148.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         6b:ed:a4:02:30:4f:4a:00:1b:51:90:c4:f4:c6:0f:87:70:31:
         8a:8a:b3:38:fa:67:86:e0:35:d7:d4:ae:9c:0a:0e:35:11:ca:
         f7:02:be:93:17:0a:3b:87:c3:81:fc:84:c9:38:34:a5:e6:5e:
         9b:81:89:73:05:e1:10:98:a9:6c:00:d8:92:3d:25:21:75:10:
         d7:5a:a2:1e:ee:61:72:d1:6f:1a:ac:0d:45:b2:b2:16:4a:cd:
         ad:43:45:d2:14:93:03:a3:dc:0c:1f:96:82:4a:ea:d8:99:c2:
         25:d6:0c:70:1e:15:5e:25:a1:ff:84:12:dd:a6:6f:c5:52:2c:
         7f:53:97:50:43:fe:5e:fb:00:e8:b2:22:5a:c9:86:0a:c5:2f:
         92:55:1c:de:da:37:3d:3c:76:76:90:0c:15:a1:ee:60:10:31:
         fa:ca:d6:4c:73:67:cb:65:19:78:10:9f:35:ce:06:66:00:cc:
         98:9f:08:58:5c:30:11:96:f9:b7:fc:78:30:3a:fe:27:6a:93:
         1a:35:30:8e:91:a6:6a:bb:1f:f0:fc:5b:2f:a3:4a:ef:22:bd:
         b5:39:8c:79:c3:fc:66:c2:eb:a5:4c:6e:8d:fc:f4:40:f1:78:
         e0:e8:20:9d:df:44:8d:7c:a0:df:1b:6c:35:66:0b:f2:fe:f2:
         5e:7d:cf:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUd/xFMOimQ1JbgIbsHRFAP5s9RQ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZjIwNzRkNDZiNTAwYWM2ZTJmMGI4ZWI0ZGU4ZDg1Zjlk
OTY1MGEzMWZlOGExM2UxOTYxMWMwNjcwYzgxZjU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1CadZ41z/Kuk+9G5BVQmURBQmhp344R+VZaisKIEwlfl7
cvKWZEpuHTqIqobGvMQcI1+8Qfh5A4VKuDkfZuVm8WY8XubnOyLrrSDmFm/kf363
U+419dMlLyw72ANEsmrObROWqZaDu2o3E8s1Idl8kXrKAJ34LFNcjlxdM+oOjsKP
yf/wRtksV0JXYTnjLSbkyL3n/GjsQ+4Vfc5oHROrodo4o4/fND2DPWsW9MEgR+01
aSEwgltrMzBP5y3eponLdK/fOgPXac8hgm1UWhKIF56gbe/5LXYlqMELBpjZvts7
TrVyp1svk2PI7RUJ+LcH0+E5faZWpA46M+HK9kTNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCYdFh24Mx0eCFiKqqfqpZXW+PZYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5MGQ2M2VjLTlkNjUtNGQ5Zi1hMjkwLTJlY2I4NGY1ZTk4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfClIAwDQYJKoZIhvcNAQELBQADggEBAGvtpAIwT0oAG1GQxPTGD4dwMYqK
szj6Z4bgNdfUrpwKDjURyvcCvpMXCjuHw4H8hMk4NKXmXpuBiXMF4RCYqWwA2JI9
JSF1ENdaoh7uYXLRbxqsDUWyshZKza1DRdIUkwOj3AwfloJK6tiZwiXWDHAeFV4l
of+EEt2mb8VSLH9Tl1BD/l77AOiyIlrJhgrFL5JVHN7aNz08dnaQDBWh7mAQMfrK
1kxzZ8tlGXgQnzXOBmYAzJifCFhcMBGW+bf8eDA6/idqkxo1MI6Rpmq7H/D8Wy+j
Su8ivbU5jHnD/GbC66VMbo389EDxeODoIJ3fRI18oN8bbDVmC/L+8l59z/E=
-----END CERTIFICATE-----