Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db4c6d5b-c4cf-4f33-b072-e1cadd5f7f3d.roa
File:                     db4c6d5b-c4cf-4f33-b072-e1cadd5f7f3d.roa (raw, json)
Hash identifier:          vyErpC3A2u9ZUoXYr15AiskUkZpkUUoIh6IAVvI7aHo=
Subject key identifier:   30:89:D6:2D:69:C9:55:E9:35:EA:B9:A2:5B:FE:12:4A:21:F9:D3:81
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       429B6ECAC24B1A500C68A54CC680C8F8236F4AD3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db4c6d5b-c4cf-4f33-b072-e1cadd5f7f3d.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        129.239.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:9b:6e:ca:c2:4b:1a:50:0c:68:a5:4c:c6:80:c8:f8:23:6f:4a:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=f14df50528c953229f842a3dec88a3d0f7bccb24200cd78784258250f74bd915, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:59:cf:87:70:1d:0d:38:f7:a4:bd:4a:bc:8f:
                    58:5a:31:0b:95:7b:55:78:37:ef:73:4f:6c:c2:e6:
                    88:01:34:27:58:23:a4:da:68:be:b1:55:bb:31:99:
                    61:b2:da:72:13:8d:19:33:db:3b:86:87:e3:dd:7a:
                    a5:22:b0:c3:39:4f:99:09:09:50:d5:10:a4:f6:c0:
                    52:44:6f:c2:18:d1:c2:13:45:af:50:44:24:52:73:
                    3a:66:fd:fc:3a:fb:2c:0f:9e:e3:7e:41:aa:91:81:
                    d2:16:d0:8c:26:6d:59:aa:8a:30:5c:76:c4:be:d1:
                    25:cd:3c:fa:4d:a8:c0:7b:09:bb:80:88:8c:80:f8:
                    f4:5e:0c:8f:fc:99:57:2a:5d:52:52:6d:b4:5a:43:
                    99:4a:36:4f:51:ec:16:ba:6b:06:36:71:65:f4:ac:
                    c7:48:bf:24:83:90:00:69:25:b0:4d:91:b8:ad:00:
                    a7:3d:3c:22:bc:43:b5:cb:91:85:88:0f:c1:56:f5:
                    76:d0:7f:00:5a:2a:15:85:ae:a1:d7:fe:6f:a5:25:
                    4a:4c:53:07:57:46:71:6d:10:3d:e4:c5:58:ab:5a:
                    65:68:46:a8:c2:f3:de:bb:f0:1e:98:c9:66:7e:db:
                    83:de:2b:e8:b9:35:22:78:22:bc:97:97:76:33:db:
                    be:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:89:D6:2D:69:C9:55:E9:35:EA:B9:A2:5B:FE:12:4A:21:F9:D3:81
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/db4c6d5b-c4cf-4f33-b072-e1cadd5f7f3d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a7:28:d5:39:ba:2a:46:79:5d:7a:0b:63:e9:0c:e8:3b:e2:ec:
         e7:59:d2:4c:71:bb:92:b0:cc:c5:77:a2:24:0f:75:9c:81:00:
         e1:ed:da:de:98:0f:32:ac:6a:b3:69:7a:54:e8:16:50:64:0a:
         32:b9:80:89:a1:c1:41:f0:79:60:df:1d:c0:97:7e:de:7c:3c:
         76:2e:36:0a:ec:79:47:60:9c:b8:9d:d5:50:ba:4a:d2:17:e7:
         9b:63:0c:e5:04:1e:a9:6a:3b:43:9d:5c:67:44:d4:93:95:b8:
         84:73:5f:0c:d1:4b:37:f7:71:ff:13:31:ef:63:44:20:b3:ab:
         b1:5b:d5:6e:74:12:ef:da:5f:7a:2c:6e:39:85:0b:97:21:cd:
         9a:ae:ad:7d:d0:fd:06:79:7e:f0:e5:88:da:c5:51:62:18:d9:
         31:09:8c:df:6e:97:5e:b8:76:67:7f:8f:7c:10:a3:9d:b1:2c:
         dd:1b:95:75:78:b2:2e:1c:aa:00:2f:63:7b:3c:4c:ff:0b:f5:
         db:79:f1:00:d9:a9:cd:15:da:c9:15:22:53:87:e7:03:aa:f9:
         40:8b:d6:b8:45:8f:66:f5:9b:b5:f8:ba:c6:ff:72:c1:a3:69:
         b7:87:fa:ef:04:3a:48:48:d7:fb:86:a9:61:42:22:62:a1:cd:
         d1:09:ad:c8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQptuysJLGlAMaKVMxoDI+CNvStMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTRkZjUwNTI4Yzk1MzIyOWY4NDJhM2RlYzg4YTNkMGY3
YmNjYjI0MjAwY2Q3ODc4NDI1ODI1MGY3NGJkOTE1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0Wc+HcB0NOPekvUq8j1haMQuVe1V4N+9zT2zC5ogBNCdY
I6TaaL6xVbsxmWGy2nITjRkz2zuGh+PdeqUisMM5T5kJCVDVEKT2wFJEb8IY0cIT
Ra9QRCRSczpm/fw6+ywPnuN+QaqRgdIW0IwmbVmqijBcdsS+0SXNPPpNqMB7CbuA
iIyA+PReDI/8mVcqXVJSbbRaQ5lKNk9R7Ba6awY2cWX0rMdIvySDkABpJbBNkbit
AKc9PCK8Q7XLkYWID8FW9XbQfwBaKhWFrqHX/m+lJUpMUwdXRnFtED3kxVirWmVo
RqjC89678B6YyWZ+24PeK+i5NSJ4IryXl3Yz274NAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMInWLWnJVek16rmiW/4SSiH504EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RiNGM2ZDViLWM0Y2YtNGYzMy1iMDcyLWUxY2FkZDVmN2YzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCB7zANBgkqhkiG9w0BAQsFAAOCAQEApyjVOboqRnldegtj6QzoO+Ls51nS
THG7krDMxXeiJA91nIEA4e3a3pgPMqxqs2l6VOgWUGQKMrmAiaHBQfB5YN8dwJd+
3nw8di42Cux5R2CcuJ3VULpK0hfnm2MM5QQeqWo7Q51cZ0TUk5W4hHNfDNFLN/dx
/xMx72NEILOrsVvVbnQS79pfeixuOYULlyHNmq6tfdD9Bnl+8OWI2sVRYhjZMQmM
326XXrh2Z3+PfBCjnbEs3RuVdXiyLhyqAC9jezxM/wv123nxANmpzRXayRUiU4fn
A6r5QIvWuEWPZvWbtfi6xv9ywaNpt4f67wQ6SEjX+4apYUIiYqHN0QmtyA==
-----END CERTIFICATE-----