Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6794454-fe8f-47c2-a186-e1a20a57e06f.roa
File:                     f6794454-fe8f-47c2-a186-e1a20a57e06f.roa (raw, json)
Hash identifier:          6H7bGisOhAjLGnffzvccBBMLatrcfORP/mM+kBil/4w=
Subject key identifier:   D3:CD:CB:37:03:85:1E:4F:DC:46:81:0D:22:B5:AF:DD:20:DA:2A:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F4535D3934FADA8BD203D0A7ECE0ED80DCEE67D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6794454-fe8f-47c2-a186-e1a20a57e06f.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        146.130.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:45:35:d3:93:4f:ad:a8:bd:20:3d:0a:7e:ce:0e:d8:0d:ce:e6:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=14f7bd000717dde8ebdccfd1bc32df3aab37c12efca132365717804b79dd576d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e9:73:67:90:5a:f5:00:61:fd:4e:d2:ba:56:
                    4f:77:d0:85:b9:b3:7c:a1:0a:5a:46:b1:1d:2f:c6:
                    f0:0c:8c:23:cd:f9:e2:ed:ff:17:65:13:49:08:fc:
                    8b:07:50:34:e7:e2:f6:8d:c7:6d:2c:7c:43:05:ac:
                    ff:ce:57:83:45:7f:6a:87:79:9a:0b:39:fd:b1:0a:
                    19:4b:c3:f3:b0:51:60:f8:0a:f7:bf:c9:6a:28:f4:
                    a0:3e:a6:1a:49:63:62:d3:ad:81:b4:bf:87:eb:ea:
                    d1:c4:b7:1a:8e:13:36:a4:ff:3f:45:fd:5e:f1:d4:
                    62:a2:6d:9a:5f:b7:a5:d8:96:da:05:0c:57:44:18:
                    ba:45:d0:cf:75:ee:c2:26:f6:26:10:0f:10:d3:7a:
                    97:ff:f2:08:64:af:61:a6:97:cc:43:82:77:07:9a:
                    65:e0:cc:48:b8:35:6d:20:8d:06:84:72:9a:e6:12:
                    87:7d:e7:1f:cb:04:7f:eb:af:78:ed:d2:41:4e:a5:
                    e2:a4:2d:41:44:92:2b:4b:1b:1f:4f:dc:9b:1d:dd:
                    b2:2d:06:d3:b1:0a:fb:56:45:73:b2:1d:e1:e0:88:
                    98:50:1d:17:92:11:52:4b:97:2a:c0:a3:61:b9:9d:
                    c7:b5:d7:69:eb:ad:19:05:b5:bf:79:27:7d:1e:14:
                    cb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:CD:CB:37:03:85:1E:4F:DC:46:81:0D:22:B5:AF:DD:20:DA:2A:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6794454-fe8f-47c2-a186-e1a20a57e06f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.130.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:3b:86:33:10:14:2b:90:7b:b6:ee:a1:74:63:56:a3:f6:05:
         41:ca:b3:25:8d:2b:3c:dd:9a:14:e8:54:1a:4c:8f:6b:b7:9a:
         05:c6:ea:a5:65:bd:b6:ba:5d:b3:89:37:f9:b9:0c:a9:a0:0f:
         a6:dd:ea:8e:a1:b3:24:51:76:39:b6:45:6d:fd:9b:e6:d9:4a:
         57:a0:f9:d8:27:13:36:27:c0:cf:49:38:01:88:f1:01:1c:8f:
         2c:46:40:ef:34:3d:56:3e:95:f4:65:54:ec:ac:6a:7f:23:60:
         41:e4:25:85:28:f4:26:f2:a7:ad:12:e3:5e:d9:b0:86:91:b7:
         45:45:33:11:00:c0:91:1a:41:52:df:13:9c:76:54:9c:7f:89:
         be:dd:68:ab:27:96:0f:72:52:3f:d7:bf:92:79:ce:ab:05:02:
         04:d3:2e:06:37:f4:b9:4c:aa:2b:2b:eb:96:3a:79:9f:7b:21:
         85:b6:e9:fe:1d:9d:db:f2:05:2d:67:41:ef:79:36:23:a2:fd:
         c3:e5:12:8e:87:0a:b9:ef:b5:64:96:ec:5d:77:1c:1c:ab:b4:
         ae:5b:ef:19:36:c8:48:ef:fa:6c:98:54:48:65:f3:e4:86:17:
         b4:15:3a:d2:20:a0:33:aa:c9:e2:77:f4:6e:eb:db:74:9c:a9:
         9a:1a:cc:cc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUX0U105NPrai9ID0Kfs4O2A3O5n0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGY3YmQwMDA3MTdkZGU4ZWJkY2NmZDFiYzMyZGYzYWFi
MzdjMTJlZmNhMTMyMzY1NzE3ODA0Yjc5ZGQ1NzZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD6XNnkFr1AGH9TtK6Vk930IW5s3yhClpGsR0vxvAMjCPN
+eLt/xdlE0kI/IsHUDTn4vaNx20sfEMFrP/OV4NFf2qHeZoLOf2xChlLw/OwUWD4
Cve/yWoo9KA+phpJY2LTrYG0v4fr6tHEtxqOEzak/z9F/V7x1GKibZpft6XYltoF
DFdEGLpF0M917sIm9iYQDxDTepf/8ghkr2Gml8xDgncHmmXgzEi4NW0gjQaEcprm
Eod95x/LBH/rr3jt0kFOpeKkLUFEkitLGx9P3Jsd3bItBtOxCvtWRXOyHeHgiJhQ
HReSEVJLlyrAo2G5nce112nrrRkFtb95J30eFMvJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU083LNwOFHk/cRoENIrWv3SDaKrMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2Nzk0NDU0LWZlOGYtNDdjMi1hMTg2LWUxYTIwYTU3ZTA2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSgjANBgkqhkiG9w0BAQsFAAOCAQEAeTuGMxAUK5B7tu6hdGNWo/YFQcqz
JY0rPN2aFOhUGkyPa7eaBcbqpWW9trpds4k3+bkMqaAPpt3qjqGzJFF2ObZFbf2b
5tlKV6D52CcTNifAz0k4AYjxARyPLEZA7zQ9Vj6V9GVU7KxqfyNgQeQlhSj0JvKn
rRLjXtmwhpG3RUUzEQDAkRpBUt8TnHZUnH+Jvt1oqyeWD3JSP9e/knnOqwUCBNMu
Bjf0uUyqKyvrljp5n3shhbbp/h2d2/IFLWdB73k2I6L9w+USjocKue+1ZJbsXXcc
HKu0rlvvGTbISO/6bJhUSGXz5IYXtBU60iCgM6rJ4nf0buvbdJypmhrMzA==
-----END CERTIFICATE-----