Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa
File:                     b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa (raw, json)
Hash identifier:          JohZ8F/Hf2p1Q4BYrncwp7CKSIwlRP68K4X+8W7zVSI=
Subject key identifier:   F5:4C:48:E7:E8:14:62:9D:D5:3A:AE:36:A5:31:52:A6:27:67:66:B5
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       4EF9EC905EC9AFA1719805CEF0F1C5AE4D467511
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        76.223.176.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:f9:ec:90:5e:c9:af:a1:71:98:05:ce:f0:f1:c5:ae:4d:46:75:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: serialNumber=b18800852b5155dca44b17b44a378d1fcc00cc4e4533bcfa0a14ba70dc3ff1e5, CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fa:01:ce:31:c3:fc:e0:f9:5a:f7:8b:c4:7b:
                    8d:2e:31:8d:49:57:8a:c5:1d:70:ff:8a:66:77:36:
                    79:56:77:14:26:e1:19:07:fc:59:3e:63:55:63:00:
                    45:74:e4:75:7d:a9:d5:3e:80:1a:b5:ad:a4:5b:8e:
                    00:a8:49:59:d6:71:c6:38:52:8b:e6:f5:ef:f3:77:
                    43:48:5f:82:a0:ed:44:fa:65:2f:3a:fc:44:84:7d:
                    e2:6f:50:e6:d5:bf:ee:2b:f5:ea:5f:0e:e3:a0:22:
                    56:97:1d:a0:78:84:c2:6a:fb:91:65:6d:6c:50:e1:
                    73:22:6a:0b:c8:ad:5d:5d:eb:ec:6b:e5:a7:37:fe:
                    58:bf:1a:f3:67:27:fa:a6:3d:dc:15:9e:42:0a:fe:
                    20:7a:48:cd:d7:90:9b:69:03:d1:a6:80:5f:a1:df:
                    7a:99:d2:a5:5b:68:e1:22:8f:1b:03:6a:b4:3b:a8:
                    33:ac:2a:a7:de:d9:62:ab:e3:55:61:7f:c5:1e:e3:
                    11:34:ed:ae:44:1b:4d:f6:bc:24:26:a1:01:bc:90:
                    32:6b:cc:65:22:67:bc:b2:2a:a6:c5:b5:9e:3e:26:
                    f1:67:9b:07:0f:1b:ab:45:a3:59:63:2f:4d:6f:e0:
                    78:f8:f1:1a:24:64:48:f6:6a:c0:f7:d4:f7:ef:f3:
                    d6:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:4C:48:E7:E8:14:62:9D:D5:3A:AE:36:A5:31:52:A6:27:67:66:B5
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/b9bfd24e-7c6a-44a6-adcf-d47b47f8fee6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:81:cb:15:5c:57:e6:b5:57:a1:9b:3a:38:4e:8c:3f:e8:d6:
         24:1a:07:e7:2d:a5:10:4b:16:b9:80:6a:ad:ec:a1:a0:7b:b7:
         db:73:48:c7:c0:5a:58:81:1b:08:a0:dc:fb:80:d6:06:d2:78:
         9c:58:71:87:f0:1f:64:89:dc:53:93:1d:c9:35:66:af:30:3c:
         8e:d2:58:36:2c:d2:52:80:17:d6:de:93:8f:6f:6a:f0:d8:ed:
         50:c6:40:1d:e9:e4:c8:b6:f7:bb:58:4a:e5:dc:b8:5c:bb:d2:
         e6:a5:c9:de:47:32:21:db:da:5e:2a:ec:38:2a:65:e7:44:03:
         78:5d:30:aa:57:75:13:d5:b9:47:08:a0:9e:ce:a8:2d:c3:4b:
         25:05:ab:6f:6a:54:5b:c6:0f:fa:e4:95:2f:6d:f3:d2:d8:1c:
         40:b3:3c:51:be:e1:60:91:c9:32:a7:56:a3:37:34:5c:51:0d:
         be:74:b9:c4:01:70:87:5d:3c:ed:8c:34:d7:bd:1d:08:1d:1d:
         7c:53:1d:e9:d9:73:ed:82:f4:dc:eb:6f:2e:d3:48:63:9e:a8:
         24:b8:00:a6:c6:27:fe:6f:5b:c5:45:f3:8b:10:59:47:0b:16:
         9a:d8:12:68:b5:83:47:c0:5f:0a:f3:ff:ce:fd:88:24:d5:cf:
         3e:bd:fc:4d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTvnskF7Jr6FxmAXO8PHFrk1GdREwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTg4MDA4NTJiNTE1NWRjYTQ0YjE3YjQ0YTM3OGQxZmNj
MDBjYzRlNDUzM2JjZmEwYTE0YmE3MGRjM2ZmMWU1MS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU+gHOMcP84Pla94vEe40uMY1JV4rFHXD/imZ3NnlWdxQm
4RkH/Fk+Y1VjAEV05HV9qdU+gBq1raRbjgCoSVnWccY4Uovm9e/zd0NIX4Kg7UT6
ZS86/ESEfeJvUObVv+4r9epfDuOgIlaXHaB4hMJq+5FlbWxQ4XMiagvIrV1d6+xr
5ac3/li/GvNnJ/qmPdwVnkIK/iB6SM3XkJtpA9GmgF+h33qZ0qVbaOEijxsDarQ7
qDOsKqfe2WKr41Vhf8Ue4xE07a5EG032vCQmoQG8kDJrzGUiZ7yyKqbFtZ4+JvFn
mwcPG6tFo1ljL01v4Hj48RokZEj2asD31Pfv89aFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9UxI5+gUYp3VOq42pTFSpidnZrUwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkL2I5YmZkMjRlLTdjNmEtNDRhNi1hZGNmLWQ0N2I0N2Y4ZmVlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARM37AwDQYJKoZIhvcNAQELBQADggEBAGOByxVcV+a1V6GbOjhOjD/o1iQa
B+ctpRBLFrmAaq3soaB7t9tzSMfAWliBGwig3PuA1gbSeJxYcYfwH2SJ3FOTHck1
Zq8wPI7SWDYs0lKAF9bek49vavDY7VDGQB3p5Mi297tYSuXcuFy70ualyd5HMiHb
2l4q7DgqZedEA3hdMKpXdRPVuUcIoJ7OqC3DSyUFq29qVFvGD/rklS9t89LYHECz
PFG+4WCRyTKnVqM3NFxRDb50ucQBcIddPO2MNNe9HQgdHXxTHenZc+2C9Nzrby7T
SGOeqCS4AKbGJ/5vW8VF84sQWUcLFprYEmi1g0fAXwrz/879iCTVzz69/E0=
-----END CERTIFICATE-----