Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/7304aa90-e686-497c-8fd4-4fb8a37f3c47.roa
File:                     7304aa90-e686-497c-8fd4-4fb8a37f3c47.roa (raw, json)
Hash identifier:          L2pHsvsVclW/tUYKfitY13ALdZtrqV6WAUjrMKzXHMI=
Subject key identifier:   A1:86:97:4F:33:8F:C4:4A:64:B4:56:03:19:3A:87:2A:59:A4:7B:55
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       590117CC498E3F76E315C8D25772CD8CDFE38AFD
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/7304aa90-e686-497c-8fd4-4fb8a37f3c47.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        206.55.131.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:01:17:cc:49:8e:3f:76:e3:15:c8:d2:57:72:cd:8c:df:e3:8a:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e1:7a:8a:08:80:57:e6:ba:e2:7b:52:50:1f:
                    ae:db:e6:1e:04:a8:9c:30:f5:42:8a:70:64:a0:e1:
                    a7:71:aa:d7:9e:96:22:8f:c7:db:2c:55:1b:e6:12:
                    58:59:bf:dd:26:fc:31:5e:fa:b9:93:2e:b0:c9:2a:
                    d9:ac:ac:18:c5:14:37:a7:33:27:1f:8f:c1:27:f5:
                    89:2b:ab:97:c4:17:28:31:c6:48:1a:f1:8e:15:ef:
                    a8:2e:11:5f:c5:0c:d7:f7:4e:2a:ea:d4:3c:04:5f:
                    1d:a7:eb:60:49:c1:dd:d7:0f:10:86:61:9e:1e:ee:
                    c5:17:7c:51:e0:18:9b:7f:11:d6:2b:3b:9e:d8:c4:
                    e0:ca:00:98:26:63:7c:35:28:ed:50:dc:f4:11:9a:
                    a5:c6:69:b7:46:ed:27:f7:04:51:68:21:6d:11:86:
                    42:11:b1:58:a3:7c:94:fc:62:0a:b5:d3:68:d7:28:
                    47:0d:ff:f5:8f:0f:40:5c:7d:fe:8c:13:ab:74:4b:
                    16:c7:d1:bc:7f:20:91:98:23:f8:69:ec:99:7a:b1:
                    7e:2b:29:23:4a:57:ca:2e:99:90:3b:1e:e7:ef:65:
                    67:80:a4:76:6f:4f:59:5e:98:0d:41:bc:06:22:53:
                    4a:c7:85:ac:56:9f:89:d6:dc:94:cc:e7:7e:e8:42:
                    a3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:86:97:4F:33:8F:C4:4A:64:B4:56:03:19:3A:87:2A:59:A4:7B:55
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/7304aa90-e686-497c-8fd4-4fb8a37f3c47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.55.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:2a:ab:eb:eb:d8:67:ec:c4:f7:cf:aa:03:15:93:8b:a5:52:
         f8:c2:16:db:93:d8:a0:fc:aa:93:48:15:b9:42:93:37:f4:c2:
         b8:1e:20:d6:15:35:44:bd:57:96:00:77:2b:27:c6:20:aa:16:
         79:04:24:65:e0:47:e0:0c:62:a8:27:76:4f:82:ef:5f:a7:1a:
         56:9c:16:7f:64:db:d0:bf:4d:6e:4a:05:da:d2:e4:62:33:10:
         93:9f:a4:0e:7f:f2:3e:c6:a0:5c:6e:46:b6:8c:f2:90:96:2b:
         ed:24:54:c3:32:18:a4:c5:2c:74:75:c4:e6:6b:b6:d6:63:72:
         3a:9b:d5:5d:82:5b:4f:8d:94:a7:5b:18:41:80:d6:b5:ea:57:
         91:af:89:fe:97:f0:0c:3c:53:d1:7f:49:92:8c:93:57:4e:53:
         eb:c3:a2:c9:bb:93:52:a2:eb:98:3d:96:d5:c8:75:c8:f0:45:
         8e:b4:6f:91:1d:04:8e:25:c8:aa:a8:5e:17:0f:f0:04:7a:bc:
         fd:54:d6:b3:39:c2:82:f7:1c:be:42:fc:c6:1d:4b:87:04:23:
         e5:af:77:5b:cc:c8:1f:d4:f9:d5:0d:de:09:6a:92:bd:f8:7a:
         7c:93:b4:2e:8d:01:e3:44:06:0e:c2:8a:7b:97:2f:c0:b2:81:
         92:18:bf:a0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWQEXzEmOP3bjFcjSV3LNjN/jiv0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzg2NGU3OTQwZDUwNjcwYWExYTE2ZGUxMmMwMTRkOTQ1
MGUzMTY3YWJjZGYyODg0ZGYyY2NjMjZiZjMxNWEzMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCc4XqKCIBX5rrie1JQH67b5h4EqJww9UKKcGSg4adxqtee
liKPx9ssVRvmElhZv90m/DFe+rmTLrDJKtmsrBjFFDenMycfj8En9Ykrq5fEFygx
xkga8Y4V76guEV/FDNf3Tirq1DwEXx2n62BJwd3XDxCGYZ4e7sUXfFHgGJt/EdYr
O57YxODKAJgmY3w1KO1Q3PQRmqXGabdG7Sf3BFFoIW0RhkIRsVijfJT8Ygq102jX
KEcN//WPD0Bcff6ME6t0SxbH0bx/IJGYI/hp7Jl6sX4rKSNKV8oumZA7HufvZWeA
pHZvT1lemA1BvAYiU0rHhaxWn4nW3JTM537oQqP1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoYaXTzOPxEpktFYDGTqHKlmke1UwHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzczMDRhYTkwLWU2ODYtNDk3Yy04ZmQ0LTRmYjhhMzdmM2M0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADON4MwDQYJKoZIhvcNAQELBQADggEBAFEqq+vr2GfsxPfPqgMVk4ulUvjC
FtuT2KD8qpNIFblCkzf0wrgeINYVNUS9V5YAdysnxiCqFnkEJGXgR+AMYqgndk+C
71+nGlacFn9k29C/TW5KBdrS5GIzEJOfpA5/8j7GoFxuRraM8pCWK+0kVMMyGKTF
LHR1xOZrttZjcjqb1V2CW0+NlKdbGEGA1rXqV5Gvif6X8Aw8U9F/SZKMk1dOU+vD
osm7k1Ki65g9ltXIdcjwRY60b5EdBI4lyKqoXhcP8AR6vP1U1rM5woL3HL5C/MYd
S4cEI+Wvd1vMyB/U+dUN3glqkr34enyTtC6NAeNEBg7CinuXL8CygZIYv6A=
-----END CERTIFICATE-----