Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f77b27f-4ac9-4801-bf00-b75972fc1ba4.roa
File:                     0f77b27f-4ac9-4801-bf00-b75972fc1ba4.roa (raw, json)
Hash identifier:          6zVpZCE9hRcYED9DFVzUhRQLG6iT5xFPH7d0mvY6JgE=
Subject key identifier:   41:CE:E2:A5:BB:FB:1B:BD:40:89:27:EC:99:DB:92:E0:07:00:31:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C68CE35E9BD406949C0DC3EF4A04EB8443D5717
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f77b27f-4ac9-4801-bf00-b75972fc1ba4.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        149.187.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:68:ce:35:e9:bd:40:69:49:c0:dc:3e:f4:a0:4e:b8:44:3d:57:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=2890f77d44b11851827a5f13a2d0a1dd234631a95bd7b9168906fb2402098bb4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9f:41:56:f4:91:20:1b:3c:a4:8d:d1:7c:29:
                    32:ee:c4:3a:ad:2c:a6:fd:40:22:4d:e1:9b:10:41:
                    a2:f1:de:00:d5:6d:d8:59:d3:a9:cc:24:08:25:25:
                    04:ff:f1:3a:0e:f8:4d:74:86:76:75:77:46:dc:c6:
                    a7:6c:09:a5:b4:4f:d1:7b:9e:11:4d:4c:12:73:c6:
                    01:38:7f:07:67:81:74:4b:2f:fb:74:2a:3c:b7:77:
                    f6:95:8d:31:f1:ba:64:ac:27:86:29:4f:1b:ed:ae:
                    06:1f:7a:0a:24:d8:3e:fa:c3:16:bc:88:b0:2a:97:
                    b8:c9:ed:a9:c8:33:d2:fc:ac:17:1f:30:42:81:8a:
                    ba:ac:ba:96:1e:64:23:de:9f:8d:91:a5:d4:09:8f:
                    85:31:93:1a:75:4f:cb:da:78:0c:77:0e:a4:c0:fd:
                    0c:c6:23:1c:64:ff:f6:91:ab:42:ac:89:30:46:0f:
                    b8:55:ef:6a:13:cb:77:12:49:62:75:8c:86:fe:c5:
                    f9:43:c1:ff:c3:02:60:b0:e8:fd:ac:06:43:50:40:
                    05:d6:04:e5:fd:b9:ba:46:80:ca:c8:cd:7f:66:f7:
                    1f:13:b4:7f:26:c2:97:f5:3b:5b:38:59:c5:5b:d4:
                    ab:ea:df:29:6f:e1:2e:21:df:d5:94:78:dc:fb:11:
                    71:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:CE:E2:A5:BB:FB:1B:BD:40:89:27:EC:99:DB:92:E0:07:00:31:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f77b27f-4ac9-4801-bf00-b75972fc1ba4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.187.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         28:bb:cb:38:71:6b:b0:4a:da:3c:7f:55:46:99:b3:62:54:fb:
         ef:46:14:05:3d:9a:bb:f3:0a:e0:fa:6d:97:90:73:59:ef:39:
         eb:d1:0f:a5:65:78:41:45:08:15:f7:a2:d9:1c:40:21:84:0d:
         b9:64:7b:81:65:98:4c:dc:5b:1d:8a:0a:7f:58:45:17:c7:43:
         e0:f7:cc:c3:5d:74:be:34:83:57:c7:b5:8d:b4:1e:d2:a1:a9:
         fe:98:1e:cf:a9:f5:26:1b:ea:da:7b:f5:05:8d:68:05:26:7e:
         df:6f:a0:23:1d:15:a9:94:a4:db:71:1d:dc:50:e5:1d:50:01:
         b7:3b:dc:ac:18:ae:6b:b3:db:33:f3:ca:a5:3f:5c:6e:8f:b3:
         a6:93:04:19:3d:5a:fa:fb:62:80:0d:7b:a9:ec:19:a8:cc:65:
         d8:14:3a:c2:fc:21:1c:0c:62:f6:ea:0b:ce:f5:7b:17:8d:26:
         b1:5d:d8:35:f2:24:fa:51:8e:5e:18:da:e1:70:40:c8:59:ca:
         f0:67:15:d5:46:e4:ff:81:65:94:38:a2:52:ed:23:22:70:33:
         4b:40:65:37:9a:cd:b0:34:f1:5c:eb:31:f2:bb:f4:1c:e4:43:
         50:b6:63:fc:4a:56:4c:61:3a:e8:92:7a:63:91:a0:33:1d:e0:
         e9:f9:56:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHGjONem9QGlJwNw+9KBOuEQ9VxcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyODkwZjc3ZDQ0YjExODUxODI3YTVmMTNhMmQwYTFkZDIz
NDYzMWE5NWJkN2I5MTY4OTA2ZmIyNDAyMDk4YmI0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEn0FW9JEgGzykjdF8KTLuxDqtLKb9QCJN4ZsQQaLx3gDV
bdhZ06nMJAglJQT/8ToO+E10hnZ1d0bcxqdsCaW0T9F7nhFNTBJzxgE4fwdngXRL
L/t0Kjy3d/aVjTHxumSsJ4YpTxvtrgYfegok2D76wxa8iLAql7jJ7anIM9L8rBcf
MEKBirqsupYeZCPen42RpdQJj4Uxkxp1T8vaeAx3DqTA/QzGIxxk//aRq0KsiTBG
D7hV72oTy3cSSWJ1jIb+xflDwf/DAmCw6P2sBkNQQAXWBOX9ubpGgMrIzX9m9x8T
tH8mwpf1O1s4WcVb1Kvq3ylv4S4h39WUeNz7EXEZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQc7ipbv7G71AiSfsmduS4AcAMQcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmNzdiMjdmLTRhYzktNDgwMS1iZjAwLWI3NTk3MmZjMWJhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeVu4AwDQYJKoZIhvcNAQELBQADggEBACi7yzhxa7BK2jx/VUaZs2JU++9G
FAU9mrvzCuD6bZeQc1nvOevRD6VleEFFCBX3otkcQCGEDblke4FlmEzcWx2KCn9Y
RRfHQ+D3zMNddL40g1fHtY20HtKhqf6YHs+p9SYb6tp79QWNaAUmft9voCMdFamU
pNtxHdxQ5R1QAbc73KwYrmuz2zPzyqU/XG6Ps6aTBBk9Wvr7YoANe6nsGajMZdgU
OsL8IRwMYvbqC871exeNJrFd2DXyJPpRjl4Y2uFwQMhZyvBnFdVG5P+BZZQ4olLt
IyJwM0tAZTeazbA08VzrMfK79BzkQ1C2Y/xKVkxhOuiSemORoDMd4On5VoY=
-----END CERTIFICATE-----