Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b7a7840-769e-43a3-87f1-4f1d679576e7.roa
File:                     4b7a7840-769e-43a3-87f1-4f1d679576e7.roa (raw, json)
Hash identifier:          innmDH1dzVrDZS+qSVSpbMEPY3cU8ByaKf2FelZEVTo=
Subject key identifier:   6F:36:70:F1:9A:A6:95:5F:F6:23:71:EB:1E:50:A5:5C:03:FB:1C:D5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CBE4650E11417A24FAFE0C877DD163D7D51F818
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b7a7840-769e-43a3-87f1-4f1d679576e7.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        72.150.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:be:46:50:e1:14:17:a2:4f:af:e0:c8:77:dd:16:3d:7d:51:f8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:98:3a:d6:38:44:54:6c:0e:50:49:7e:50:21:
                    93:fa:45:17:c3:29:81:31:dd:ee:c4:e8:3e:44:36:
                    b2:32:91:5c:d9:0d:15:40:ea:a2:5e:e9:e6:b3:8e:
                    08:13:38:0c:98:ec:ca:e8:3c:5d:ce:d8:0e:e8:b6:
                    72:09:89:86:3a:2a:20:c4:db:e2:f7:95:2b:f2:5b:
                    c7:d4:e1:79:74:f4:d6:0e:f0:b5:05:0a:9e:85:15:
                    bf:ef:ee:d7:0a:d0:b5:74:6e:fa:dc:c0:e6:30:f1:
                    46:3b:6c:58:fa:c7:e8:c4:57:79:7e:d3:e5:3a:54:
                    1a:07:d2:2a:33:cc:c6:e1:d3:e1:a3:ad:3a:82:59:
                    b5:7b:25:6c:d1:8a:c1:c4:bb:19:4b:b4:c9:a9:c5:
                    e7:24:4f:2f:51:15:2a:2a:a6:62:d0:bb:be:b7:55:
                    de:5d:9f:08:55:a8:49:e8:4a:e8:a9:60:9c:66:88:
                    55:5f:fb:9a:17:78:38:97:ed:ab:34:d2:fc:89:d8:
                    10:13:40:ec:a8:87:83:ea:f8:99:92:1e:0f:6d:ed:
                    65:85:5a:d1:31:75:09:37:60:20:ca:74:03:7e:07:
                    b8:05:88:97:fa:2b:43:b1:bf:67:44:07:9f:ae:d8:
                    21:a4:a5:60:b8:51:48:c7:11:a3:2b:7c:2a:19:e2:
                    01:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:36:70:F1:9A:A6:95:5F:F6:23:71:EB:1E:50:A5:5C:03:FB:1C:D5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4b7a7840-769e-43a3-87f1-4f1d679576e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.150.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         80:e3:5d:27:db:db:1a:ec:dd:7c:bd:2b:e5:8f:d3:21:85:54:
         dd:0b:48:b9:e8:3d:3e:6d:aa:e4:ec:de:57:dc:cf:ff:e9:72:
         a0:aa:6e:72:8e:d7:36:7d:f4:dd:7c:f5:86:f0:21:27:7d:1c:
         cf:26:2f:cc:4f:6f:49:44:29:df:c7:e3:b3:a7:58:a5:63:a2:
         4e:a2:d9:49:ec:92:99:64:e5:24:02:03:c3:ba:a1:f7:e5:85:
         25:a1:79:7d:f4:eb:0d:4e:d7:c7:92:ca:55:f5:92:cb:d9:87:
         32:4e:94:46:ec:56:b2:15:cc:cf:1b:d1:de:a7:08:ac:14:a9:
         b0:74:31:4d:2d:02:5b:1f:55:d6:11:9a:c4:2a:a2:fb:68:a5:
         84:1d:06:29:de:d5:23:cd:85:b4:63:e1:60:38:f6:3e:cd:d7:
         a6:26:86:31:0e:e8:1f:dc:a1:6c:e5:5f:f3:91:aa:ae:da:31:
         e8:84:6d:32:9f:f3:29:10:5f:70:26:14:9e:69:d1:42:88:eb:
         a1:65:5b:8c:2a:88:cb:31:eb:e0:50:b1:0b:5f:1c:e0:70:a3:
         27:de:d8:52:98:b2:ca:eb:05:be:15:24:4f:5b:da:c0:9e:97:
         ee:4c:93:7e:0a:0d:35:44:f6:5f:44:3b:ee:b9:3c:d5:d7:06:
         6d:d4:19:ca
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTL5GUOEUF6JPr+DId90WPX1R+BgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDA4N2FiY2JlMzQ4NjlkOGRkYmNhMjZkOGRkNmNhMTg3
NmM0NTMzYWU0NzVjOTVjMTExMWM1NmRiZjk1MTQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYmDrWOERUbA5QSX5QIZP6RRfDKYEx3e7E6D5ENrIykVzZ
DRVA6qJe6eazjggTOAyY7MroPF3O2A7otnIJiYY6KiDE2+L3lSvyW8fU4Xl09NYO
8LUFCp6FFb/v7tcK0LV0bvrcwOYw8UY7bFj6x+jEV3l+0+U6VBoH0iozzMbh0+Gj
rTqCWbV7JWzRisHEuxlLtMmpxeckTy9RFSoqpmLQu763Vd5dnwhVqEnoSuipYJxm
iFVf+5oXeDiX7as00vyJ2BATQOyoh4Pq+JmSHg9t7WWFWtExdQk3YCDKdAN+B7gF
iJf6K0Oxv2dEB5+u2CGkpWC4UUjHEaMrfCoZ4gHbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUbzZw8ZqmlV/2I3HrHlClXAP7HNUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRiN2E3ODQwLTc2OWUtNDNhMy04N2YxLTRmMWQ2Nzk1NzZlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBIljANBgkqhkiG9w0BAQsFAAOCAQEAgONdJ9vbGuzdfL0r5Y/TIYVU3QtI
ueg9Pm2q5OzeV9zP/+lyoKpuco7XNn303Xz1hvAhJ30czyYvzE9vSUQp38fjs6dY
pWOiTqLZSeySmWTlJAIDw7qh9+WFJaF5ffTrDU7Xx5LKVfWSy9mHMk6URuxWshXM
zxvR3qcIrBSpsHQxTS0CWx9V1hGaxCqi+2ilhB0GKd7VI82FtGPhYDj2Ps3XpiaG
MQ7oH9yhbOVf85Gqrtox6IRtMp/zKRBfcCYUnmnRQojroWVbjCqIyzHr4FCxC18c
4HCjJ97YUpiyyusFvhUkT1vawJ6X7kyTfgoNNUT2X0Q77rk81dcGbdQZyg==
-----END CERTIFICATE-----