Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5bb79540-5c2f-456f-ae30-7941028a46e4.roa
File:                     5bb79540-5c2f-456f-ae30-7941028a46e4.roa (raw, json)
Hash identifier:          4DBZ6eNuKnNjj3HvAq3sjA3PzyuMhhD/DmH9rLETHaE=
Subject key identifier:   9E:4F:FE:A5:90:63:7A:D6:32:B8:9A:C9:9A:65:1C:33:D4:D5:AB:C4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5ABE4DA0222E6BA2C060D5A3F0EAB653A1196C24
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5bb79540-5c2f-456f-ae30-7941028a46e4.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        156.5.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:be:4d:a0:22:2e:6b:a2:c0:60:d5:a3:f0:ea:b6:53:a1:19:6c:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:60:d5:b3:d2:2e:c9:00:ec:d7:79:07:c7:61:
                    de:87:cc:aa:2b:f7:69:75:0b:07:07:09:8a:ed:b6:
                    38:9b:99:ea:0b:13:1f:3f:78:b5:64:35:36:87:51:
                    cb:eb:a5:a6:33:37:16:83:f6:d2:6e:63:74:48:d7:
                    69:bf:96:5e:1e:d3:9f:a2:ad:cc:bf:00:ec:75:17:
                    71:69:5c:32:14:59:93:2b:77:f5:ff:18:e5:54:c8:
                    a8:76:ba:de:4f:8b:cf:b9:3e:df:71:bf:44:b8:5e:
                    fb:27:df:41:b1:50:34:04:e9:06:bd:c8:69:04:43:
                    1c:09:48:be:35:48:8a:fe:bf:ed:f0:6f:e0:41:8d:
                    4c:a7:2c:7a:2a:d0:71:9c:d1:7f:ab:33:06:bf:f2:
                    64:2e:bb:2d:98:69:f4:ac:0b:2b:47:fa:48:fe:c7:
                    0c:ab:ce:ce:71:21:5c:43:33:04:f4:6a:e8:5f:2d:
                    99:71:74:96:c7:78:ed:37:7b:d2:6f:d5:b2:85:10:
                    51:2f:b2:11:06:d2:6b:97:8d:ca:8f:56:df:29:c1:
                    87:b8:fc:11:3c:bf:77:12:37:63:95:83:36:9f:e7:
                    6d:42:95:f2:bd:7a:e9:b3:5a:e2:3e:2b:e2:78:65:
                    b5:f1:bd:91:92:cc:8d:ec:8f:0f:4d:b6:46:e6:14:
                    77:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:4F:FE:A5:90:63:7A:D6:32:B8:9A:C9:9A:65:1C:33:D4:D5:AB:C4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5bb79540-5c2f-456f-ae30-7941028a46e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.5.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d3:5e:da:48:6b:7f:48:2d:8d:1a:2d:cb:ab:9d:9a:f8:cd:5b:
         87:25:0e:60:c7:01:96:f3:f1:ee:c8:11:db:e9:26:5c:4a:e7:
         2e:c9:60:e0:0a:8c:c3:3c:94:39:02:6c:63:1f:f3:92:86:24:
         f1:e8:cd:44:75:0a:d6:b0:cf:d3:fb:01:cc:18:bb:cb:82:8b:
         7b:20:ef:18:75:b5:9e:74:fd:8b:4b:93:e1:39:d3:b6:da:5b:
         0d:c1:a8:44:ce:bf:b0:81:22:f1:72:d2:f5:b1:c7:05:15:9a:
         07:1c:33:16:21:b6:4d:9f:55:06:e7:85:6f:db:34:fb:fc:2f:
         73:54:18:eb:e4:cb:d3:b2:21:fa:f4:a0:61:9d:8e:b4:29:53:
         8b:5c:63:fb:28:5a:02:78:87:b3:1b:04:3e:76:be:50:54:00:
         a2:ba:5b:62:73:ea:65:54:68:b7:ab:4a:ef:f5:6c:87:2f:54:
         2d:cf:c4:f5:e1:29:ac:10:79:e8:54:86:11:98:8a:a5:cf:32:
         60:bd:01:7c:e8:67:5d:51:63:33:d1:cb:93:57:41:c5:e3:88:
         5e:34:3c:50:22:8a:ab:20:2d:df:02:dd:eb:3c:d3:57:24:71:
         41:a1:95:f6:80:e9:12:0b:0b:2c:81:30:2d:65:16:e6:1d:f7:
         a5:a1:03:a2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWr5NoCIua6LAYNWj8Oq2U6EZbCQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwODhjNmYzNWZhODZjYmJiOTU1Y2FmZjg4NWVmNGRiNTJh
YjQ5M2Y3NmQwOTU5ZmExMDkxYTI3YmE0NmFkMmM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2YNWz0i7JAOzXeQfHYd6HzKor92l1CwcHCYrttjibmeoL
Ex8/eLVkNTaHUcvrpaYzNxaD9tJuY3RI12m/ll4e05+ircy/AOx1F3FpXDIUWZMr
d/X/GOVUyKh2ut5Pi8+5Pt9xv0S4Xvsn30GxUDQE6Qa9yGkEQxwJSL41SIr+v+3w
b+BBjUynLHoq0HGc0X+rMwa/8mQuuy2YafSsCytH+kj+xwyrzs5xIVxDMwT0auhf
LZlxdJbHeO03e9Jv1bKFEFEvshEG0muXjcqPVt8pwYe4/BE8v3cSN2OVgzaf521C
lfK9eumzWuI+K+J4ZbXxvZGSzI3sjw9NtkbmFHdVAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnk/+pZBjetYyuJrJmmUcM9TVq8QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzViYjc5NTQwLTVjMmYtNDU2Zi1hZTMwLTc5NDEwMjhhNDZlNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcBTANBgkqhkiG9w0BAQsFAAOCAQEA017aSGt/SC2NGi3Lq52a+M1bhyUO
YMcBlvPx7sgR2+kmXErnLslg4AqMwzyUOQJsYx/zkoYk8ejNRHUK1rDP0/sBzBi7
y4KLeyDvGHW1nnT9i0uT4TnTttpbDcGoRM6/sIEi8XLS9bHHBRWaBxwzFiG2TZ9V
BueFb9s0+/wvc1QY6+TL07Ih+vSgYZ2OtClTi1xj+yhaAniHsxsEPna+UFQAorpb
YnPqZVRot6tK7/Vshy9ULc/E9eEprBB56FSGEZiKpc8yYL0BfOhnXVFjM9HLk1dB
xeOIXjQ8UCKKqyAt3wLd6zzTVyRxQaGV9oDpEgsLLIEwLWUW5h33paEDog==
-----END CERTIFICATE-----