Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f90d113-e6a6-414c-86eb-9e53f2e95690.roa
File:                     7f90d113-e6a6-414c-86eb-9e53f2e95690.roa (raw, json)
Hash identifier:          wUi0aAlor83x4ET/yMwvVX3rn3dwxpFz3QhE6LdKc9c=
Subject key identifier:   A0:DB:4F:D6:23:3D:91:3E:7D:7E:F3:36:8B:41:6D:75:71:31:BB:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2199DBC2E28602C38ACD2112792F7CCF2F15EC25
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f90d113-e6a6-414c-86eb-9e53f2e95690.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        13.158.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:99:db:c2:e2:86:02:c3:8a:cd:21:12:79:2f:7c:cf:2f:15:ec:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=e4b7e3e6003ff434b15e76b9c8ab3eb7f5e3ef4349cab3940def8894fbc44c13, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d6:12:30:25:57:40:75:7a:76:b8:56:a6:75:
                    90:d4:30:96:dc:41:76:41:62:c6:e6:77:a9:0e:3f:
                    02:70:a7:f6:f8:52:d7:9b:54:8c:e4:c5:14:62:49:
                    09:24:37:d9:8e:a5:f6:5d:35:b9:27:e5:03:0f:4d:
                    05:b3:f9:e8:a1:f6:ee:29:e7:bc:64:e2:69:60:4a:
                    2e:8a:90:45:4b:21:42:3c:8d:b8:90:23:89:f7:2a:
                    88:4a:30:bb:11:6c:77:7e:c0:e4:fb:c5:19:d3:82:
                    9e:90:05:fa:7d:7e:87:b0:7c:5b:cc:62:7d:27:0a:
                    78:ab:48:3b:83:51:f9:c0:54:c0:7b:61:47:fb:95:
                    45:78:4e:2a:e0:80:3d:87:b5:d5:8b:95:7e:92:f1:
                    6e:1e:76:64:59:b7:f8:6c:76:cd:88:42:8f:1b:40:
                    6e:18:76:fd:4e:c3:be:41:37:06:20:aa:1e:09:f3:
                    85:56:c4:c3:e9:ac:b7:b2:fc:3b:af:37:8b:fb:99:
                    5e:f1:26:ac:ad:00:04:d6:b1:fc:7a:f2:60:53:60:
                    b0:43:73:f3:4f:df:44:e2:97:b3:b5:79:32:85:70:
                    df:f6:cd:0a:65:5b:b3:54:22:c4:01:e3:85:be:05:
                    34:b4:25:be:51:02:54:8b:f8:fc:55:13:24:62:c4:
                    53:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:DB:4F:D6:23:3D:91:3E:7D:7E:F3:36:8B:41:6D:75:71:31:BB:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7f90d113-e6a6-414c-86eb-9e53f2e95690.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.158.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         1d:d1:34:01:8d:cb:27:8a:49:5e:8d:d3:65:f0:71:f9:9d:50:
         7f:5c:24:3b:74:aa:27:a8:72:82:9c:4a:68:48:44:31:03:89:
         37:bd:db:d3:c8:e4:fa:79:d2:a3:40:df:45:00:0e:e0:04:cd:
         ad:99:25:4d:94:6f:00:13:10:b6:44:0b:99:bf:0b:b3:16:bc:
         65:56:dc:c3:78:eb:29:47:7d:82:e6:4e:64:67:43:07:4a:bf:
         31:63:0d:d9:67:48:98:3d:5c:da:09:3e:31:af:f1:66:6a:58:
         c3:af:5e:0c:1a:5e:ea:8f:52:23:6f:b5:35:b0:ce:19:2e:aa:
         99:31:f7:27:49:4c:6a:d3:16:5c:4d:24:ae:b9:86:5a:7a:af:
         d6:c0:d4:1e:b9:da:e0:c6:13:45:e6:f3:50:1b:eb:d0:54:6f:
         57:4c:7c:e5:78:1f:48:a5:c8:7c:9c:77:67:95:04:0c:f2:47:
         71:81:d9:5d:bc:40:1e:3b:70:6f:54:89:2b:e1:e6:39:3b:7f:
         93:a9:66:6b:a5:71:5d:74:b5:a2:f9:2e:91:e7:f5:0f:54:f1:
         4d:2c:31:f3:fd:7e:f1:b7:e0:68:c3:57:13:88:4e:48:2f:59:
         e6:ae:a5:8c:6f:ed:86:c7:39:c1:9a:f1:a7:f6:0e:14:51:28:
         94:0c:a4:21
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIZnbwuKGAsOKzSESeS98zy8V7CUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNGI3ZTNlNjAwM2ZmNDM0YjE1ZTc2YjljOGFiM2ViN2Y1
ZTNlZjQzNDljYWIzOTQwZGVmODg5NGZiYzQ0YzEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCf1hIwJVdAdXp2uFamdZDUMJbcQXZBYsbmd6kOPwJwp/b4
UtebVIzkxRRiSQkkN9mOpfZdNbkn5QMPTQWz+eih9u4p57xk4mlgSi6KkEVLIUI8
jbiQI4n3KohKMLsRbHd+wOT7xRnTgp6QBfp9foewfFvMYn0nCnirSDuDUfnAVMB7
YUf7lUV4TirggD2HtdWLlX6S8W4edmRZt/hsds2IQo8bQG4Ydv1Ow75BNwYgqh4J
84VWxMPprLey/DuvN4v7mV7xJqytAATWsfx68mBTYLBDc/NP30Til7O1eTKFcN/2
zQplW7NUIsQB44W+BTS0Jb5RAlSL+PxVEyRixFPPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoNtP1iM9kT59fvM2i0FtdXExux4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdmOTBkMTEzLWU2YTYtNDE0Yy04NmViLTllNTNmMmU5NTY5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwENnjANBgkqhkiG9w0BAQsFAAOCAQEAHdE0AY3LJ4pJXo3TZfBx+Z1Qf1wk
O3SqJ6hygpxKaEhEMQOJN73b08jk+nnSo0DfRQAO4ATNrZklTZRvABMQtkQLmb8L
sxa8ZVbcw3jrKUd9guZOZGdDB0q/MWMN2WdImD1c2gk+Ma/xZmpYw69eDBpe6o9S
I2+1NbDOGS6qmTH3J0lMatMWXE0krrmGWnqv1sDUHrna4MYTRebzUBvr0FRvV0x8
5XgfSKXIfJx3Z5UEDPJHcYHZXbxAHjtwb1SJK+HmOTt/k6lma6VxXXS1ovkukef1
D1TxTSwx8/1+8bfgaMNXE4hOSC9Z5q6ljG/thsc5wZrxp/YOFFEolAykIQ==
-----END CERTIFICATE-----