Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa
File:                     8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa (raw, json)
Hash identifier:          l2SY/EnoyixIpVDwFYEk8ukPct2MaCAMW55Gy5U1YnQ=
Subject key identifier:   CF:4E:35:42:6D:AD:DF:40:E2:5F:DD:F4:30:D6:29:96:97:B4:6A:9C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       783F3BE01E3ED9FAF0A24ECD4F05248770C43AE6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa
Signing time:             Tue 26 Nov 2024 00:00:00 +0000
ROA not before:           Tue 26 Nov 2024 00:00:00 +0000
ROA not after:            Tue 31 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        23.254.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:3f:3b:e0:1e:3e:d9:fa:f0:a2:4e:cd:4f:05:24:87:70:c4:3a:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 26 00:00:00 2024 GMT
            Not After : Dec 31 23:59:59 2024 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a1:02:55:5f:51:88:f5:db:7b:ac:8d:22:30:
                    75:5b:66:38:b8:fe:aa:59:2e:f3:47:8f:bf:6c:9f:
                    a0:43:37:47:11:5b:b1:30:b5:7d:1e:97:14:45:29:
                    0b:91:1c:63:da:d0:85:08:a2:f9:8a:f2:9e:10:38:
                    d6:8f:fc:f1:de:ef:49:1c:42:3b:b1:bb:5b:9e:fc:
                    01:20:2f:29:d5:d6:3e:99:04:e5:7f:e9:42:29:cc:
                    a4:56:c5:7f:16:0b:4e:cc:95:ec:dc:dd:b4:64:b3:
                    30:fa:90:7d:50:53:6c:44:33:3b:15:fa:d3:68:4e:
                    35:ad:5e:fc:d6:67:54:d6:d0:e7:8e:70:e2:68:e2:
                    fc:c1:cd:7e:d2:7b:48:28:03:9f:09:cf:83:4f:c9:
                    b2:e2:df:62:38:10:7d:b0:dc:e5:7c:39:d9:36:e7:
                    fa:58:f0:aa:c3:2b:49:51:93:a1:13:13:2f:f8:ee:
                    9a:7f:da:df:64:f3:87:b7:bc:61:51:ef:55:62:86:
                    b2:00:2a:07:3a:69:f6:53:a8:8f:35:42:f1:7d:82:
                    d3:f3:4c:95:ca:f8:48:ba:36:cf:6f:23:7c:e3:d4:
                    42:4b:a1:93:25:a7:c8:70:d1:07:a3:f3:70:6c:80:
                    a7:97:da:cd:e4:d1:61:53:49:44:58:ef:84:ff:43:
                    06:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4E:35:42:6D:AD:DF:40:E2:5F:DD:F4:30:D6:29:96:97:B4:6A:9C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8fea813a-dd8e-4c60-b701-76cb5f0e6072.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.254.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         be:0e:fe:eb:f6:4f:76:dd:a8:a4:9a:20:ac:2b:58:f2:a7:26:
         51:95:d1:f9:22:84:a1:6a:cb:68:35:c6:1e:5d:45:06:d7:cb:
         03:3a:28:b0:7c:1f:f3:09:97:33:83:96:4c:44:7b:5b:3b:54:
         a6:cc:1f:e2:d9:e8:a8:54:6e:c7:a8:ba:7f:20:5e:96:3e:75:
         02:47:f9:82:f6:73:37:9e:68:ba:5f:3f:47:16:bc:2e:02:65:
         5c:06:f9:04:45:8e:6f:55:0b:35:9c:e7:81:67:3b:77:c4:eb:
         3a:61:07:2a:f9:22:de:41:e7:62:bb:ba:fc:93:07:23:62:ec:
         44:22:81:c2:06:7f:6f:07:ec:75:55:71:4c:1b:89:2b:46:d3:
         96:02:2f:8c:fc:69:7e:4e:91:60:b7:a5:91:ab:9c:6d:42:1d:
         60:57:be:02:64:87:cd:60:88:be:74:6a:a0:f7:24:0d:0a:d4:
         3a:c8:e3:ed:43:00:a6:29:01:b0:7f:a1:d7:5d:d8:07:5c:9a:
         ab:b2:40:19:cb:ec:10:4a:35:c9:47:a1:5e:b3:53:87:be:b4:
         44:6f:c8:51:b1:d1:30:b9:57:c1:38:6b:5d:ab:03:1c:cc:79:
         a0:69:74:bf:5f:16:ec:8f:80:21:bc:b0:87:12:7d:74:0a:d2:
         16:29:bc:5e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeD874B4+2frwok7NTwUkh3DEOuYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI2MDAwMDAwWhcNMjQxMjMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmEyYWY0OTI3YzkyZDU0MTNjYzIxNTkyZGYyMWMyODJk
ZWY4NWFiMjIwOWYyMTA0MDNmYmNlZTE5OGNmZWFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqoQJVX1GI9dt7rI0iMHVbZji4/qpZLvNHj79sn6BDN0cR
W7EwtX0elxRFKQuRHGPa0IUIovmK8p4QONaP/PHe70kcQjuxu1ue/AEgLynV1j6Z
BOV/6UIpzKRWxX8WC07Mlezc3bRkszD6kH1QU2xEMzsV+tNoTjWtXvzWZ1TW0OeO
cOJo4vzBzX7Se0goA58Jz4NPybLi32I4EH2w3OV8Odk25/pY8KrDK0lRk6ETEy/4
7pp/2t9k84e3vGFR71VihrIAKgc6afZTqI81QvF9gtPzTJXK+Ei6Ns9vI3zj1EJL
oZMlp8hw0Qej83BsgKeX2s3k0WFTSURY74T/QwaXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUz041Qm2t30DiX930MNYplpe0apwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhmZWE4MTNhLWRkOGUtNGM2MC1iNzAxLTc2Y2I1ZjBlNjA3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcX/gAwDQYJKoZIhvcNAQELBQADggEBAL4O/uv2T3bdqKSaIKwrWPKnJlGV
0fkihKFqy2g1xh5dRQbXywM6KLB8H/MJlzODlkxEe1s7VKbMH+LZ6KhUbseoun8g
XpY+dQJH+YL2czeeaLpfP0cWvC4CZVwG+QRFjm9VCzWc54FnO3fE6zphByr5It5B
52K7uvyTByNi7EQigcIGf28H7HVVcUwbiStG05YCL4z8aX5OkWC3pZGrnG1CHWBX
vgJkh81giL50aqD3JA0K1DrI4+1DAKYpAbB/oddd2AdcmquyQBnL7BBKNclHoV6z
U4e+tERvyFGx0TC5V8E4a12rAxzMeaBpdL9fFuyPgCG8sIcSfXQK0hYpvF4=
-----END CERTIFICATE-----