Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f0d22ee-6042-49d0-9ef3-4b08feed0f2d.roa
File:                     9f0d22ee-6042-49d0-9ef3-4b08feed0f2d.roa (raw, json)
Hash identifier:          E//9KL7+Yiru7WxYArvajULBdRPx4M3ZcdDbTBvcK/U=
Subject key identifier:   E3:9E:21:B7:A1:92:01:54:E4:7F:C4:76:75:7A:4A:8E:6F:24:E1:F2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5E75C9310D8772B1771C6F9DE6CBB72240021B43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f0d22ee-6042-49d0-9ef3-4b08feed0f2d.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        158.254.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:75:c9:31:0d:87:72:b1:77:1c:6f:9d:e6:cb:b7:22:40:02:1b:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=78072ff3a1e40d6ee45ddfc2f317ce680982e3ed0bfa259e8114afaca69b3534, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fc:bd:69:0c:ad:a2:1b:c3:39:af:74:2e:b1:
                    66:1f:06:34:a0:fb:d8:1c:ef:66:b5:66:c7:d6:bb:
                    48:88:45:ab:eb:ed:7b:b1:61:b4:31:67:8d:67:2a:
                    cd:c4:39:61:5b:47:43:ce:f8:fb:47:29:db:93:0f:
                    40:14:6b:a0:08:47:71:b2:64:33:75:35:dd:6e:b4:
                    b1:9c:c4:ae:25:4b:f3:d6:05:a3:e3:f5:7a:e8:41:
                    bd:54:1f:8a:7e:93:c9:fa:5f:07:76:c2:8c:84:d5:
                    3b:7c:b3:d6:61:ca:1b:00:30:ee:42:e8:2b:bd:8b:
                    00:8a:2f:40:17:3b:cf:dc:57:6c:14:40:c3:1e:81:
                    d3:ab:7c:6c:1e:56:60:bf:97:a2:b7:25:a7:9b:56:
                    22:14:1b:11:a2:c0:69:09:33:68:4d:73:92:af:0f:
                    18:7b:38:74:93:ab:dc:5a:67:cc:62:2c:aa:55:87:
                    00:17:69:04:c3:fc:cd:56:72:1e:43:85:53:8d:79:
                    c0:12:64:f6:3d:00:37:ef:3f:d6:a3:aa:f0:86:b1:
                    0a:15:48:f7:4d:9d:43:f2:1b:f2:05:d9:89:b8:8a:
                    d9:13:0d:ab:60:64:1b:6f:2e:8b:b6:e7:66:de:71:
                    99:5f:d1:3a:5d:b3:5e:54:ed:e6:03:a2:47:4a:f7:
                    d2:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:9E:21:B7:A1:92:01:54:E4:7F:C4:76:75:7A:4A:8E:6F:24:E1:F2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9f0d22ee-6042-49d0-9ef3-4b08feed0f2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c6:db:ea:43:43:ed:61:3b:89:b5:05:1f:ae:68:21:c2:11:19:
         ee:4e:9e:74:42:86:33:95:e3:47:2c:73:ac:b6:12:47:97:36:
         f8:f3:a5:2a:8d:34:9f:af:94:cd:57:08:4e:6d:da:8c:24:ef:
         6b:a0:45:d4:90:c0:00:19:b2:d2:27:38:1a:73:13:47:4c:76:
         74:24:fa:f9:71:a5:c5:71:7f:7b:c9:7f:dd:70:d2:9c:74:33:
         dc:54:f3:96:24:f7:14:02:c3:d0:38:5e:b0:44:fa:9c:3a:34:
         61:6c:ae:33:b8:c1:d0:2d:03:f5:a5:a1:82:6a:44:f0:40:c4:
         61:59:d8:64:9a:ae:d0:da:e5:9b:4a:ac:72:6f:14:83:12:b4:
         8d:77:d8:9f:63:34:e3:1e:cb:e5:15:75:42:63:a3:80:7d:07:
         20:87:53:15:51:1c:20:be:24:3d:b2:42:64:19:75:6e:bd:da:
         3e:e0:1e:3a:92:fe:d1:70:fa:2b:98:9e:a4:08:4a:a5:57:5e:
         41:0a:8a:4e:f7:d1:11:e0:1a:00:a2:94:cf:b7:3c:b6:fb:cf:
         79:7f:2d:a2:f6:5a:da:11:2b:a2:df:32:4f:6d:32:d7:1c:ba:
         32:45:c2:7f:83:45:8d:4d:14:39:a2:66:55:59:3d:05:73:3c:
         fb:f5:42:6b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXnXJMQ2HcrF3HG+d5su3IkACG0MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODA3MmZmM2ExZTQwZDZlZTQ1ZGRmYzJmMzE3Y2U2ODA5
ODJlM2VkMGJmYTI1OWU4MTE0YWZhY2E2OWIzNTM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO/L1pDK2iG8M5r3QusWYfBjSg+9gc72a1ZsfWu0iIRavr
7XuxYbQxZ41nKs3EOWFbR0PO+PtHKduTD0AUa6AIR3GyZDN1Nd1utLGcxK4lS/PW
BaPj9XroQb1UH4p+k8n6Xwd2woyE1Tt8s9ZhyhsAMO5C6Cu9iwCKL0AXO8/cV2wU
QMMegdOrfGweVmC/l6K3JaebViIUGxGiwGkJM2hNc5KvDxh7OHSTq9xaZ8xiLKpV
hwAXaQTD/M1Wch5DhVONecASZPY9ADfvP9ajqvCGsQoVSPdNnUPyG/IF2Ym4itkT
DatgZBtvLou252becZlf0Tpds15U7eYDokdK99IDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU454ht6GSAVTkf8R2dXpKjm8k4fIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlmMGQyMmVlLTYwNDItNDlkMC05ZWYzLTRiMDhmZWVkMGYyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCe/jANBgkqhkiG9w0BAQsFAAOCAQEAxtvqQ0PtYTuJtQUfrmghwhEZ7k6e
dEKGM5XjRyxzrLYSR5c2+POlKo00n6+UzVcITm3ajCTva6BF1JDAABmy0ic4GnMT
R0x2dCT6+XGlxXF/e8l/3XDSnHQz3FTzliT3FALD0DhesET6nDo0YWyuM7jB0C0D
9aWhgmpE8EDEYVnYZJqu0Nrlm0qscm8UgxK0jXfYn2M04x7L5RV1QmOjgH0HIIdT
FVEcIL4kPbJCZBl1br3aPuAeOpL+0XD6K5iepAhKpVdeQQqKTvfREeAaAKKUz7c8
tvvPeX8tovZa2hErot8yT20y1xy6MkXCf4NFjU0UOaJmVVk9BXM8+/VCaw==
-----END CERTIFICATE-----