Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adf9f3c9-667d-465d-9cb9-9366ccbd8d01.roa
File:                     adf9f3c9-667d-465d-9cb9-9366ccbd8d01.roa (raw, json)
Hash identifier:          eogvPtxIP7d6iL9qNbIxrOYo2P/BoEDX6HfAHRtRCl0=
Subject key identifier:   F9:3D:A2:AE:4D:1E:5F:36:F8:C7:96:16:59:60:04:F4:C0:01:2E:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       194A31215A7BA8C12C97EA61F8125BAD3FCB3609
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adf9f3c9-667d-465d-9cb9-9366ccbd8d01.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        156.27.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:4a:31:21:5a:7b:a8:c1:2c:97:ea:61:f8:12:5b:ad:3f:cb:36:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:44:42:6b:2f:ec:c8:87:36:f4:94:6f:47:bb:
                    5e:d3:f3:51:0e:33:fe:61:d8:c1:01:22:c7:03:67:
                    13:b5:6d:f7:b2:c2:cb:0c:49:85:b6:22:e8:3e:8f:
                    1a:7a:b6:86:c4:8d:12:bf:1a:d6:b7:88:2f:1f:a2:
                    95:18:21:86:28:b8:08:a0:d9:d7:53:c9:63:e1:cd:
                    19:91:52:1c:e5:9f:c2:45:1f:46:85:01:5d:37:d4:
                    aa:cf:eb:94:f8:44:9b:04:8a:00:94:8f:8a:61:f7:
                    b9:48:47:3f:82:8f:8c:ca:a4:93:5b:f4:a6:4a:e5:
                    c7:9a:f9:06:cd:b3:e1:83:d0:47:f3:0d:fb:e7:49:
                    0e:5f:70:f3:af:85:ff:32:4e:da:5a:6d:4b:d0:d0:
                    6c:91:84:d5:ed:28:53:41:46:4c:84:93:a3:76:0c:
                    e4:9d:bd:d8:09:3d:d1:e6:2a:2c:4a:ac:13:1d:c1:
                    23:0b:bd:89:a7:27:41:9b:f1:27:fe:17:65:41:68:
                    58:3d:12:ee:39:14:94:cd:fb:82:a1:1a:70:5c:32:
                    40:01:05:45:d2:22:2b:9f:95:d0:00:c1:c1:ca:ee:
                    c6:72:7a:8a:f0:db:dc:a9:9f:09:a6:9e:cf:a4:4f:
                    e5:49:e1:73:a6:7c:92:74:bf:80:a2:bb:ad:6e:a6:
                    41:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:3D:A2:AE:4D:1E:5F:36:F8:C7:96:16:59:60:04:F4:C0:01:2E:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adf9f3c9-667d-465d-9cb9-9366ccbd8d01.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  156.27.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         82:2f:ce:84:ad:bc:62:ed:b7:2c:e1:d1:89:25:cb:46:95:82:
         ff:63:85:9a:6f:44:0c:74:f2:a1:1a:3a:dc:c9:7d:0b:e2:74:
         cb:90:00:ef:14:33:62:f3:10:d5:32:71:41:54:51:aa:e3:ba:
         16:36:2e:e2:21:29:f4:c5:4b:4a:bb:b3:57:e3:10:c9:cb:86:
         cc:57:fb:9d:6d:3a:a5:a2:1f:18:76:ba:f3:b1:6e:1a:1a:a3:
         de:51:81:e5:9e:62:f0:63:f1:e6:0e:0c:bc:f4:f4:47:95:ed:
         7c:6b:54:67:cb:98:cc:79:2b:f6:92:34:ee:f5:ea:84:4a:1a:
         95:32:ce:ff:f0:3e:b6:b0:44:36:8b:61:6c:20:7e:4a:49:66:
         69:2e:16:73:d1:ae:e1:69:98:e4:1c:82:60:93:29:43:79:18:
         0a:f5:a3:72:4b:e9:44:31:e0:08:ef:d9:14:1b:18:66:56:68:
         b0:03:f3:33:3f:bd:1a:80:84:67:c0:2e:37:4f:6b:e0:fe:0b:
         49:b4:f6:1a:70:b9:74:c8:f4:2c:ca:46:d5:15:41:31:b5:3b:
         5a:93:ae:c4:07:5d:8b:67:c6:69:30:d9:cd:e6:4a:e8:e5:1a:
         11:a9:34:f1:5d:33:88:c8:e4:1b:2b:64:94:bb:32:64:50:fb:
         72:ca:18:cb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGUoxIVp7qMEsl+ph+BJbrT/LNgkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjAxZjE3MWJjMTE5MDEzOWJjYjAyNzA1OTNkZTA3NTkw
MGE1ODJiODFkMmY3ZDExM2UwNjA0ZjlhNzUxNTcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCDREJrL+zIhzb0lG9Hu17T81EOM/5h2MEBIscDZxO1bfey
wssMSYW2Iug+jxp6tobEjRK/Gta3iC8fopUYIYYouAig2ddTyWPhzRmRUhzln8JF
H0aFAV031KrP65T4RJsEigCUj4ph97lIRz+Cj4zKpJNb9KZK5cea+QbNs+GD0Efz
DfvnSQ5fcPOvhf8yTtpabUvQ0GyRhNXtKFNBRkyEk6N2DOSdvdgJPdHmKixKrBMd
wSMLvYmnJ0Gb8Sf+F2VBaFg9Eu45FJTN+4KhGnBcMkABBUXSIiufldAAwcHK7sZy
eorw29ypnwmmns+kT+VJ4XOmfJJ0v4Ciu61upkFDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+T2irk0eXzb4x5YWWWAE9MABLgAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkZjlmM2M5LTY2N2QtNDY1ZC05Y2I5LTkzNjZjY2JkOGQwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCcGzANBgkqhkiG9w0BAQsFAAOCAQEAgi/OhK28Yu23LOHRiSXLRpWC/2OF
mm9EDHTyoRo63Ml9C+J0y5AA7xQzYvMQ1TJxQVRRquO6FjYu4iEp9MVLSruzV+MQ
ycuGzFf7nW06paIfGHa687FuGhqj3lGB5Z5i8GPx5g4MvPT0R5XtfGtUZ8uYzHkr
9pI07vXqhEoalTLO//A+trBENothbCB+SklmaS4Wc9Gu4WmY5ByCYJMpQ3kYCvWj
ckvpRDHgCO/ZFBsYZlZosAPzMz+9GoCEZ8AuN09r4P4LSbT2GnC5dMj0LMpG1RVB
MbU7WpOuxAddi2fGaTDZzeZK6OUaEak08V0ziMjkGytklLsyZFD7csoYyw==
-----END CERTIFICATE-----