Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b98a1698-61eb-49ed-9f19-af2fa1213c57.roa
File:                     b98a1698-61eb-49ed-9f19-af2fa1213c57.roa (raw, json)
Hash identifier:          j/XClIGdwraICincvqSRs8pB6vlV2W3SEzqFFd20MEs=
Subject key identifier:   DC:68:90:5E:DE:77:16:7B:27:46:EB:3C:26:61:15:F7:87:B2:34:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       504DE0F6E96EC8398F694DFD9B0C9E87E96FF18E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b98a1698-61eb-49ed-9f19-af2fa1213c57.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        138.128.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:4d:e0:f6:e9:6e:c8:39:8f:69:4d:fd:9b:0c:9e:87:e9:6f:f1:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=121f1af6c16f030410945c1ae875a83e10b2aec0d263bb7885337ab2514b7006, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:af:b5:ee:f8:b4:8d:90:7b:d6:e5:19:61:3c:
                    44:8a:df:67:2b:0c:55:4f:ab:2d:7e:c2:18:2c:35:
                    45:41:ed:24:6d:e4:8e:b8:95:c8:63:e5:9b:fa:44:
                    28:a4:d1:36:1b:26:6b:cd:eb:b3:a9:b4:6c:4e:2d:
                    72:93:73:3a:53:2a:76:33:83:11:ee:2c:24:7f:04:
                    2b:73:02:ef:04:27:dc:23:cb:72:5a:e0:f6:76:6a:
                    6c:5f:73:f9:f7:7a:5b:d9:16:da:b5:86:46:58:ea:
                    03:1e:fa:c3:ec:13:21:a8:f8:6d:a5:4d:95:5a:00:
                    1c:75:e9:f9:4c:d6:b6:51:ed:7a:cc:72:f5:62:d4:
                    63:95:be:af:60:f7:39:38:25:70:8b:d6:6f:5c:af:
                    1f:9e:6d:1c:c3:50:77:0c:ca:80:e3:09:10:cf:45:
                    01:40:bb:19:34:ec:48:34:2a:53:dc:39:09:5c:cf:
                    b5:c1:00:c9:aa:70:5a:b4:e9:a7:3d:8c:23:23:13:
                    f5:95:68:bc:81:9d:fd:2e:1f:cb:e4:e9:79:3a:ac:
                    f6:23:b3:a6:b9:23:80:e8:49:72:c3:66:42:70:e8:
                    99:11:44:1d:1f:fe:71:dd:6c:74:cd:44:75:af:66:
                    f0:9d:10:fb:e4:7b:6c:b0:0e:04:d5:91:97:f4:27:
                    3b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:68:90:5E:DE:77:16:7B:27:46:EB:3C:26:61:15:F7:87:B2:34:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b98a1698-61eb-49ed-9f19-af2fa1213c57.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.128.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         84:d7:fa:cb:c6:58:bb:80:fb:bc:2f:d8:99:20:fe:fb:6f:8b:
         b2:3f:cd:c3:e2:3f:c4:2b:c5:72:e4:98:2a:67:c4:82:86:f0:
         26:29:74:cc:a7:8d:39:40:0c:ae:35:91:17:06:bd:8e:41:e8:
         0f:8e:4f:72:19:8a:d5:26:14:98:78:15:0b:58:53:59:a9:bf:
         b8:5b:be:5e:f1:ca:b5:3a:b0:2e:11:a0:d3:c9:c1:18:f1:23:
         2e:64:2f:e0:0f:58:4b:3d:0b:f5:f4:01:e4:13:e2:e8:0e:33:
         2f:69:13:4e:cd:0e:c2:a9:d3:99:90:f0:e8:07:11:dd:85:83:
         71:66:c2:31:3e:02:f4:60:9b:24:a3:b8:41:5a:7e:d5:5e:c1:
         92:fc:6a:39:2c:57:a6:a9:63:44:4f:60:37:42:d3:8a:fd:84:
         a0:ce:81:f1:81:64:71:b0:d4:21:59:60:d2:e1:08:8b:5c:1a:
         f2:a2:84:d0:8e:87:d3:8c:7c:69:89:67:ad:9e:d8:c9:37:09:
         83:a7:ab:fb:87:f1:e5:75:07:fa:2d:95:48:54:1c:05:ea:57:
         25:33:85:73:b5:51:e4:1c:a0:78:57:13:df:a5:94:79:35:3a:
         34:2b:f4:50:a3:86:be:28:21:f1:6b:8c:7d:59:7c:f1:1d:06:
         a0:fc:9d:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUE3g9uluyDmPaU39mwyeh+lv8Y4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjFmMWFmNmMxNmYwMzA0MTA5NDVjMWFlODc1YTgzZTEw
YjJhZWMwZDI2M2JiNzg4NTMzN2FiMjUxNGI3MDA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFr7Xu+LSNkHvW5RlhPESK32crDFVPqy1+whgsNUVB7SRt
5I64lchj5Zv6RCik0TYbJmvN67OptGxOLXKTczpTKnYzgxHuLCR/BCtzAu8EJ9wj
y3Ja4PZ2amxfc/n3elvZFtq1hkZY6gMe+sPsEyGo+G2lTZVaABx16flM1rZR7XrM
cvVi1GOVvq9g9zk4JXCL1m9crx+ebRzDUHcMyoDjCRDPRQFAuxk07Eg0KlPcOQlc
z7XBAMmqcFq06ac9jCMjE/WVaLyBnf0uH8vk6Xk6rPYjs6a5I4DoSXLDZkJw6JkR
RB0f/nHdbHTNRHWvZvCdEPvke2ywDgTVkZf0JztTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3GiQXt53FnsnRus8JmEV94eyNNEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I5OGExNjk4LTYxZWItNDllZC05ZjE5LWFmMmZhMTIxM2M1Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeKgAAwDQYJKoZIhvcNAQELBQADggEBAITX+svGWLuA+7wv2Jkg/vtvi7I/
zcPiP8QrxXLkmCpnxIKG8CYpdMynjTlADK41kRcGvY5B6A+OT3IZitUmFJh4FQtY
U1mpv7hbvl7xyrU6sC4RoNPJwRjxIy5kL+APWEs9C/X0AeQT4ugOMy9pE07NDsKp
05mQ8OgHEd2Fg3FmwjE+AvRgmySjuEFaftVewZL8ajksV6apY0RPYDdC04r9hKDO
gfGBZHGw1CFZYNLhCItcGvKihNCOh9OMfGmJZ62e2Mk3CYOnq/uH8eV1B/otlUhU
HAXqVyUzhXO1UeQcoHhXE9+llHk1OjQr9FCjhr4oIfFrjH1ZfPEdBqD8naE=
-----END CERTIFICATE-----