Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebb72c28-6b68-446d-a885-7b9d4c0a2ec4.roa
File:                     ebb72c28-6b68-446d-a885-7b9d4c0a2ec4.roa (raw, json)
Hash identifier:          VDgOeNlkalCqPyq2f6mzM4C6OS8MoVD7sKCwB/cpCc8=
Subject key identifier:   42:E3:61:D0:FC:D1:68:7F:9D:67:66:34:DC:D6:CE:C6:F0:26:52:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       398198ABEDF27C1CB2188E495772D1B59E1CDB03
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebb72c28-6b68-446d-a885-7b9d4c0a2ec4.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        76.223.130.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:81:98:ab:ed:f2:7c:1c:b2:18:8e:49:57:72:d1:b5:9e:1c:db:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:9c:3e:8b:92:24:6a:00:84:d8:e0:13:82:b3:
                    ae:d7:db:3b:13:a6:f9:d9:65:18:6b:cd:71:fc:9f:
                    23:cc:96:75:a8:2f:7f:37:7c:fc:f2:0e:5f:d3:d3:
                    4c:f6:09:ab:b5:3e:ca:47:84:71:bd:0d:58:04:28:
                    5b:e0:df:c4:8f:ab:d6:2d:e1:65:54:f9:6c:6f:19:
                    06:7a:36:5f:e1:5f:0f:db:f5:bb:be:d3:37:47:3f:
                    f6:1a:f5:3d:c8:52:ee:03:33:46:08:fa:e6:0c:f1:
                    e0:5d:b1:7e:ef:56:e9:ad:e3:2d:08:31:e3:5f:94:
                    86:34:ef:fd:a0:ae:21:9c:40:c3:d8:cc:c5:4d:63:
                    f4:ac:46:c5:59:02:3a:29:51:f6:b2:80:a8:76:8f:
                    d2:b2:eb:2e:3d:4b:f5:9b:5c:87:5c:51:2e:8d:ea:
                    d2:17:d2:68:ce:1c:72:72:4e:38:2c:e1:34:56:fa:
                    6f:2c:bc:7c:ea:a3:57:49:b5:00:aa:af:64:71:2e:
                    1c:d2:c2:cf:d1:07:44:bd:0b:5a:a8:c5:52:46:25:
                    c8:af:e8:b7:17:63:a3:ce:1a:dc:a2:29:6d:70:eb:
                    f6:54:72:95:f1:04:e6:4c:6e:ee:3c:c6:0a:af:50:
                    6f:6a:52:de:d2:79:eb:79:09:0d:a0:54:87:6f:61:
                    0e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E3:61:D0:FC:D1:68:7F:9D:67:66:34:DC:D6:CE:C6:F0:26:52:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebb72c28-6b68-446d-a885-7b9d4c0a2ec4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.223.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3e:cf:47:db:ca:12:4f:8b:b3:b1:13:35:74:95:08:70:ef:5c:
         49:52:ab:e8:ee:57:fa:bc:57:7f:de:fd:10:ee:2a:d4:15:0d:
         ba:69:57:dd:9b:c4:ab:ba:6e:4e:e6:2c:69:0b:3a:06:e5:21:
         5d:8b:12:ec:e9:94:98:ee:0b:c5:f4:c1:2f:91:08:06:24:fb:
         43:ce:95:8d:2e:14:75:7a:73:02:27:6a:fe:9f:39:fe:11:19:
         2e:22:f5:bf:b1:47:59:10:b6:75:0c:2c:f0:f9:a6:69:42:d6:
         89:eb:a8:2b:57:b5:95:ac:cb:39:11:7e:f7:84:ef:8a:78:6e:
         a0:04:de:6b:04:9a:49:65:82:aa:02:04:e6:1a:69:97:46:2b:
         8c:0b:b4:9b:25:34:80:d4:6b:b5:a0:12:78:36:c2:71:5f:af:
         ba:5a:9b:d6:56:6c:33:d8:a4:40:8e:13:88:53:34:1e:7f:71:
         bb:98:9a:39:63:e0:13:a3:09:b1:da:27:e9:fb:62:3f:99:29:
         03:ea:84:4b:0c:e0:a1:02:b5:3d:a5:8f:38:77:89:79:1e:35:
         ee:d6:62:66:9c:a2:1f:59:18:07:f5:d7:f1:42:bc:e4:49:6a:
         2e:91:33:29:e8:ed:53:6e:f4:4d:96:45:7a:d2:6d:1c:98:aa:
         34:8e:97:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOYGYq+3yfByyGI5JV3LRtZ4c2wMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlMmYxMmZlZmJjMmM4ZTQ4MDk1YzQ2ZWNjYTAwNTBlZDRh
N2IyNGQzOWE0MTZlY2ZlNmNmMDY3YmFkZTA4NzViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCenD6LkiRqAITY4BOCs67X2zsTpvnZZRhrzXH8nyPMlnWo
L383fPzyDl/T00z2Cau1PspHhHG9DVgEKFvg38SPq9Yt4WVU+WxvGQZ6Nl/hXw/b
9bu+0zdHP/Ya9T3IUu4DM0YI+uYM8eBdsX7vVumt4y0IMeNflIY07/2griGcQMPY
zMVNY/SsRsVZAjopUfaygKh2j9Ky6y49S/WbXIdcUS6N6tIX0mjOHHJyTjgs4TRW
+m8svHzqo1dJtQCqr2RxLhzSws/RB0S9C1qoxVJGJciv6LcXY6POGtyiKW1w6/ZU
cpXxBOZMbu48xgqvUG9qUt7Seet5CQ2gVIdvYQ4NAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQuNh0PzRaH+dZ2Y03NbOxvAmUlMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViYjcyYzI4LTZiNjgtNDQ2ZC1hODg1LTdiOWQ0YzBhMmVjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFM34IwDQYJKoZIhvcNAQELBQADggEBAD7PR9vKEk+Ls7ETNXSVCHDvXElS
q+juV/q8V3/e/RDuKtQVDbppV92bxKu6bk7mLGkLOgblIV2LEuzplJjuC8X0wS+R
CAYk+0POlY0uFHV6cwInav6fOf4RGS4i9b+xR1kQtnUMLPD5pmlC1onrqCtXtZWs
yzkRfveE74p4bqAE3msEmkllgqoCBOYaaZdGK4wLtJslNIDUa7WgEng2wnFfr7pa
m9ZWbDPYpECOE4hTNB5/cbuYmjlj4BOjCbHaJ+n7Yj+ZKQPqhEsM4KECtT2ljzh3
iXkeNe7WYmacoh9ZGAf11/FCvORJai6RMyno7VNu9E2WRXrSbRyYqjSOlxU=
-----END CERTIFICATE-----