Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65b895b1-f1f8-4c5c-a125-e3d46bfe6e2a.roa
File:                     65b895b1-f1f8-4c5c-a125-e3d46bfe6e2a.roa (raw, json)
Hash identifier:          Te6ErJ5Nqvpfrbod1fCxJGLIpv4OTyz5yoNHaJnADDA=
Subject key identifier:   53:56:E6:07:8F:A6:F6:D6:F6:1D:E9:0C:22:22:1B:7E:1F:D1:BD:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35B5FB19A9C2806900D5A6F3B1D6E5FAE18378D3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65b895b1-f1f8-4c5c-a125-e3d46bfe6e2a.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.148.33.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:b5:fb:19:a9:c2:80:69:00:d5:a6:f3:b1:d6:e5:fa:e1:83:78:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=392bdf0ccde5e3676090c1cf8581bc221bf7d9829abe7e833913d07333c2d962, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:01:1a:9f:e5:cd:95:8d:31:ff:88:6b:b4:5d:
                    f8:a1:a6:cc:a5:a7:56:b5:bc:86:f9:46:3b:2f:3b:
                    fb:20:b0:1f:02:31:34:1b:15:f2:bd:c3:8c:d2:f6:
                    83:be:9a:68:05:e9:d5:34:50:da:36:46:ea:f5:bb:
                    55:f5:a4:e4:3f:64:3c:e8:8b:16:c4:23:ac:92:61:
                    1b:22:a7:2a:bd:8e:0d:49:e0:f7:4a:53:a1:16:95:
                    21:9e:bd:e4:53:1f:37:8f:79:46:e7:d4:bf:39:39:
                    cc:1e:0e:dd:e3:94:b4:91:7c:34:70:1e:46:2f:8b:
                    25:d9:01:b2:1b:c3:8a:14:f5:be:b7:07:bd:fb:11:
                    1f:34:f4:c9:c5:a3:f4:ce:f8:43:56:67:cf:82:51:
                    d0:37:a1:72:07:f2:26:d7:bd:43:7a:43:9b:4b:12:
                    21:a4:2f:3c:6d:70:d4:3a:e5:aa:2f:42:78:f3:77:
                    47:65:3a:75:24:36:75:f0:52:fb:47:01:01:3c:7d:
                    15:7b:73:97:ef:2b:a6:5e:f8:f3:ba:f3:98:ec:8d:
                    27:53:e4:2f:01:c0:3d:30:ed:23:90:9c:cb:e7:84:
                    99:a8:1b:92:63:67:60:70:f2:a5:4d:12:4e:bd:de:
                    10:51:d9:a4:2d:ae:48:49:ff:85:81:c4:1b:34:bc:
                    76:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:56:E6:07:8F:A6:F6:D6:F6:1D:E9:0C:22:22:1B:7E:1F:D1:BD:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65b895b1-f1f8-4c5c-a125-e3d46bfe6e2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:d6:e6:2d:d1:89:71:ca:ed:e5:69:16:26:4e:c4:90:63:c3:
         65:d8:00:d0:ca:50:a7:02:b7:f0:c0:6b:77:62:38:5c:33:aa:
         b7:5d:26:08:7d:23:62:ea:9f:66:cc:4d:f2:1e:5c:39:ce:c3:
         b8:77:d0:14:6b:3a:b2:2f:e9:9f:91:49:73:e4:a7:a1:07:bd:
         fe:6b:fa:e6:07:3a:d6:2f:49:aa:6f:e1:32:3f:5c:f6:b7:7b:
         d4:a1:fa:2b:3d:c9:1d:7e:d4:e5:a8:36:0b:b8:bb:6f:1e:9f:
         7a:09:39:57:bc:54:ee:a0:01:5c:7d:8b:50:05:6f:1c:20:a5:
         7e:ec:30:fb:ec:ae:9f:46:ae:b9:5e:a3:9e:2b:30:43:71:e8:
         ff:26:a5:25:67:60:94:4e:44:64:8f:f9:70:0a:ee:4b:27:6c:
         38:99:6f:97:49:f4:69:c3:6d:ed:44:34:b8:a7:aa:09:41:35:
         bc:14:73:dc:30:cf:02:98:30:d3:ad:5c:af:d8:08:c1:ff:96:
         ca:30:06:5b:1a:68:ee:d8:69:ca:35:a5:7d:af:86:0a:49:b2:
         e9:7d:eb:07:03:4e:17:08:9a:85:c5:5c:b3:4d:13:c7:ef:9b:
         75:cb:3f:56:b7:b9:94:5e:ba:ed:ef:ec:14:24:ac:b1:36:14:
         a7:35:a0:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNbX7GanCgGkA1abzsdbl+uGDeNMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTJiZGYwY2NkZTVlMzY3NjA5MGMxY2Y4NTgxYmMyMjFi
ZjdkOTgyOWFiZTdlODMzOTEzZDA3MzMzYzJkOTYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+ARqf5c2VjTH/iGu0Xfihpsylp1a1vIb5RjsvO/sgsB8C
MTQbFfK9w4zS9oO+mmgF6dU0UNo2Rur1u1X1pOQ/ZDzoixbEI6ySYRsipyq9jg1J
4PdKU6EWlSGeveRTHzePeUbn1L85OcweDt3jlLSRfDRwHkYviyXZAbIbw4oU9b63
B737ER809MnFo/TO+ENWZ8+CUdA3oXIH8ibXvUN6Q5tLEiGkLzxtcNQ65aovQnjz
d0dlOnUkNnXwUvtHAQE8fRV7c5fvK6Ze+PO685jsjSdT5C8BwD0w7SOQnMvnhJmo
G5JjZ2Bw8qVNEk693hBR2aQtrkhJ/4WBxBs0vHazAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU1bmB4+m9tb2HekMIiIbfh/Rvf4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1Yjg5NWIxLWYxZjgtNGM1Yy1hMTI1LWUzZDQ2YmZlNmUyYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACXlCEwDQYJKoZIhvcNAQELBQADggEBAL7W5i3RiXHK7eVpFiZOxJBjw2XY
ANDKUKcCt/DAa3diOFwzqrddJgh9I2Lqn2bMTfIeXDnOw7h30BRrOrIv6Z+RSXPk
p6EHvf5r+uYHOtYvSapv4TI/XPa3e9Sh+is9yR1+1OWoNgu4u28en3oJOVe8VO6g
AVx9i1AFbxwgpX7sMPvsrp9Grrleo54rMENx6P8mpSVnYJRORGSP+XAK7ksnbDiZ
b5dJ9GnDbe1ENLinqglBNbwUc9wwzwKYMNOtXK/YCMH/lsowBlsaaO7Yaco1pX2v
hgpJsul96wcDThcImoXFXLNNE8fvm3XLP1a3uZReuu3v7BQkrLE2FKc1oAc=
-----END CERTIFICATE-----