Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7508b3a2-159d-4e95-bac8-99521275c1c6.roa
File:                     7508b3a2-159d-4e95-bac8-99521275c1c6.roa (raw, json)
Hash identifier:          LOr/hNaHsTTJazKtipwbDg1nictyPKUGuatZjxh3nzg=
Subject key identifier:   B3:38:02:57:60:C9:A7:25:05:98:4E:5D:A2:6F:D2:89:26:A0:40:65
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23A843374BC3CE121E14C2A406DB21B1DD446747
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7508b3a2-159d-4e95-bac8-99521275c1c6.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        159.47.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:a8:43:37:4b:c3:ce:12:1e:14:c2:a4:06:db:21:b1:dd:44:67:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=3966ae3e3d4b073aef938ee2e81e12240636161ba329a172cf9a4934e0294209, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:9c:6e:1f:44:ce:7f:8f:9e:73:60:9f:ed:08:
                    12:a4:2f:9c:08:a9:f7:cf:b9:2a:36:df:c0:d1:66:
                    46:8e:9f:21:4f:ff:96:60:e4:8d:30:26:f1:30:85:
                    6f:e7:8c:59:b7:0f:95:65:5e:16:0f:2f:36:ff:85:
                    d1:6d:9b:78:63:a5:6d:c1:c6:ee:22:60:36:dd:33:
                    33:be:80:3f:94:54:ca:9b:39:94:83:29:30:16:d4:
                    c5:36:a7:b6:a3:27:87:d7:9f:34:29:f9:b7:70:9c:
                    3d:3f:77:64:12:a8:e8:0d:75:22:ca:36:1f:82:eb:
                    6f:5b:ad:58:c7:e3:ac:6a:18:b1:58:91:fa:b6:ae:
                    b0:77:e0:a5:11:c8:b2:67:46:bd:52:71:3c:8f:08:
                    a4:ec:85:d0:80:57:d6:39:23:fa:08:34:f1:90:1a:
                    d5:55:d0:0c:41:ba:9a:c2:0e:be:80:26:fe:79:05:
                    38:00:9a:70:ce:a6:59:af:9f:9f:dc:01:fc:f8:dc:
                    f6:67:b9:9c:9f:1c:90:86:c1:4b:2d:cf:ba:8d:58:
                    3e:1a:ee:78:3e:6c:e2:9a:cb:6d:d2:c2:8f:e4:d3:
                    20:04:12:27:49:56:e8:3c:18:bd:60:32:22:12:e8:
                    5a:18:da:36:05:6f:a4:e6:1d:a6:e0:98:0b:44:97:
                    53:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:38:02:57:60:C9:A7:25:05:98:4E:5D:A2:6F:D2:89:26:A0:40:65
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7508b3a2-159d-4e95-bac8-99521275c1c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.47.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:eb:5d:d4:cf:a8:6a:c1:64:a5:f9:6b:c2:dc:d8:60:78:84:
         28:23:0e:62:d8:67:78:cf:63:b6:3c:2f:5a:cd:f7:ed:f4:b0:
         03:bd:13:96:35:fb:13:2a:02:ff:0b:ea:34:b3:86:f4:bb:f0:
         22:ce:5b:51:65:c6:99:52:93:76:65:34:a1:d7:66:3b:48:bd:
         c8:db:85:eb:ad:a9:7b:e2:58:8a:00:d1:ea:f5:48:d4:fa:db:
         0e:d9:c9:f1:f3:d7:38:50:08:5c:96:4f:1b:42:ad:e2:67:0d:
         68:ef:5f:73:82:34:c5:72:7c:fd:72:cf:ce:70:71:26:4f:d4:
         24:e6:92:d0:2d:7d:6a:cf:5e:6e:0f:a6:97:97:9d:dd:b9:b9:
         d1:ed:51:bc:bf:0b:87:ac:54:25:c7:23:d7:30:47:87:ee:b6:
         b5:1d:1d:07:76:93:dd:b1:d7:86:dd:5f:e8:cd:bb:3b:02:b2:
         b1:9e:f5:12:78:b8:eb:00:78:a4:63:0e:eb:27:57:df:7e:dc:
         73:82:63:40:f4:56:a9:e8:08:32:24:dc:04:a5:0b:02:95:34:
         aa:e4:29:4f:fb:bc:50:4a:05:1d:ae:01:67:8d:dc:f7:b5:9e:
         ec:9f:34:e2:05:25:2d:25:c3:9b:e3:37:ab:c8:d6:eb:63:bb:
         b1:5c:c9:0a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUI6hDN0vDzhIeFMKkBtshsd1EZ0cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTY2YWUzZTNkNGIwNzNhZWY5MzhlZTJlODFlMTIyNDA2
MzYxNjFiYTMyOWExNzJjZjlhNDkzNGUwMjk0MjA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3nG4fRM5/j55zYJ/tCBKkL5wIqffPuSo238DRZkaOnyFP
/5Zg5I0wJvEwhW/njFm3D5VlXhYPLzb/hdFtm3hjpW3Bxu4iYDbdMzO+gD+UVMqb
OZSDKTAW1MU2p7ajJ4fXnzQp+bdwnD0/d2QSqOgNdSLKNh+C629brVjH46xqGLFY
kfq2rrB34KURyLJnRr1ScTyPCKTshdCAV9Y5I/oINPGQGtVV0AxBuprCDr6AJv55
BTgAmnDOplmvn5/cAfz43PZnuZyfHJCGwUstz7qNWD4a7ng+bOKay23Swo/k0yAE
EidJVug8GL1gMiIS6FoY2jYFb6TmHabgmAtEl1PFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUszgCV2DJpyUFmE5dom/SiSagQGUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1MDhiM2EyLTE1OWQtNGU5NS1iYWM4LTk5NTIxMjc1YzFjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCfLzANBgkqhkiG9w0BAQsFAAOCAQEApOtd1M+oasFkpflrwtzYYHiEKCMO
YthneM9jtjwvWs337fSwA70TljX7EyoC/wvqNLOG9LvwIs5bUWXGmVKTdmU0oddm
O0i9yNuF662pe+JYigDR6vVI1PrbDtnJ8fPXOFAIXJZPG0Kt4mcNaO9fc4I0xXJ8
/XLPznBxJk/UJOaS0C19as9ebg+ml5ed3bm50e1RvL8Lh6xUJccj1zBHh+62tR0d
B3aT3bHXht1f6M27OwKysZ71Eni46wB4pGMO6ydX337cc4JjQPRWqegIMiTcBKUL
ApU0quQpT/u8UEoFHa4BZ43c97We7J804gUlLSXDm+M3q8jW62O7sVzJCg==
-----END CERTIFICATE-----