Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a491a78-a133-47bb-b2c1-530058201b47.roa
File:                     9a491a78-a133-47bb-b2c1-530058201b47.roa (raw, json)
Hash identifier:          /j1UjeHdb16hHH8ZznEUhfrU8yEgqTLapnfoM/wzEvA=
Subject key identifier:   D5:3A:6D:B8:54:8A:E9:60:7E:D1:B6:2B:96:C4:BD:C1:5B:C7:D9:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       14FA9FB4C58CC0A34F1D9244AD650F9B2086A815
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a491a78-a133-47bb-b2c1-530058201b47.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        151.148.16.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:fa:9f:b4:c5:8c:c0:a3:4f:1d:92:44:ad:65:0f:9b:20:86:a8:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=35410353ea11ed027ad8e7b0eadca7887ce9867d845a692ee8d1877d38cac868, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a2:9f:de:e5:be:5f:a7:c6:a4:7f:f9:0c:36:
                    65:73:0b:0f:0d:d7:56:24:e0:91:29:e4:4b:06:f0:
                    31:ca:94:82:f7:fc:fa:5e:8b:56:40:29:8c:b7:75:
                    28:13:9b:04:68:63:ea:71:61:67:16:c7:d2:85:f8:
                    4b:47:18:e9:54:2e:df:a3:04:6b:1b:de:ff:92:47:
                    0f:42:e4:eb:ce:66:84:46:d2:d8:a5:2d:79:1c:ee:
                    21:af:fc:09:11:02:86:e8:d4:8a:09:33:39:b0:78:
                    e1:c6:34:37:dd:6e:8d:4f:94:4e:f1:66:16:69:1c:
                    e6:3b:78:75:e6:59:e8:c8:2e:3b:18:47:22:87:62:
                    23:aa:07:d4:e4:fe:ba:7e:11:28:0f:dc:d7:0d:bd:
                    58:51:a5:ea:36:7b:bd:ee:66:ff:b6:b6:84:f8:79:
                    55:93:93:7f:a2:37:a7:71:b9:82:4e:b8:89:f1:c4:
                    20:a9:a2:f0:7f:24:e1:0c:52:a2:5f:63:ea:c5:9d:
                    c2:af:38:46:97:1e:ca:06:e0:e3:62:3f:d5:cd:c4:
                    32:64:54:67:93:15:6a:92:db:b3:fa:5e:e4:8c:f9:
                    77:ca:aa:e8:28:b2:8c:37:ab:cf:e8:9a:0e:75:55:
                    58:89:25:51:bf:16:29:1a:70:9f:05:76:24:d7:9e:
                    e4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:3A:6D:B8:54:8A:E9:60:7E:D1:B6:2B:96:C4:BD:C1:5B:C7:D9:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a491a78-a133-47bb-b2c1-530058201b47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         1a:87:15:3a:89:7d:d3:2b:1f:bf:ae:79:5a:db:43:97:7a:8b:
         16:5b:38:ec:3d:c1:5b:b7:56:d8:99:74:7a:78:5f:55:5d:76:
         8b:cc:b3:bc:20:e1:46:af:7d:eb:34:ec:31:e1:4b:42:f7:be:
         6d:51:17:9c:c9:09:9d:94:af:ba:1d:a6:69:08:6d:01:0e:dd:
         fa:07:7b:12:3e:21:f3:a7:e3:85:72:5d:25:f3:5b:c9:3c:69:
         51:26:fa:78:0b:4a:cd:b2:b3:ae:0b:8c:dc:53:69:2a:92:9e:
         73:76:90:ed:c5:9f:dc:59:61:84:44:28:2e:00:c6:ae:89:e4:
         e7:87:97:20:47:e8:8e:87:ce:1d:d7:95:01:f1:33:41:78:62:
         97:90:b5:6c:85:96:40:9a:fc:dc:b9:a6:c5:cf:71:3c:bb:c1:
         43:2d:94:c8:39:55:6d:ef:9b:18:24:b9:fe:05:18:04:be:80:
         9d:bd:0d:3e:a9:1b:9d:bd:dc:7e:35:4b:3b:4f:7b:fb:2b:0f:
         27:f9:d9:dc:b3:a1:99:67:c5:fd:dd:dd:21:56:a4:7c:87:82:
         15:dd:93:87:95:5f:60:26:a2:44:5e:e9:6d:b7:c4:81:7f:ed:
         df:71:04:70:3b:4f:4d:2f:05:bb:2b:02:2c:2c:8f:a5:e8:b5:
         38:fc:19:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFPqftMWMwKNPHZJErWUPmyCGqBUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNTQxMDM1M2VhMTFlZDAyN2FkOGU3YjBlYWRjYTc4ODdj
ZTk4NjdkODQ1YTY5MmVlOGQxODc3ZDM4Y2FjODY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6op/e5b5fp8akf/kMNmVzCw8N11Yk4JEp5EsG8DHKlIL3
/Ppei1ZAKYy3dSgTmwRoY+pxYWcWx9KF+EtHGOlULt+jBGsb3v+SRw9C5OvOZoRG
0tilLXkc7iGv/AkRAobo1IoJMzmweOHGNDfdbo1PlE7xZhZpHOY7eHXmWejILjsY
RyKHYiOqB9Tk/rp+ESgP3NcNvVhRpeo2e73uZv+2toT4eVWTk3+iN6dxuYJOuInx
xCCpovB/JOEMUqJfY+rFncKvOEaXHsoG4ONiP9XNxDJkVGeTFWqS27P6XuSM+XfK
qugosow3q8/omg51VViJJVG/FikacJ8FdiTXnuTtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1TptuFSK6WB+0bYrlsS9wVvH2ZgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhNDkxYTc4LWExMzMtNDdiYi1iMmMxLTUzMDA1ODIwMWI0Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASXlBAwDQYJKoZIhvcNAQELBQADggEBABqHFTqJfdMrH7+ueVrbQ5d6ixZb
OOw9wVu3VtiZdHp4X1VddovMs7wg4Uavfes07DHhS0L3vm1RF5zJCZ2Ur7odpmkI
bQEO3foHexI+IfOn44VyXSXzW8k8aVEm+ngLSs2ys64LjNxTaSqSnnN2kO3Fn9xZ
YYREKC4Axq6J5OeHlyBH6I6Hzh3XlQHxM0F4YpeQtWyFlkCa/Ny5psXPcTy7wUMt
lMg5VW3vmxgkuf4FGAS+gJ29DT6pG5293H41SztPe/srDyf52dyzoZlnxf3d3SFW
pHyHghXdk4eVX2AmokRe6W23xIF/7d9xBHA7T00vBbsrAiwsj6XotTj8GaI=
-----END CERTIFICATE-----