Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3d5a840-5247-4b7a-80cf-cb8af949abfd.roa
File:                     b3d5a840-5247-4b7a-80cf-cb8af949abfd.roa (raw, json)
Hash identifier:          tiTI7ca93S1E+ff8I8PzoYcNq3zsdYKP7E5sgr3IvlM=
Subject key identifier:   BF:5D:CE:CA:70:A6:19:85:72:EC:68:42:70:7C:3F:97:9A:8F:C4:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01024C9702C57D092B7744CF8B8A6D26B555866E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3d5a840-5247-4b7a-80cf-cb8af949abfd.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        151.148.8.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:02:4c:97:02:c5:7d:09:2b:77:44:cf:8b:8a:6d:26:b5:55:86:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=0c57a7010242d6176c68469b5ab9cd5d9a8cc489641fc113380559dc4e66b601, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7b:ae:87:16:b2:4d:e1:a6:52:31:4d:e9:4f:
                    cc:1f:92:7e:d1:94:cc:58:1f:05:95:24:36:87:9a:
                    f7:12:47:93:c3:89:4a:ad:42:28:00:9a:11:eb:fe:
                    d4:56:c0:b3:49:e4:a6:e2:40:65:95:05:4c:e9:96:
                    46:9b:91:7b:55:bb:1c:a6:cc:b0:33:38:11:b3:35:
                    41:f8:78:cb:b0:63:65:50:ec:37:ca:27:f9:db:35:
                    de:3a:d0:e2:f3:16:21:df:ff:3d:c2:04:24:99:0f:
                    c0:ed:7b:93:ce:a9:97:a3:63:f9:34:89:27:ce:b7:
                    da:8a:02:f9:34:7d:00:55:8d:02:89:a1:46:e0:d6:
                    6b:f2:4c:e6:d4:e5:2d:f1:4e:2f:b4:20:44:e6:8a:
                    a9:4b:47:0f:f1:45:a0:34:5f:cc:1a:42:0c:b4:47:
                    5d:97:67:9a:2c:a5:e4:42:22:ff:63:79:40:ef:40:
                    0e:b8:8d:de:7c:3c:9c:57:bf:07:1c:49:20:88:30:
                    00:62:25:15:23:fc:28:c1:02:b3:bd:12:39:c1:37:
                    4a:8d:ba:f5:53:e2:74:29:8a:27:49:cd:25:b1:bf:
                    09:1a:de:6d:bd:8e:7a:9b:c1:04:96:18:03:e0:9e:
                    d0:18:b1:eb:88:d9:66:f7:cd:b2:e0:d1:39:04:02:
                    32:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:5D:CE:CA:70:A6:19:85:72:EC:68:42:70:7C:3F:97:9A:8F:C4:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b3d5a840-5247-4b7a-80cf-cb8af949abfd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         c9:73:44:cb:60:6f:05:59:77:d9:60:fa:03:af:ca:95:a3:b0:
         79:b5:5e:48:df:00:89:3d:00:63:5e:92:71:eb:1f:df:76:7d:
         a4:1f:56:6d:8b:0f:a3:78:9c:56:98:d6:48:4c:26:01:80:3f:
         a0:1b:d0:f9:3b:07:75:53:02:c7:a7:a1:ec:21:52:99:a6:5c:
         7b:bb:f2:df:27:74:89:23:ce:c8:cf:bc:55:8c:76:9a:9e:d5:
         d4:6d:f5:f0:54:fa:5f:ce:2d:3f:35:85:c3:30:35:fd:4c:2a:
         b0:72:a8:5a:4e:ed:15:d8:d8:38:52:2f:aa:02:56:64:a8:b3:
         1a:32:fd:b4:f3:84:5f:d9:14:42:a3:84:ba:58:c2:cd:4f:40:
         4c:2f:cb:8a:7b:e6:58:71:d1:af:f2:af:4a:8a:bd:e2:a6:f1:
         89:6a:ff:a4:69:5e:80:30:c2:1e:27:f2:96:2c:94:da:0b:82:
         ae:50:46:8b:21:a5:f0:c9:e1:ae:51:fe:f4:3c:2b:2d:43:d8:
         eb:20:b2:a3:0b:df:33:14:c8:6e:3f:59:20:00:0f:ad:46:fb:
         7f:98:6b:72:d5:79:9e:34:f5:d5:2e:a5:de:d7:d7:d6:b8:97:
         e7:84:f8:33:cd:d7:4f:64:72:76:81:6b:bf:f1:a6:28:91:cc:
         ae:01:e7:82
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAQJMlwLFfQkrd0TPi4ptJrVVhm4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzU3YTcwMTAyNDJkNjE3NmM2ODQ2OWI1YWI5Y2Q1ZDlh
OGNjNDg5NjQxZmMxMTMzODA1NTlkYzRlNjZiNjAxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWe66HFrJN4aZSMU3pT8wfkn7RlMxYHwWVJDaHmvcSR5PD
iUqtQigAmhHr/tRWwLNJ5KbiQGWVBUzplkabkXtVuxymzLAzOBGzNUH4eMuwY2VQ
7DfKJ/nbNd460OLzFiHf/z3CBCSZD8Dte5POqZejY/k0iSfOt9qKAvk0fQBVjQKJ
oUbg1mvyTObU5S3xTi+0IETmiqlLRw/xRaA0X8waQgy0R12XZ5ospeRCIv9jeUDv
QA64jd58PJxXvwccSSCIMABiJRUj/CjBArO9EjnBN0qNuvVT4nQpiidJzSWxvwka
3m29jnqbwQSWGAPgntAYseuI2Wb3zbLg0TkEAjKLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv13OynCmGYVy7GhCcHw/l5qPxEkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IzZDVhODQwLTUyNDctNGI3YS04MGNmLWNiOGFmOTQ5YWJmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOXlAgwDQYJKoZIhvcNAQELBQADggEBAMlzRMtgbwVZd9lg+gOvypWjsHm1
XkjfAIk9AGNeknHrH992faQfVm2LD6N4nFaY1khMJgGAP6Ab0Pk7B3VTAsenoewh
UpmmXHu78t8ndIkjzsjPvFWMdpqe1dRt9fBU+l/OLT81hcMwNf1MKrByqFpO7RXY
2DhSL6oCVmSosxoy/bTzhF/ZFEKjhLpYws1PQEwvy4p75lhx0a/yr0qKveKm8Ylq
/6RpXoAwwh4n8pYslNoLgq5QRoshpfDJ4a5R/vQ8Ky1D2OsgsqML3zMUyG4/WSAA
D61G+3+Ya3LVeZ409dUupd7X19a4l+eE+DPN109kcnaBa7/xpiiRzK4B54I=
-----END CERTIFICATE-----