Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb1f04ba-37ef-425b-b545-23d523a33cfb.roa
File:                     cb1f04ba-37ef-425b-b545-23d523a33cfb.roa (raw, json)
Hash identifier:          u5pJyRZ0TXHf1D8TWNl4hpy9t2tSfu13Yk2OoWvgSVk=
Subject key identifier:   47:97:2C:7F:62:18:D3:2F:1E:B2:64:19:12:D2:09:92:03:2D:D0:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       42D47E9DF7A46DDB829B9ED00DA36420194E89B0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb1f04ba-37ef-425b-b545-23d523a33cfb.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        135.159.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d4:7e:9d:f7:a4:6d:db:82:9b:9e:d0:0d:a3:64:20:19:4e:89:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=b5a8ac97a0a5ccb47cbf6111276b4bd64ede36d932b411c052fea5037c441478, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9d:36:97:16:a3:d4:43:b9:cc:bd:a6:98:62:
                    60:11:95:56:56:4e:da:97:d0:21:6b:81:b9:bf:18:
                    9c:85:43:62:33:57:7d:97:1d:d8:ad:ea:d9:70:6c:
                    fb:00:e0:82:0c:f9:46:ba:48:92:2b:d8:cf:fb:83:
                    77:76:16:4f:39:f9:03:3f:44:b0:93:99:5c:1c:de:
                    1e:7d:3f:78:f4:2f:2b:99:ee:36:79:b9:26:3f:6a:
                    73:f6:31:57:73:5e:e0:59:21:de:04:23:f5:01:00:
                    2d:ae:de:22:2d:70:4a:ab:5e:cb:d3:fc:7b:ab:1f:
                    a6:a7:dd:8d:2a:0d:80:5a:6b:c3:ce:df:84:de:e5:
                    68:7a:c7:c0:26:46:13:5d:4c:3b:24:3d:d9:9c:f5:
                    fc:5b:7f:22:27:8d:68:2a:1c:f9:05:1b:0d:25:e6:
                    e2:7f:3b:72:b0:a6:bb:5c:05:be:c3:ef:3f:22:f7:
                    8c:39:81:32:35:4e:b4:11:c3:ad:27:03:2e:10:15:
                    f5:b4:fb:6a:21:09:e9:c0:59:a3:48:0b:26:06:40:
                    04:20:6c:82:a2:d0:fc:25:18:2e:db:3e:df:49:88:
                    b5:a2:2a:d6:cd:a1:62:af:f6:5c:d6:38:c6:af:9b:
                    5f:5c:23:3a:92:83:c1:6f:b5:fb:71:c7:b2:2f:45:
                    95:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:97:2C:7F:62:18:D3:2F:1E:B2:64:19:12:D2:09:92:03:2D:D0:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb1f04ba-37ef-425b-b545-23d523a33cfb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  135.159.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         07:16:43:40:17:d9:ec:fe:09:de:92:2c:c3:ae:ce:31:5a:20:
         21:30:06:d9:44:9a:7a:ab:c5:d2:3a:d3:c6:13:af:7d:71:27:
         e4:da:24:27:c6:a1:79:79:97:c4:ae:fa:48:e9:22:ea:56:f9:
         71:d3:7a:2c:cb:66:c0:c2:3d:a7:53:3c:8a:59:05:4a:3b:07:
         d2:15:e0:b5:9e:5d:46:05:c2:8f:11:78:b3:50:06:2f:e6:35:
         6e:dd:cc:1f:02:73:82:44:f6:4e:98:64:09:32:72:2b:d2:64:
         56:65:3e:29:7d:67:ef:c9:1b:ee:f6:cf:f9:64:76:47:46:f9:
         c7:36:f4:ff:c5:62:3f:32:20:d8:60:88:02:0c:c4:d8:7e:cb:
         bd:33:73:e1:4f:a4:c5:fd:5e:11:c5:70:f7:77:ec:1f:e1:43:
         69:af:c4:d1:58:1e:4e:7b:c8:91:d6:26:0a:ac:3d:82:65:a7:
         e5:aa:ad:47:b3:f6:32:32:fc:c8:f3:d5:94:bf:50:cb:e1:5c:
         ac:7a:f0:a6:bf:39:e0:ff:9e:71:24:db:02:95:60:9b:ff:57:
         f4:bb:ae:a6:25:79:3a:99:fb:a8:26:a8:28:31:98:3d:ad:7b:
         2d:97:70:a8:4d:4a:cf:f2:52:8b:27:c3:f2:b7:31:e2:4c:f4:
         94:20:1e:80
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQtR+nfekbduCm57QDaNkIBlOibAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiNWE4YWM5N2EwYTVjY2I0N2NiZjYxMTEyNzZiNGJkNjRl
ZGUzNmQ5MzJiNDExYzA1MmZlYTUwMzdjNDQxNDc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFnTaXFqPUQ7nMvaaYYmARlVZWTtqX0CFrgbm/GJyFQ2Iz
V32XHdit6tlwbPsA4IIM+Ua6SJIr2M/7g3d2Fk85+QM/RLCTmVwc3h59P3j0LyuZ
7jZ5uSY/anP2MVdzXuBZId4EI/UBAC2u3iItcEqrXsvT/HurH6an3Y0qDYBaa8PO
34Te5Wh6x8AmRhNdTDskPdmc9fxbfyInjWgqHPkFGw0l5uJ/O3KwprtcBb7D7z8i
94w5gTI1TrQRw60nAy4QFfW0+2ohCenAWaNICyYGQAQgbIKi0PwlGC7bPt9JiLWi
KtbNoWKv9lzWOMavm19cIzqSg8Fvtftxx7IvRZWlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUR5csf2IY0y8esmQZEtIJkgMt0IYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiMWYwNGJhLTM3ZWYtNDI1Yi1iNTQ1LTIzZDUyM2EzM2NmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCHnzANBgkqhkiG9w0BAQsFAAOCAQEABxZDQBfZ7P4J3pIsw67OMVogITAG
2USaeqvF0jrTxhOvfXEn5NokJ8aheXmXxK76SOki6lb5cdN6LMtmwMI9p1M8ilkF
SjsH0hXgtZ5dRgXCjxF4s1AGL+Y1bt3MHwJzgkT2TphkCTJyK9JkVmU+KX1n78kb
7vbP+WR2R0b5xzb0/8ViPzIg2GCIAgzE2H7LvTNz4U+kxf1eEcVw93fsH+FDaa/E
0VgeTnvIkdYmCqw9gmWn5aqtR7P2MjL8yPPVlL9Qy+FcrHrwpr854P+ecSTbApVg
m/9X9LuupiV5Opn7qCaoKDGYPa17LZdwqE1Kz/JSiyfD8rcx4kz0lCAegA==
-----END CERTIFICATE-----