Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eabb088e-2f0c-4043-837d-4c113d8d2115.roa
File:                     eabb088e-2f0c-4043-837d-4c113d8d2115.roa (raw, json)
Hash identifier:          SOUcDwHTCnpG1ujBVu5SUQrDsTTeFqBSFVbUyJa7bPQ=
Subject key identifier:   C1:91:E3:17:BC:FE:C7:03:08:39:AA:C4:77:69:97:2B:7B:A4:6C:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C6838C64A8A15BA0251DB9D4A06AF5E5E590F3B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eabb088e-2f0c-4043-837d-4c113d8d2115.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.148.37.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:68:38:c6:4a:8a:15:ba:02:51:db:9d:4a:06:af:5e:5e:59:0f:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=8a7bc120ea0474f18f02291d87b8b756b030c12fefda7c82a42b644fb4c50895, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6a:f4:4d:03:df:61:9f:32:be:d0:a1:3f:33:
                    8a:92:52:47:0d:65:39:a7:4c:9d:56:98:91:0c:51:
                    eb:7c:94:da:2c:0a:b3:d7:20:27:ad:63:1f:0b:04:
                    8d:db:0f:a3:59:70:7e:f9:65:ba:a2:22:b2:e6:4a:
                    40:eb:12:09:2b:84:b2:93:bd:b0:4e:a0:d4:aa:fc:
                    df:c6:2b:6e:c9:ce:56:f2:09:d7:9b:a6:cf:bd:7d:
                    d0:04:68:4e:f3:82:09:47:c4:74:36:44:4c:7d:33:
                    fb:14:1e:d0:94:27:00:02:75:32:f3:e9:a2:0e:0d:
                    03:77:47:52:b8:63:4a:e2:a2:1c:8f:28:c3:ff:a1:
                    7a:28:8b:09:15:d0:55:bb:8e:f7:c6:b1:f6:81:45:
                    1d:03:3c:a5:a0:e8:d7:a7:9e:e9:63:c4:6a:af:14:
                    9c:1f:57:14:e9:cc:67:cf:be:79:f0:35:8a:77:46:
                    94:b1:95:97:16:b8:61:2b:37:bc:7c:2b:d3:94:99:
                    9a:1d:17:8a:c2:ab:bf:de:31:79:1b:47:b7:f0:1f:
                    10:f1:d0:8f:7b:22:ca:d7:1a:5d:51:3f:65:b7:85:
                    de:c6:c0:02:50:7f:9f:c9:e8:95:39:ed:f1:2a:6e:
                    2d:46:60:05:71:6d:0d:26:54:13:cd:7a:e8:09:e4:
                    07:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:91:E3:17:BC:FE:C7:03:08:39:AA:C4:77:69:97:2B:7B:A4:6C:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/eabb088e-2f0c-4043-837d-4c113d8d2115.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ca:56:18:3e:55:dc:a9:41:22:62:98:4d:e1:7a:74:6a:c8:7d:
         ec:a9:7f:e5:f4:2c:84:1d:bd:1d:29:c3:0a:d1:35:3b:f3:31:
         8b:eb:59:7a:71:53:1f:4f:02:3a:0c:2b:95:ec:a2:79:25:8e:
         e9:9b:39:34:3e:20:3e:d6:83:f5:a4:1c:5f:0a:0a:65:b0:e5:
         75:0e:b0:cf:63:8b:c1:d1:04:b0:2e:85:bb:28:5c:24:11:b0:
         a2:38:12:73:b2:0d:98:d1:54:d5:3b:7b:fc:cf:cb:8e:d7:45:
         5b:7a:db:89:f9:07:83:35:4d:fd:ed:96:d4:f5:0e:1d:77:2a:
         dd:4f:81:7c:c8:48:f9:46:ce:f2:25:38:12:4e:bc:e0:33:76:
         f8:37:bf:18:02:08:72:5d:a8:d2:95:81:5e:6a:82:87:71:7d:
         63:ac:3d:2a:1c:76:11:a5:18:d8:87:de:b9:44:41:2c:f6:c1:
         c3:2e:d5:2f:9f:b4:4f:c5:15:4d:fc:37:58:35:bc:a1:bf:b4:
         5a:2d:80:d7:78:56:0b:a6:7b:ee:1f:5a:a9:8a:73:b8:f4:84:
         d2:0b:ab:8d:80:2f:f1:9b:5b:5b:7b:c0:67:95:3a:87:c0:dd:
         3d:cc:4d:ec:24:40:f3:59:11:f2:3c:ca:26:f1:0f:31:90:e5:
         e9:bf:f4:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXGg4xkqKFboCUdudSgavXl5ZDzswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YTdiYzEyMGVhMDQ3NGYxOGYwMjI5MWQ4N2I4Yjc1NmIw
MzBjMTJmZWZkYTdjODJhNDJiNjQ0ZmI0YzUwODk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDBavRNA99hnzK+0KE/M4qSUkcNZTmnTJ1WmJEMUet8lNos
CrPXICetYx8LBI3bD6NZcH75ZbqiIrLmSkDrEgkrhLKTvbBOoNSq/N/GK27Jzlby
Cdebps+9fdAEaE7zgglHxHQ2REx9M/sUHtCUJwACdTLz6aIODQN3R1K4Y0riohyP
KMP/oXooiwkV0FW7jvfGsfaBRR0DPKWg6NennuljxGqvFJwfVxTpzGfPvnnwNYp3
RpSxlZcWuGErN7x8K9OUmZodF4rCq7/eMXkbR7fwHxDx0I97IsrXGl1RP2W3hd7G
wAJQf5/J6JU57fEqbi1GYAVxbQ0mVBPNeugJ5AeLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwZHjF7z+xwMIOarEd2mXK3ukbMswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhYmIwODhlLTJmMGMtNDA0My04MzdkLTRjMTEzZDhkMjExNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACXlCUwDQYJKoZIhvcNAQELBQADggEBAMpWGD5V3KlBImKYTeF6dGrIfeyp
f+X0LIQdvR0pwwrRNTvzMYvrWXpxUx9PAjoMK5XsonkljumbOTQ+ID7Wg/WkHF8K
CmWw5XUOsM9ji8HRBLAuhbsoXCQRsKI4EnOyDZjRVNU7e/zPy47XRVt624n5B4M1
Tf3tltT1Dh13Kt1PgXzISPlGzvIlOBJOvOAzdvg3vxgCCHJdqNKVgV5qgodxfWOs
PSocdhGlGNiH3rlEQSz2wcMu1S+ftE/FFU38N1g1vKG/tFotgNd4Vgume+4fWqmK
c7j0hNILq42AL/GbW1t7wGeVOofA3T3MTewkQPNZEfI8yibxDzGQ5em/9IM=
-----END CERTIFICATE-----