Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/080d74bf-6db4-4e58-b6b7-b027b041f959.roa
File:                     080d74bf-6db4-4e58-b6b7-b027b041f959.roa (raw, json)
Hash identifier:          ZZizkiwWatB71XZ6s87zj7V67zjzy4pJ02jKmJQHa/I=
Subject key identifier:   4E:21:59:19:33:62:91:23:71:A1:14:C7:C1:96:E5:C4:4E:AA:91:2F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0149F5254E53B8B370322F3FF32447EE0A5A3ABF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/080d74bf-6db4-4e58-b6b7-b027b041f959.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        198.148.96.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:49:f5:25:4e:53:b8:b3:70:32:2f:3f:f3:24:47:ee:0a:5a:3a:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=f9fc98a7fc205bbb7c2aefeb83f360a547b0ab684b5c2eec081659df8d4a25cf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:80:5b:ba:a5:83:aa:29:60:d8:d0:1c:26:0d:
                    8d:db:41:50:bd:c0:ed:11:38:60:81:e6:b2:57:8d:
                    4f:27:67:cd:98:3c:d6:bc:32:0b:b5:32:e9:f7:0e:
                    23:7d:75:b2:77:d4:7f:c5:f6:dd:5d:45:4d:e9:5e:
                    b7:4b:d6:43:cb:04:d7:a9:3f:0f:61:70:43:61:59:
                    38:a6:82:f1:3f:7f:e7:df:42:9b:a6:84:41:ab:98:
                    b0:ad:03:54:5b:84:66:56:de:20:21:ec:22:12:67:
                    f8:80:b2:da:a8:72:fb:13:c1:7a:f9:54:dd:53:38:
                    fe:c5:d2:9e:dc:66:80:dc:74:a7:b8:bb:63:fb:52:
                    53:36:9b:e4:22:df:0d:38:09:64:dd:ee:fa:51:de:
                    0a:9f:fb:95:ae:52:bd:65:01:a6:69:cf:8c:6e:24:
                    ea:82:06:59:9a:b3:ba:00:03:48:7c:ae:04:9e:5a:
                    c9:d9:dc:df:6f:77:81:08:a9:86:55:8e:e4:81:d8:
                    68:6b:1a:f3:87:1a:4d:ab:7b:1f:9c:4a:16:3b:11:
                    91:e3:0a:ca:91:8f:e6:05:f1:d1:35:70:3d:c0:f9:
                    c2:b5:8b:56:64:c6:f4:7a:51:00:7d:e9:ec:76:fd:
                    d2:75:2d:13:a4:02:ca:64:c4:b2:c7:b8:6b:61:88:
                    ea:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:21:59:19:33:62:91:23:71:A1:14:C7:C1:96:E5:C4:4E:AA:91:2F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/080d74bf-6db4-4e58-b6b7-b027b041f959.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.148.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         cc:06:a3:40:c3:11:7d:7a:ac:16:2e:0d:e1:74:ce:5b:e0:81:
         f8:08:6e:62:8b:21:c1:88:cd:45:3a:20:f1:c9:d7:e8:a6:39:
         0a:27:f1:48:1e:8e:c3:de:0a:c9:cd:1e:bb:69:e5:d5:e8:d7:
         dc:4a:88:c3:92:a1:dd:c7:e1:bd:66:5a:62:70:0f:4c:ca:14:
         20:5e:61:24:e4:a7:a8:13:11:5a:ee:2c:81:35:bd:d3:a2:16:
         e5:3b:65:38:ee:b0:aa:bd:c2:ce:28:bb:2c:e5:74:64:0b:8a:
         de:58:ec:d7:ea:95:bd:cb:c2:74:4e:14:84:a7:19:63:88:2c:
         b8:32:bc:86:bf:c1:89:02:a7:9b:95:86:4b:28:40:24:78:cc:
         79:01:da:8a:55:44:3e:55:9c:bd:16:51:95:fd:55:6a:e7:dd:
         41:71:41:11:60:a0:af:60:09:71:5a:f7:61:d4:39:82:85:4a:
         d5:dd:71:31:0d:c0:b9:2f:be:1e:3a:1b:ad:6b:fc:d4:7a:0a:
         30:d2:18:7b:82:28:90:64:55:56:73:0e:5b:a7:02:65:e9:30:
         28:89:13:23:67:30:e6:9c:59:85:88:fc:6d:e0:d6:db:43:24:
         e8:86:ac:31:dd:b3:bf:a5:f6:a5:ba:b9:44:a1:f1:02:3e:9f:
         70:09:f9:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAUn1JU5TuLNwMi8/8yRH7gpaOr8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmOWZjOThhN2ZjMjA1YmJiN2MyYWVmZWI4M2YzNjBhNTQ3
YjBhYjY4NGI1YzJlZWMwODE2NTlkZjhkNGEyNWNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtgFu6pYOqKWDY0BwmDY3bQVC9wO0ROGCB5rJXjU8nZ82Y
PNa8Mgu1Mun3DiN9dbJ31H/F9t1dRU3pXrdL1kPLBNepPw9hcENhWTimgvE/f+ff
QpumhEGrmLCtA1RbhGZW3iAh7CISZ/iAstqocvsTwXr5VN1TOP7F0p7cZoDcdKe4
u2P7UlM2m+Qi3w04CWTd7vpR3gqf+5WuUr1lAaZpz4xuJOqCBlmas7oAA0h8rgSe
WsnZ3N9vd4EIqYZVjuSB2GhrGvOHGk2rex+cShY7EZHjCsqRj+YF8dE1cD3A+cK1
i1ZkxvR6UQB96ex2/dJ1LROkAspkxLLHuGthiOqTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTiFZGTNikSNxoRTHwZblxE6qkS8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA4MGQ3NGJmLTZkYjQtNGU1OC1iNmI3LWIwMjdiMDQxZjk1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAXGlGAwDQYJKoZIhvcNAQELBQADggEBAMwGo0DDEX16rBYuDeF0zlvggfgI
bmKLIcGIzUU6IPHJ1+imOQon8UgejsPeCsnNHrtp5dXo19xKiMOSod3H4b1mWmJw
D0zKFCBeYSTkp6gTEVruLIE1vdOiFuU7ZTjusKq9ws4ouyzldGQLit5Y7Nfqlb3L
wnROFISnGWOILLgyvIa/wYkCp5uVhksoQCR4zHkB2opVRD5VnL0WUZX9VWrn3UFx
QRFgoK9gCXFa92HUOYKFStXdcTENwLkvvh46G61r/NR6CjDSGHuCKJBkVVZzDlun
AmXpMCiJEyNnMOacWYWI/G3g1ttDJOiGrDHds7+l9qW6uUSh8QI+n3AJ+d4=
-----END CERTIFICATE-----