Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bd5a2ef-f97f-49d1-b1a6-425ddca1c806.roa
File:                     1bd5a2ef-f97f-49d1-b1a6-425ddca1c806.roa (raw, json)
Hash identifier:          e2tne24KZrziQHf8nuMROFRDZDkMdoKzibLTWVydagc=
Subject key identifier:   31:CE:8C:86:C2:AC:5A:BE:B1:13:FE:0E:3C:33:55:1F:93:BF:31:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EA975C4A4626722C52951D729C74B8F600AC89F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bd5a2ef-f97f-49d1-b1a6-425ddca1c806.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        151.134.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a9:75:c4:a4:62:67:22:c5:29:51:d7:29:c7:4b:8f:60:0a:c8:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=49638a2a2dbfe4bd3ec36afaccc88ee69ccc14f28a9b5e877e85498684581195, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:63:81:4f:a5:64:68:02:cf:86:3d:f7:1d:d4:
                    97:3a:35:dd:67:22:f0:b8:62:97:cc:56:da:1d:e4:
                    49:cb:9d:c3:49:22:b0:3c:a1:9e:6d:80:d1:29:a8:
                    0b:f2:88:41:fb:cd:43:25:09:5b:58:5b:5e:07:e9:
                    9e:32:93:88:30:ff:8b:c4:30:93:38:f7:6a:89:77:
                    d3:eb:d6:8d:c0:26:a0:d0:6d:06:db:71:95:ee:8c:
                    37:8c:de:33:2e:ab:2c:d7:a9:c5:0e:84:fd:cb:dc:
                    d0:0b:0f:48:ff:47:cb:03:a2:47:8d:01:17:89:3a:
                    c8:d8:29:0a:85:4b:35:1f:50:75:02:da:c1:2b:c1:
                    92:e0:0e:a6:91:68:d2:fc:e5:d3:3e:93:99:04:ba:
                    98:85:47:4b:d3:a0:90:a6:1c:a1:1c:90:6c:84:05:
                    4f:46:ae:8a:5e:1f:05:98:d5:27:bf:f1:b1:84:d3:
                    83:1e:4b:7d:4f:f6:12:09:82:ec:66:8e:54:d0:05:
                    aa:2c:43:ee:6b:4c:2b:4a:a5:da:aa:cc:55:a2:52:
                    2d:32:60:11:24:7d:ac:63:78:dc:a1:7f:eb:25:4e:
                    28:fa:f7:68:27:43:a8:0e:35:b3:9f:fa:06:ef:e1:
                    ac:81:d9:4a:63:cc:db:c1:3e:96:01:86:ad:ea:d8:
                    e5:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:CE:8C:86:C2:AC:5A:BE:B1:13:FE:0E:3C:33:55:1F:93:BF:31:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1bd5a2ef-f97f-49d1-b1a6-425ddca1c806.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.134.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:89:b3:81:f2:d7:a4:9c:f2:b9:bc:c7:ba:a7:e0:0d:e2:f3:
         d4:f6:4f:89:b5:79:f0:fd:ae:ba:94:d6:2d:04:83:23:be:cc:
         77:bc:3b:c5:3c:92:73:60:39:7d:05:35:d6:86:65:b4:07:1b:
         e0:67:22:77:4d:72:7c:f4:ba:b1:3e:71:ad:1a:9e:7d:34:3e:
         e7:aa:98:00:da:5b:b6:b2:a7:38:9f:78:c7:8d:52:e1:8a:5b:
         23:8d:f0:8a:5f:8b:33:be:14:0f:e8:b9:a4:4a:3b:9d:b8:d6:
         b4:0f:50:7e:49:1b:90:3f:d7:9b:9a:83:41:47:c5:97:7a:77:
         d5:e9:d5:a9:e3:d3:d0:46:92:03:c2:ad:97:ae:cb:54:25:5c:
         ca:5f:1f:66:d6:ea:a4:e0:5a:90:b9:e2:9f:29:7f:43:6b:66:
         3b:49:c1:4d:02:e3:2d:b6:df:78:94:2d:27:ac:24:ca:a2:bb:
         f2:5e:21:9d:29:04:c0:bf:fb:1f:6d:2a:bb:39:29:0f:5d:94:
         15:ba:74:4b:7a:6c:1b:bb:34:c9:e9:2c:6e:78:e4:d3:26:c8:
         aa:1b:99:f5:60:82:05:eb:25:c6:10:8d:19:b1:dd:6f:b4:fd:
         bc:78:c9:40:99:40:55:6b:8d:89:f8:b8:32:f1:9f:10:a4:90:
         0c:1f:aa:90
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHql1xKRiZyLFKVHXKcdLj2AKyJ8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTYzOGEyYTJkYmZlNGJkM2VjMzZhZmFjY2M4OGVlNjlj
Y2MxNGYyOGE5YjVlODc3ZTg1NDk4Njg0NTgxMTk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNY4FPpWRoAs+GPfcd1Jc6Nd1nIvC4YpfMVtod5EnLncNJ
IrA8oZ5tgNEpqAvyiEH7zUMlCVtYW14H6Z4yk4gw/4vEMJM492qJd9Pr1o3AJqDQ
bQbbcZXujDeM3jMuqyzXqcUOhP3L3NALD0j/R8sDokeNAReJOsjYKQqFSzUfUHUC
2sErwZLgDqaRaNL85dM+k5kEupiFR0vToJCmHKEckGyEBU9GropeHwWY1Se/8bGE
04MeS31P9hIJguxmjlTQBaosQ+5rTCtKpdqqzFWiUi0yYBEkfaxjeNyhf+slTij6
92gnQ6gONbOf+gbv4ayB2UpjzNvBPpYBhq3q2OW3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMc6MhsKsWr6xE/4OPDNVH5O/MT0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiZDVhMmVmLWY5N2YtNDlkMS1iMWE2LTQyNWRkY2ExYzgwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCXhjANBgkqhkiG9w0BAQsFAAOCAQEAoYmzgfLXpJzyubzHuqfgDeLz1PZP
ibV58P2uupTWLQSDI77Md7w7xTySc2A5fQU11oZltAcb4Gcid01yfPS6sT5xrRqe
fTQ+56qYANpbtrKnOJ94x41S4YpbI43wil+LM74UD+i5pEo7nbjWtA9QfkkbkD/X
m5qDQUfFl3p31enVqePT0EaSA8Ktl67LVCVcyl8fZtbqpOBakLninyl/Q2tmO0nB
TQLjLbbfeJQtJ6wkyqK78l4hnSkEwL/7H20quzkpD12UFbp0S3psG7s0yeksbnjk
0ybIqhuZ9WCCBeslxhCNGbHdb7T9vHjJQJlAVWuNifi4MvGfEKSQDB+qkA==
-----END CERTIFICATE-----