Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c8aa772-631f-4308-ac99-2035c49e2c27.roa
File:                     1c8aa772-631f-4308-ac99-2035c49e2c27.roa (raw, json)
Hash identifier:          OLClQ7bBktRDp0rDFj/1l5Hk7aETFRH3gooArVlel+s=
Subject key identifier:   65:3E:6C:47:92:30:06:5F:99:74:36:5D:E5:0A:90:F4:DF:B5:D9:A4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F64A1F543973DC6D4DDC5B1ECB7766B5944D972
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c8aa772-631f-4308-ac99-2035c49e2c27.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        151.148.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:64:a1:f5:43:97:3d:c6:d4:dd:c5:b1:ec:b7:76:6b:59:44:d9:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=ef198c22372b3db73b994275a8501945176da53824941c12d745446fc779b8fe, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a9:3b:7f:7d:48:be:96:57:31:b5:fa:84:aa:
                    69:6b:4e:b3:3e:10:aa:ea:f4:f7:bd:0d:7d:b4:55:
                    81:46:38:90:c5:ef:bf:4c:e7:ef:33:a4:7e:82:16:
                    31:c1:18:6c:2f:64:38:a1:53:64:34:e4:69:f4:db:
                    c6:17:62:f0:ba:43:eb:56:67:6c:56:bd:dd:ac:2d:
                    52:f2:0a:51:cf:96:b5:0e:c7:7b:74:20:00:60:3e:
                    0a:d4:75:7b:72:d4:42:f4:c1:25:d5:d8:d3:23:72:
                    9d:a4:00:ca:fb:99:35:67:8f:cc:0d:44:93:2b:26:
                    96:a6:55:67:f7:c2:4d:ba:11:e1:3e:0a:61:81:0d:
                    53:bf:cc:a8:03:c4:00:5f:7f:5e:40:a7:4d:d6:80:
                    53:0c:a0:74:63:e1:0d:16:3f:5f:f9:10:fc:1f:b6:
                    f7:7b:ac:0c:41:eb:66:f9:7d:62:ed:69:4c:37:ad:
                    07:dc:70:e5:af:df:f3:0d:e0:91:63:3b:c6:89:80:
                    a9:76:51:fa:a9:59:45:b8:9a:4b:1f:82:80:a5:00:
                    c8:6e:6c:0f:b2:be:6e:3b:01:99:17:bb:5b:64:62:
                    1d:a2:e3:0b:c6:bb:fa:33:cb:50:3a:28:00:b2:a2:
                    87:b0:4a:55:41:54:bd:e1:3d:3f:96:56:d0:d7:07:
                    8a:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3E:6C:47:92:30:06:5F:99:74:36:5D:E5:0A:90:F4:DF:B5:D9:A4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1c8aa772-631f-4308-ac99-2035c49e2c27.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6b:88:2c:98:ba:3c:83:68:14:89:53:5d:c5:6c:a7:dc:3a:a7:
         a7:71:5d:5f:20:68:36:cb:93:fb:1c:ab:ad:95:bc:71:69:af:
         db:36:6a:6f:d9:ef:25:41:93:1d:b9:1d:9b:ac:c3:0c:fa:bf:
         8a:15:9d:e0:e0:67:4c:a0:3d:b1:8b:21:ef:8b:96:6c:74:1c:
         10:17:69:d1:b8:f8:5c:41:10:df:0a:28:9e:ae:04:71:eb:34:
         1d:4a:53:93:50:4d:18:b3:3c:14:9a:7a:6b:31:af:18:e3:84:
         1a:d3:e8:2a:cf:82:fe:10:ec:73:9f:e3:be:99:cc:ad:a2:12:
         26:0e:d4:76:33:4d:c5:1d:c7:2c:e4:24:4e:14:68:34:64:4f:
         00:b0:45:54:cc:2e:7c:3b:28:bf:bb:25:e9:dc:30:5f:c1:96:
         0e:8a:c0:46:38:14:41:a5:dd:eb:b4:92:46:df:c3:61:4d:ac:
         88:38:b8:57:d2:16:cc:f2:8a:2c:2a:da:b4:08:02:53:11:75:
         eb:1d:f7:e7:be:79:df:68:7a:cd:ac:03:49:b3:ec:e8:1a:0b:
         bd:b0:11:ac:23:40:75:9e:d4:6c:69:7f:99:11:e4:2f:01:f0:
         4f:de:04:53:37:bd:9d:5e:ff:35:73:bb:96:42:a2:7b:6c:ca:
         c9:95:f3:a5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH2Sh9UOXPcbU3cWx7Ld2a1lE2XIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjE5OGMyMjM3MmIzZGI3M2I5OTQyNzVhODUwMTk0NTE3
NmRhNTM4MjQ5NDFjMTJkNzQ1NDQ2ZmM3NzliOGZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8qTt/fUi+llcxtfqEqmlrTrM+EKrq9Pe9DX20VYFGOJDF
779M5+8zpH6CFjHBGGwvZDihU2Q05Gn028YXYvC6Q+tWZ2xWvd2sLVLyClHPlrUO
x3t0IABgPgrUdXty1EL0wSXV2NMjcp2kAMr7mTVnj8wNRJMrJpamVWf3wk26EeE+
CmGBDVO/zKgDxABff15Ap03WgFMMoHRj4Q0WP1/5EPwftvd7rAxB62b5fWLtaUw3
rQfccOWv3/MN4JFjO8aJgKl2UfqpWUW4mksfgoClAMhubA+yvm47AZkXu1tkYh2i
4wvGu/ozy1A6KACyooewSlVBVL3hPT+WVtDXB4o7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZT5sR5IwBl+ZdDZd5QqQ9N+12aQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFjOGFhNzcyLTYzMWYtNDMwOC1hYzk5LTIwMzVjNDllMmMyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaXlEAwDQYJKoZIhvcNAQELBQADggEBAGuILJi6PINoFIlTXcVsp9w6p6dx
XV8gaDbLk/scq62VvHFpr9s2am/Z7yVBkx25HZuswwz6v4oVneDgZ0ygPbGLIe+L
lmx0HBAXadG4+FxBEN8KKJ6uBHHrNB1KU5NQTRizPBSaemsxrxjjhBrT6CrPgv4Q
7HOf476ZzK2iEiYO1HYzTcUdxyzkJE4UaDRkTwCwRVTMLnw7KL+7JencMF/Blg6K
wEY4FEGl3eu0kkbfw2FNrIg4uFfSFszyiiwq2rQIAlMRdesd9+e+ed9oes2sA0mz
7OgaC72wEawjQHWe1Gxpf5kR5C8B8E/eBFM3vZ1e/zVzu5ZContsysmV86U=
-----END CERTIFICATE-----