Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db6a2b4-0538-45a4-850a-1a634c9433d2.roa
File:                     2db6a2b4-0538-45a4-850a-1a634c9433d2.roa (raw, json)
Hash identifier:          zvKUmGoQ+GGTIjE3RZm2puBVQskfYrZg5LrHcbQAkmY=
Subject key identifier:   D5:F1:28:30:23:B2:21:A1:DB:35:41:A0:24:73:FA:81:FD:16:B4:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1DF85351E4DFE300AA7E7E0232FE59A967F1147A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db6a2b4-0538-45a4-850a-1a634c9433d2.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        107.150.192.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:f8:53:51:e4:df:e3:00:aa:7e:7e:02:32:fe:59:a9:67:f1:14:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=30dd5f9b54547d2de335f48f1c1ffc91a8e5c6772b11d3e630837d681860d5e6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c1:68:2a:18:5b:c7:07:d8:de:7d:b7:8d:29:
                    24:e4:4a:16:cd:40:ab:e7:ed:f0:89:24:83:bc:c3:
                    40:97:d6:65:fc:b2:4e:41:49:5a:1d:d8:37:45:6a:
                    de:c7:ab:b3:83:81:ab:61:b8:e2:de:e9:a3:c5:53:
                    4e:18:53:85:1b:73:ee:83:df:44:9c:a6:b7:48:b3:
                    85:0f:8e:19:db:b2:a9:a0:d9:68:ac:a1:78:ae:cd:
                    91:60:7e:3d:94:42:39:dc:e0:b9:ae:0a:d1:ca:16:
                    22:df:bd:3c:d8:3f:9d:92:d6:02:89:e0:02:1c:c5:
                    22:a6:bb:a9:c6:2f:27:b0:df:73:e9:55:16:e7:8a:
                    d2:86:7b:8b:b6:7d:b1:fa:7a:da:51:de:5d:a7:88:
                    47:e9:f0:1e:b1:01:05:d4:1a:55:c0:6c:33:21:f2:
                    5f:94:02:1b:01:2f:0b:96:0a:d0:36:86:d2:a7:03:
                    9c:c2:23:24:b5:fc:0e:e4:c8:7c:19:a5:48:58:fa:
                    5a:22:2f:49:4b:00:2e:e8:a1:17:90:cc:7b:51:9d:
                    87:14:31:c7:a4:de:17:e3:3c:25:51:67:d8:71:8a:
                    e3:96:26:33:a6:bf:79:84:8d:5e:9e:d2:b7:1d:cf:
                    73:01:6e:a4:44:59:19:e6:90:c6:ef:0a:23:67:21:
                    21:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F1:28:30:23:B2:21:A1:DB:35:41:A0:24:73:FA:81:FD:16:B4:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2db6a2b4-0538-45a4-850a-1a634c9433d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.150.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         44:dd:9c:fd:c9:aa:dc:73:1e:c7:fa:42:69:06:15:83:fa:c0:
         86:7a:be:78:d2:c0:5e:70:88:0d:aa:f6:b6:66:eb:7a:dd:b5:
         6f:32:48:6c:52:58:b1:fc:a9:2a:30:5e:c0:cc:b2:6f:f4:a1:
         05:e7:b8:d7:a7:82:7e:82:81:fa:1c:0b:49:4c:c6:60:2b:9e:
         1b:eb:f6:96:81:e4:25:b6:70:37:fa:93:b9:db:1b:48:01:7c:
         5e:6d:50:b5:07:3c:40:08:ad:9e:61:4f:45:43:a3:51:87:61:
         5f:f7:f2:67:c3:83:27:4d:65:f7:f3:99:f0:6c:e9:31:c4:7e:
         08:aa:3e:12:3d:7f:34:9f:9e:40:8c:97:af:5a:84:47:1f:27:
         1d:a3:0e:93:6a:01:87:5e:3f:d8:75:23:9a:71:49:6d:cc:96:
         ea:52:91:f9:dc:28:89:55:67:1f:ac:79:71:cc:cc:5b:ef:c3:
         fb:93:b4:55:c4:5b:37:1c:c3:b8:43:91:26:98:12:07:58:29:
         9c:e5:fb:ee:3b:f4:1e:1b:bb:18:f8:66:4b:a8:05:85:c8:17:
         99:a1:09:94:ef:79:d5:83:b6:75:ba:e5:9a:7e:8f:99:60:57:
         12:38:1d:3f:70:c4:b2:f2:dd:2c:0c:77:06:fb:17:5e:25:ec:
         7d:06:cc:dd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHfhTUeTf4wCqfn4CMv5ZqWfxFHowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzMGRkNWY5YjU0NTQ3ZDJkZTMzNWY0OGYxYzFmZmM5MWE4
ZTVjNjc3MmIxMWQzZTYzMDgzN2Q2ODE4NjBkNWU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCowWgqGFvHB9jefbeNKSTkShbNQKvn7fCJJIO8w0CX1mX8
sk5BSVod2DdFat7Hq7ODgathuOLe6aPFU04YU4Ubc+6D30ScprdIs4UPjhnbsqmg
2WisoXiuzZFgfj2UQjnc4LmuCtHKFiLfvTzYP52S1gKJ4AIcxSKmu6nGLyew33Pp
VRbnitKGe4u2fbH6etpR3l2niEfp8B6xAQXUGlXAbDMh8l+UAhsBLwuWCtA2htKn
A5zCIyS1/A7kyHwZpUhY+loiL0lLAC7ooReQzHtRnYcUMcek3hfjPCVRZ9hxiuOW
JjOmv3mEjV6e0rcdz3MBbqREWRnmkMbvCiNnISFPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1fEoMCOyIaHbNUGgJHP6gf0WtO0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkYjZhMmI0LTA1MzgtNDVhNC04NTBhLTFhNjM0Yzk0MzNkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVrlsAwDQYJKoZIhvcNAQELBQADggEBAETdnP3JqtxzHsf6QmkGFYP6wIZ6
vnjSwF5wiA2q9rZm63rdtW8ySGxSWLH8qSowXsDMsm/0oQXnuNengn6CgfocC0lM
xmArnhvr9paB5CW2cDf6k7nbG0gBfF5tULUHPEAIrZ5hT0VDo1GHYV/38mfDgydN
ZffzmfBs6THEfgiqPhI9fzSfnkCMl69ahEcfJx2jDpNqAYdeP9h1I5pxSW3MlupS
kfncKIlVZx+seXHMzFvvw/uTtFXEWzccw7hDkSaYEgdYKZzl++479B4buxj4Zkuo
BYXIF5mhCZTvedWDtnW65Zp+j5lgVxI4HT9wxLLy3SwMdwb7F14l7H0GzN0=
-----END CERTIFICATE-----