Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f3b945a-7185-4b8f-b6ae-6eba55ab79a8.roa
File:                     3f3b945a-7185-4b8f-b6ae-6eba55ab79a8.roa (raw, json)
Hash identifier:          JwGSjgEsx0AaHqtHWTBQUy24jZQ+5qUMuUwXZEK0GTA=
Subject key identifier:   65:FA:8D:C4:FA:88:BF:95:B5:42:4B:E6:28:76:B3:47:94:60:E0:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7504055A9222CC28D4CEA6D575B81751CB8609FD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f3b945a-7185-4b8f-b6ae-6eba55ab79a8.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        159.157.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:04:05:5a:92:22:cc:28:d4:ce:a6:d5:75:b8:17:51:cb:86:09:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=18fc07cb2913dc0fe5fc9640762cddfe4f09f63b0defdcbd3351286916c9b689, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7a:0b:05:94:b9:d2:79:e0:c9:f4:91:51:4a:
                    7b:1b:77:d7:dc:59:ca:7c:6d:15:2d:ec:4c:90:a3:
                    01:2f:61:d5:77:b4:fa:b4:9e:71:41:c8:83:20:7f:
                    59:bc:36:c9:39:f8:db:5c:0c:88:25:f2:e0:e6:f1:
                    99:c7:96:b7:4f:78:5d:66:e2:3f:19:74:95:2b:4b:
                    e2:80:87:87:4d:f1:1b:26:18:4c:d7:f0:50:22:a7:
                    5b:be:91:0f:7b:2b:03:6b:21:09:96:ea:fd:e6:8a:
                    41:09:da:7d:65:55:24:41:1f:69:f7:70:71:d8:50:
                    23:56:0a:10:2a:bc:07:42:1b:7a:e4:6d:a4:be:98:
                    c3:bf:68:3b:e2:88:85:ca:51:5e:1c:4b:9f:98:0c:
                    e2:83:6d:d5:4d:48:5b:03:25:47:42:57:97:3d:91:
                    77:56:c1:4d:b1:08:36:c2:99:b4:73:2c:cc:af:3c:
                    8a:36:9c:98:5d:73:25:5c:3e:90:ed:f4:d1:17:07:
                    46:db:a3:dd:f6:ed:70:4a:05:28:53:53:77:60:32:
                    52:67:5d:a4:87:4d:1c:4b:4e:98:1f:df:d0:47:60:
                    75:d0:cd:ca:8e:36:45:61:d9:75:b4:b2:75:bf:b9:
                    1b:b0:a9:58:03:e1:75:0f:27:7e:1d:6b:89:74:83:
                    e7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:FA:8D:C4:FA:88:BF:95:B5:42:4B:E6:28:76:B3:47:94:60:E0:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f3b945a-7185-4b8f-b6ae-6eba55ab79a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:7d:87:df:a7:dc:40:60:af:ee:c1:df:0c:71:e8:f8:55:e7:
         17:db:3d:17:ca:4e:00:ee:00:11:71:b9:45:72:9d:de:25:fb:
         25:3f:ef:64:dc:e5:f9:fb:8d:61:69:95:8e:ac:db:8a:04:4f:
         1e:a1:b3:f3:11:69:69:bd:37:64:6c:04:f0:f0:be:ca:dd:d4:
         60:7a:2f:70:1b:42:b8:89:a5:4f:64:c2:41:dc:6c:39:e0:2d:
         7e:cd:b1:8e:a5:66:c0:38:44:1b:10:31:d6:76:03:9c:4f:b4:
         f8:c6:dc:5f:9f:4f:35:5b:6d:bd:a6:6f:b1:95:4e:61:87:d6:
         96:42:aa:c2:b9:c3:d8:10:85:5d:4a:51:9a:33:fe:bb:ec:2a:
         2e:44:7e:62:67:8e:9d:73:d0:01:7c:af:38:06:86:1d:5e:97:
         14:e4:d9:b7:65:92:10:26:57:42:7e:63:05:4a:aa:16:32:38:
         5d:ac:66:f9:ad:82:e2:1d:e2:81:63:08:69:d7:0d:a5:79:7b:
         db:a6:93:11:aa:76:1e:ea:14:bc:df:e2:1f:02:96:2d:2c:69:
         fd:7e:fa:98:ec:49:b1:a6:8d:e6:da:94:d0:e5:eb:6d:81:28:
         3c:d8:c2:25:2b:4b:45:50:68:6f:5f:0e:ba:7c:4e:56:05:0a:
         80:c0:3c:ee
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdQQFWpIizCjUzqbVdbgXUcuGCf0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxOGZjMDdjYjI5MTNkYzBmZTVmYzk2NDA3NjJjZGRmZTRm
MDlmNjNiMGRlZmRjYmQzMzUxMjg2OTE2YzliNjg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4egsFlLnSeeDJ9JFRSnsbd9fcWcp8bRUt7EyQowEvYdV3
tPq0nnFByIMgf1m8Nsk5+NtcDIgl8uDm8ZnHlrdPeF1m4j8ZdJUrS+KAh4dN8Rsm
GEzX8FAip1u+kQ97KwNrIQmW6v3mikEJ2n1lVSRBH2n3cHHYUCNWChAqvAdCG3rk
baS+mMO/aDviiIXKUV4cS5+YDOKDbdVNSFsDJUdCV5c9kXdWwU2xCDbCmbRzLMyv
PIo2nJhdcyVcPpDt9NEXB0bbo9327XBKBShTU3dgMlJnXaSHTRxLTpgf39BHYHXQ
zcqONkVh2XW0snW/uRuwqVgD4XUPJ34da4l0g+edAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZfqNxPqIv5W1QkvmKHazR5Rg4AUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmM2I5NDVhLTcxODUtNGI4Zi1iNmFlLTZlYmE1NWFiNzlhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCfnTANBgkqhkiG9w0BAQsFAAOCAQEAoH2H36fcQGCv7sHfDHHo+FXnF9s9
F8pOAO4AEXG5RXKd3iX7JT/vZNzl+fuNYWmVjqzbigRPHqGz8xFpab03ZGwE8PC+
yt3UYHovcBtCuImlT2TCQdxsOeAtfs2xjqVmwDhEGxAx1nYDnE+0+MbcX59PNVtt
vaZvsZVOYYfWlkKqwrnD2BCFXUpRmjP+u+wqLkR+YmeOnXPQAXyvOAaGHV6XFOTZ
t2WSECZXQn5jBUqqFjI4Xaxm+a2C4h3igWMIadcNpXl726aTEap2HuoUvN/iHwKW
LSxp/X76mOxJsaaN5tqU0OXrbYEoPNjCJStLRVBob18OunxOVgUKgMA87g==
-----END CERTIFICATE-----