Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a19964c-b21a-4d10-b37e-6ab20977e96d.roa
File:                     4a19964c-b21a-4d10-b37e-6ab20977e96d.roa (raw, json)
Hash identifier:          rNyDcDaSP4T0xZtZSSxUjd5N/n8+BKKQYiogTN6IdLA=
Subject key identifier:   AB:DB:E3:31:67:D6:62:67:F6:3C:44:58:89:2C:46:FE:11:56:97:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       196A1F9C58958C8EF08729C63C09CB26E5920756
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a19964c-b21a-4d10-b37e-6ab20977e96d.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.159.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:6a:1f:9c:58:95:8c:8e:f0:87:29:c6:3c:09:cb:26:e5:92:07:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=a232f679395f44f18d92b2d63ffadc391bd7ace18370e62598e7a7091a65342e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:44:be:8b:59:d8:ea:87:bc:23:39:94:e6:5a:
                    bb:bf:4e:7e:73:b0:84:50:b4:1f:a7:03:3f:2d:fd:
                    42:f1:5c:56:de:5e:c8:75:29:34:68:8b:16:6e:39:
                    a2:76:6f:a1:54:3f:22:0a:9f:e9:7e:91:4e:7e:6c:
                    26:cd:a2:f6:cd:eb:b2:75:06:e6:80:a9:7d:5f:64:
                    c7:6e:d7:0a:9e:22:5f:ea:c8:02:b7:73:c2:60:af:
                    cf:af:74:c8:13:0e:07:b3:c6:54:95:5b:62:13:42:
                    1b:c6:6a:95:c2:dc:08:eb:04:98:0a:64:ec:00:79:
                    90:55:7e:9c:cc:81:0a:f6:0b:7c:1d:b7:ee:22:cb:
                    d5:d4:6e:14:17:0b:9b:0d:df:db:44:6f:78:52:27:
                    3e:91:d7:eb:1a:e7:48:ed:ee:0b:59:9e:21:93:f6:
                    26:22:1d:d5:a0:12:fb:3c:cd:43:e2:d5:69:e9:42:
                    3c:33:18:71:93:0d:18:ec:70:2f:72:ca:3b:dc:62:
                    62:d1:b3:64:e7:65:bb:83:52:88:22:98:a4:09:b8:
                    65:b0:3b:91:85:af:bb:6d:5a:58:4f:93:95:9e:ab:
                    7b:c4:1c:6e:a5:19:ef:d1:6f:01:15:d7:dc:75:77:
                    b1:dc:c5:f2:64:0b:1d:e7:5b:61:eb:90:16:04:33:
                    40:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:DB:E3:31:67:D6:62:67:F6:3C:44:58:89:2C:46:FE:11:56:97:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a19964c-b21a-4d10-b37e-6ab20977e96d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.159.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         97:86:c4:b0:09:57:4b:01:45:fe:a7:79:24:38:6d:f1:bd:c7:
         aa:42:23:2b:f7:3d:42:02:4e:23:f0:4a:d1:86:6a:48:ff:70:
         84:0d:a6:24:af:67:3f:e3:be:6e:a7:7e:83:e6:dd:1e:94:94:
         fb:d0:98:31:a1:a3:fe:1d:f4:af:d3:7a:18:55:d3:58:c0:60:
         b0:ba:ff:d5:25:dd:9c:8a:a5:f5:bb:62:80:c2:30:46:b6:81:
         84:fa:1b:47:53:56:4f:53:f3:5c:4c:69:4b:60:08:5a:b1:0a:
         08:a1:a5:4b:60:96:79:e6:a6:09:d3:c9:4c:00:3f:40:34:b0:
         ee:b7:71:c0:0b:8f:2c:17:84:6b:91:e0:37:de:cf:2a:ad:09:
         23:cd:fb:7c:57:dd:16:64:04:7d:90:78:dc:0b:19:13:a4:08:
         77:64:78:68:c6:eb:4b:94:e1:bc:54:10:fe:16:9c:e8:d5:1e:
         90:ef:50:fe:f9:c8:03:0b:52:58:5f:9b:56:e3:98:6a:18:90:
         60:f4:6f:a0:bb:ed:4f:2d:9e:3d:c9:87:0d:78:37:af:08:35:
         f1:8c:26:bb:bf:de:33:24:4b:61:31:9f:d5:4a:87:2f:98:91:
         5f:ad:66:88:1e:17:86:5d:22:98:1f:35:fd:42:0c:69:09:a1:
         02:1b:b1:42
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGWofnFiVjI7whynGPAnLJuWSB1YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjMyZjY3OTM5NWY0NGYxOGQ5MmIyZDYzZmZhZGMzOTFi
ZDdhY2UxODM3MGU2MjU5OGU3YTcwOTFhNjUzNDJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfRL6LWdjqh7wjOZTmWru/Tn5zsIRQtB+nAz8t/ULxXFbe
Xsh1KTRoixZuOaJ2b6FUPyIKn+l+kU5+bCbNovbN67J1BuaAqX1fZMdu1wqeIl/q
yAK3c8Jgr8+vdMgTDgezxlSVW2ITQhvGapXC3AjrBJgKZOwAeZBVfpzMgQr2C3wd
t+4iy9XUbhQXC5sN39tEb3hSJz6R1+sa50jt7gtZniGT9iYiHdWgEvs8zUPi1Wnp
QjwzGHGTDRjscC9yyjvcYmLRs2TnZbuDUogimKQJuGWwO5GFr7ttWlhPk5Weq3vE
HG6lGe/RbwEV19x1d7HcxfJkCx3nW2HrkBYEM0BZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUq9vjMWfWYmf2PERYiSxG/hFWlwMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhMTk5NjRjLWIyMWEtNGQxMC1iMzdlLTZhYjIwOTc3ZTk2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAPnzANBgkqhkiG9w0BAQsFAAOCAQEAl4bEsAlXSwFF/qd5JDht8b3HqkIj
K/c9QgJOI/BK0YZqSP9whA2mJK9nP+O+bqd+g+bdHpSU+9CYMaGj/h30r9N6GFXT
WMBgsLr/1SXdnIql9btigMIwRraBhPobR1NWT1PzXExpS2AIWrEKCKGlS2CWeeam
CdPJTAA/QDSw7rdxwAuPLBeEa5HgN97PKq0JI837fFfdFmQEfZB43AsZE6QId2R4
aMbrS5ThvFQQ/hac6NUekO9Q/vnIAwtSWF+bVuOYahiQYPRvoLvtTy2ePcmHDXg3
rwg18Ywmu7/eMyRLYTGf1UqHL5iRX61miB4Xhl0imB81/UIMaQmhAhuxQg==
-----END CERTIFICATE-----