Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e8f36b3-3823-47ff-a9aa-e97ad93c36f1.roa
File:                     6e8f36b3-3823-47ff-a9aa-e97ad93c36f1.roa (raw, json)
Hash identifier:          YXEHXoIMHZ+Ih9Vul75JIEeRQVHPtOWN46AUFvpY07A=
Subject key identifier:   BC:E0:E5:92:C9:58:88:34:0C:1F:B5:C7:3B:59:02:62:C0:0B:27:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1B70C29A806BFB8238C06A358D2DE4E4DE8CD3F0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e8f36b3-3823-47ff-a9aa-e97ad93c36f1.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        158.151.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:70:c2:9a:80:6b:fb:82:38:c0:6a:35:8d:2d:e4:e4:de:8c:d3:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=94ef423ea2979af6e2f3601b7959b86ffdc2b5250a62dc8aec76078f096acc33, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4c:d7:b6:84:a3:76:6a:2e:57:57:05:cd:cc:
                    f5:52:90:6c:ea:dd:a9:24:5d:22:7a:49:d6:07:00:
                    84:2d:ee:4e:56:a9:38:6c:cc:df:2c:e0:1c:e3:b8:
                    25:05:d7:fb:32:d5:7f:c1:54:68:71:c9:fa:f0:4a:
                    e4:d8:01:25:2f:35:de:9f:2f:da:57:7d:90:7c:17:
                    67:e6:cc:f1:f5:e0:a2:e2:d1:79:37:52:ab:27:16:
                    8d:e3:f9:19:31:dc:b0:22:a4:0d:4f:f3:a4:71:57:
                    7b:57:e0:40:e9:ec:2c:49:79:2c:37:cf:39:12:04:
                    00:ba:3c:d2:44:02:43:66:61:73:de:1a:33:19:1a:
                    03:8d:f0:81:ec:4e:c7:3e:ea:f4:1d:88:d6:7a:0a:
                    45:5b:41:0b:5f:ef:af:7a:a4:60:d4:5b:71:0d:ba:
                    a2:76:2e:af:2c:59:80:a0:85:19:3f:7e:6d:43:9b:
                    8f:27:64:32:5f:93:c1:b6:ee:81:3f:0b:56:a7:71:
                    9e:5a:00:0a:7f:2f:07:26:cc:cc:b7:cd:27:28:c8:
                    c1:83:b6:34:35:6a:2d:c6:05:e6:d1:4b:36:90:56:
                    8a:be:18:e4:72:c5:13:75:74:6b:e0:40:64:29:cb:
                    f4:8d:06:22:06:49:93:c0:83:4b:ca:7e:44:2f:a3:
                    b2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:E0:E5:92:C9:58:88:34:0C:1F:B5:C7:3B:59:02:62:C0:0B:27:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e8f36b3-3823-47ff-a9aa-e97ad93c36f1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3b:63:e3:4f:86:82:83:3b:2e:38:e5:c7:a4:56:f3:94:7c:1f:
         76:7b:58:95:e4:bf:3d:88:5e:62:12:08:29:74:8c:d3:7a:54:
         02:ee:cd:b1:ed:c8:a5:19:71:84:48:61:d7:05:c1:b9:98:99:
         b2:5e:35:d6:63:d9:b9:41:53:58:36:4c:a9:fc:0f:24:d9:4d:
         b8:6c:3e:5c:16:b7:c6:5e:c0:26:f3:f5:77:d7:b1:4a:47:02:
         6b:bc:4c:15:ae:96:58:d8:bc:41:27:27:76:ca:32:6e:9d:9e:
         41:8c:c1:0d:8c:fa:24:b9:fa:a2:9f:2b:5a:87:60:5c:e6:68:
         7c:bf:b6:03:9e:0a:fa:3f:8a:f6:bd:e6:1d:f9:cd:9f:d3:b5:
         02:8b:41:b7:d3:67:d3:6a:77:cf:a7:10:80:31:ea:dc:f2:06:
         8b:33:3b:89:74:b2:70:bc:62:b8:26:47:44:14:73:6e:44:56:
         3a:35:21:a6:ae:a7:75:22:a7:fd:a7:f8:98:1c:15:02:77:21:
         2d:ca:24:2f:a6:18:06:2b:65:79:c5:f9:47:48:ab:a1:5c:91:
         13:c4:88:39:e6:84:51:98:bf:82:68:84:0e:68:32:bb:33:4c:
         7a:fa:ba:8c:d2:32:e4:f8:31:2f:4a:c0:12:87:2d:95:b9:76:
         44:54:0d:f5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUG3DCmoBr+4I4wGo1jS3k5N6M0/AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NGVmNDIzZWEyOTc5YWY2ZTJmMzYwMWI3OTU5Yjg2ZmZk
YzJiNTI1MGE2MmRjOGFlYzc2MDc4ZjA5NmFjYzMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsTNe2hKN2ai5XVwXNzPVSkGzq3akkXSJ6SdYHAIQt7k5W
qThszN8s4BzjuCUF1/sy1X/BVGhxyfrwSuTYASUvNd6fL9pXfZB8F2fmzPH14KLi
0Xk3UqsnFo3j+Rkx3LAipA1P86RxV3tX4EDp7CxJeSw3zzkSBAC6PNJEAkNmYXPe
GjMZGgON8IHsTsc+6vQdiNZ6CkVbQQtf7696pGDUW3ENuqJ2Lq8sWYCghRk/fm1D
m48nZDJfk8G27oE/C1ancZ5aAAp/LwcmzMy3zScoyMGDtjQ1ai3GBebRSzaQVoq+
GORyxRN1dGvgQGQpy/SNBiIGSZPAg0vKfkQvo7KHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvODlkslYiDQMH7XHO1kCYsALJ1kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlOGYzNmIzLTM4MjMtNDdmZi1hOWFhLWU5N2FkOTNjMzZmMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCelzANBgkqhkiG9w0BAQsFAAOCAQEAO2PjT4aCgzsuOOXHpFbzlHwfdntY
leS/PYheYhIIKXSM03pUAu7Nse3IpRlxhEhh1wXBuZiZsl411mPZuUFTWDZMqfwP
JNlNuGw+XBa3xl7AJvP1d9exSkcCa7xMFa6WWNi8QScndsoybp2eQYzBDYz6JLn6
op8rWodgXOZofL+2A54K+j+K9r3mHfnNn9O1AotBt9Nn02p3z6cQgDHq3PIGizM7
iXSycLxiuCZHRBRzbkRWOjUhpq6ndSKn/af4mBwVAnchLcokL6YYBitlecX5R0ir
oVyRE8SIOeaEUZi/gmiEDmgyuzNMevq6jNIy5PgxL0rAEoctlbl2RFQN9Q==
-----END CERTIFICATE-----