Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/953c510f-0d0e-411a-83f5-e02e1d048f4a.roa
File:                     953c510f-0d0e-411a-83f5-e02e1d048f4a.roa (raw, json)
Hash identifier:          aCHJJs+YLuFu92IK8+RHXrLLp+pJkAl5lHSC0xPsVXc=
Subject key identifier:   C1:7E:CD:33:0F:EB:7F:A9:10:8C:01:14:C3:C0:8A:D5:35:A9:29:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15EAD5B14B98A43EED839F97EA419BA5414F5CDB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/953c510f-0d0e-411a-83f5-e02e1d048f4a.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        158.151.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ea:d5:b1:4b:98:a4:3e:ed:83:9f:97:ea:41:9b:a5:41:4f:5c:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:45:29:fe:0b:ae:62:4f:a9:06:80:30:06:d9:
                    f3:3d:eb:c3:be:f7:e3:72:0d:a8:69:86:48:db:e8:
                    23:c8:1a:98:a5:3d:d1:48:40:0c:07:a0:ca:12:96:
                    a3:f8:95:4c:fd:fb:d7:ad:33:e5:4d:5e:9d:5c:16:
                    ad:80:58:13:fe:3a:db:c6:0e:62:dc:f5:eb:af:71:
                    03:c8:e2:f4:0c:8f:93:a6:fd:8d:0a:72:bd:a0:9d:
                    af:87:02:f8:3c:a1:cd:0b:c3:b4:5e:25:a1:f7:d9:
                    b5:3c:a5:eb:4b:6e:59:22:03:f3:94:d7:6d:88:30:
                    e4:3d:63:1f:87:4d:68:6d:1c:83:27:b1:13:e9:1c:
                    bf:ab:c2:18:4d:1d:36:76:50:35:00:57:c6:05:93:
                    26:1f:46:10:82:cf:7f:85:06:c1:47:b9:e7:e3:d6:
                    0e:84:3c:c3:31:8c:10:06:c3:33:6b:95:09:f5:c2:
                    fd:84:ec:77:05:f5:d4:d6:fa:56:d6:63:9e:b2:c4:
                    d6:b8:01:19:92:5e:fb:e3:e3:76:65:e5:c5:08:ec:
                    ab:1c:44:94:6f:27:4b:6c:fa:61:85:9d:33:30:cb:
                    57:69:7f:25:0d:fd:78:8c:65:7a:9d:8a:9b:f6:a4:
                    25:3e:a7:b4:88:6a:75:36:4c:9a:66:3b:70:5e:48:
                    6e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:7E:CD:33:0F:EB:7F:A9:10:8C:01:14:C3:C0:8A:D5:35:A9:29:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/953c510f-0d0e-411a-83f5-e02e1d048f4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.151.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1a:e5:e1:1c:3b:4b:ae:6a:65:4a:f3:9f:7d:09:59:59:62:78:
         ce:0d:6f:82:86:f6:58:f7:c1:e2:df:c4:95:17:71:e2:39:cc:
         c4:91:cd:39:18:1a:b3:71:01:54:6f:4f:c6:b2:ff:72:23:dc:
         dc:23:3e:d6:92:57:52:de:e4:f9:63:07:86:5e:48:5a:68:8e:
         f4:db:16:6c:d9:4b:20:74:c7:24:a3:6b:0d:6c:9c:8d:c8:71:
         73:1a:0e:24:50:cb:a0:5b:09:d8:9a:a4:b5:55:58:b4:9f:d2:
         14:01:5f:93:a5:2e:69:71:b8:ea:ce:13:5a:c7:4b:d1:ff:65:
         f9:9f:be:15:b6:58:09:21:e5:97:51:e1:2f:c2:5d:66:37:9a:
         5f:47:91:2b:60:23:e3:e3:89:4a:0e:08:1a:b5:53:eb:d0:78:
         14:e2:94:2a:d0:31:59:a4:74:89:96:19:aa:a7:34:25:8d:77:
         3c:d4:9e:3c:74:f5:17:cc:ce:09:d1:69:58:2c:50:b8:ab:ab:
         5c:81:b4:8e:09:d2:56:75:33:bf:3c:8d:5b:13:86:c1:f2:65:
         36:db:61:34:23:44:d8:38:bf:6a:75:88:33:2f:3b:4c:72:52:
         66:3b:65:89:fd:f4:f7:e6:ab:c2:0e:a0:e0:f1:6e:60:a4:7c:
         45:35:74:1d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFerVsUuYpD7tg5+X6kGbpUFPXNswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYWU2MjY4MzhmNTE1Yzc2NTc0OTVmNzRiZjFiMTM5OTZl
ZmJmZTFlMWI5ZjI1NGRjOTFmMzQwZTQ5YmJlYjQyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpRSn+C65iT6kGgDAG2fM968O+9+NyDahphkjb6CPIGpil
PdFIQAwHoMoSlqP4lUz9+9etM+VNXp1cFq2AWBP+OtvGDmLc9euvcQPI4vQMj5Om
/Y0Kcr2gna+HAvg8oc0Lw7ReJaH32bU8petLblkiA/OU122IMOQ9Yx+HTWhtHIMn
sRPpHL+rwhhNHTZ2UDUAV8YFkyYfRhCCz3+FBsFHuefj1g6EPMMxjBAGwzNrlQn1
wv2E7HcF9dTW+lbWY56yxNa4ARmSXvvj43Zl5cUI7KscRJRvJ0ts+mGFnTMwy1dp
fyUN/XiMZXqdipv2pCU+p7SIanU2TJpmO3BeSG6FAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwX7NMw/rf6kQjAEUw8CK1TWpKVswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1M2M1MTBmLTBkMGUtNDExYS04M2Y1LWUwMmUxZDA0OGY0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCelzANBgkqhkiG9w0BAQsFAAOCAQEAGuXhHDtLrmplSvOffQlZWWJ4zg1v
gob2WPfB4t/ElRdx4jnMxJHNORgas3EBVG9PxrL/ciPc3CM+1pJXUt7k+WMHhl5I
WmiO9NsWbNlLIHTHJKNrDWycjchxcxoOJFDLoFsJ2JqktVVYtJ/SFAFfk6UuaXG4
6s4TWsdL0f9l+Z++FbZYCSHll1HhL8JdZjeaX0eRK2Aj4+OJSg4IGrVT69B4FOKU
KtAxWaR0iZYZqqc0JY13PNSePHT1F8zOCdFpWCxQuKurXIG0jgnSVnUzvzyNWxOG
wfJlNtthNCNE2Di/anWIMy87THJSZjtlif309+arwg6g4PFuYKR8RTV0HQ==
-----END CERTIFICATE-----