Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9914b60c-a97e-4351-bdd0-7076377ad2c9.roa
File:                     9914b60c-a97e-4351-bdd0-7076377ad2c9.roa (raw, json)
Hash identifier:          OuplVxhgSdkN5yvcM0JCk++gr2TYvx73A1df1f8p2kY=
Subject key identifier:   0B:CB:E0:5A:DB:08:FA:BA:F3:6F:D4:93:1E:1B:33:E8:55:6A:F0:5E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15CA383F173A53053519954DC35FF984BFEA354C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9914b60c-a97e-4351-bdd0-7076377ad2c9.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.148.17.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:ca:38:3f:17:3a:53:05:35:19:95:4d:c3:5f:f9:84:bf:ea:35:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:74:96:90:eb:38:f6:ea:22:1e:89:66:d8:2a:
                    83:d2:0a:f1:0b:2b:d9:4e:59:66:4b:1d:4d:0a:9d:
                    85:8a:9d:1c:11:2b:cb:4a:42:20:a0:65:ca:a9:56:
                    cc:d2:cd:ab:96:a5:5f:65:81:08:20:a2:6c:64:4c:
                    48:85:38:68:3c:fe:a0:4b:fa:d6:b3:02:3e:ae:11:
                    7e:39:6f:ea:70:fe:ef:1b:35:5a:58:ba:6f:0d:b5:
                    ab:4b:7d:24:46:ca:4d:0c:c1:04:61:16:53:28:bb:
                    21:42:ea:e3:12:e8:c4:f4:b2:57:cf:30:bd:1c:f4:
                    e2:11:1b:04:bc:92:a4:31:58:04:a4:bd:27:c3:e4:
                    d6:62:50:a1:2a:16:96:32:7b:bc:c0:ec:bb:0f:92:
                    3c:4a:01:3a:40:ad:8d:f0:39:df:ed:2f:4c:16:e7:
                    23:ec:50:02:3c:4a:b5:10:06:d6:cf:40:d1:6e:75:
                    d0:53:4b:5c:c8:a3:37:36:57:ec:b9:01:76:51:f3:
                    7d:81:db:ca:55:10:16:0b:4c:8d:0d:c5:09:24:54:
                    ab:f2:ae:68:ba:47:c7:45:f1:1c:49:8c:6a:2e:6a:
                    33:b6:90:ba:e6:53:3c:01:42:be:c1:47:43:02:92:
                    8f:db:fa:af:d1:46:23:88:8a:5a:4c:3d:1a:21:6c:
                    a7:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:CB:E0:5A:DB:08:FA:BA:F3:6F:D4:93:1E:1B:33:E8:55:6A:F0:5E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9914b60c-a97e-4351-bdd0-7076377ad2c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:48:f0:38:49:5a:74:1b:22:f0:57:c8:1b:7b:e6:20:4b:2c:
         a4:2a:2b:d4:a0:9d:77:c2:2f:17:fd:c9:a5:ea:51:ed:73:b0:
         a0:7a:e3:18:f7:8e:b1:6c:2e:53:3d:7a:e7:a8:d6:30:6a:91:
         43:2f:b6:24:62:ba:a7:d7:22:29:13:bb:01:8a:50:07:88:6a:
         9c:ff:99:cf:2a:90:0e:69:9c:6f:30:11:3b:eb:63:3d:7a:4e:
         ee:a1:8a:43:a9:0e:2c:f6:d8:bc:af:37:c1:9b:58:60:6e:b4:
         aa:91:93:03:85:b2:3d:78:e4:ee:6e:9e:a1:8c:56:90:cf:3c:
         de:54:d1:96:f1:1c:01:0a:d9:d9:fd:93:f2:95:29:ad:27:67:
         5e:72:5c:c7:c9:b9:36:2e:b3:f3:dd:eb:c3:78:8c:26:ff:dd:
         9e:23:bd:fc:c8:d1:e2:c2:06:ed:19:a2:9e:e8:06:bf:11:95:
         95:56:4d:38:c2:c4:fd:ae:ae:fe:72:74:b0:85:0b:8d:4a:e3:
         d7:a7:89:d3:88:8a:5b:3b:7f:83:1f:85:02:fc:4b:11:c4:92:
         97:0c:d5:1b:d5:09:51:51:4f:4c:be:65:13:a6:69:d7:60:55:
         e3:f4:d1:57:8e:85:55:38:f1:84:20:ec:e1:12:4d:df:26:7f:
         eb:6b:3e:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFco4Pxc6UwU1GZVNw1/5hL/qNUwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDA1YzY4NjE0YzE0MDVmZmY4N2NmMTJhNDY1YjVjNzZi
ZmQ4ZjI5N2JhZTE5YTA1ZjUwZTRmYWJhODVkN2VmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqdJaQ6zj26iIeiWbYKoPSCvELK9lOWWZLHU0KnYWKnRwR
K8tKQiCgZcqpVszSzauWpV9lgQggomxkTEiFOGg8/qBL+tazAj6uEX45b+pw/u8b
NVpYum8NtatLfSRGyk0MwQRhFlMouyFC6uMS6MT0slfPML0c9OIRGwS8kqQxWASk
vSfD5NZiUKEqFpYye7zA7LsPkjxKATpArY3wOd/tL0wW5yPsUAI8SrUQBtbPQNFu
ddBTS1zIozc2V+y5AXZR832B28pVEBYLTI0NxQkkVKvyrmi6R8dF8RxJjGouajO2
kLrmUzwBQr7BR0MCko/b+q/RRiOIilpMPRohbKfbAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUC8vgWtsI+rrzb9STHhsz6FVq8F4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5MTRiNjBjLWE5N2UtNDM1MS1iZGQwLTcwNzYzNzdhZDJjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACXlBEwDQYJKoZIhvcNAQELBQADggEBAIZI8DhJWnQbIvBXyBt75iBLLKQq
K9SgnXfCLxf9yaXqUe1zsKB64xj3jrFsLlM9eueo1jBqkUMvtiRiuqfXIikTuwGK
UAeIapz/mc8qkA5pnG8wETvrYz16Tu6hikOpDiz22LyvN8GbWGButKqRkwOFsj14
5O5unqGMVpDPPN5U0ZbxHAEK2dn9k/KVKa0nZ15yXMfJuTYus/Pd68N4jCb/3Z4j
vfzI0eLCBu0Zop7oBr8RlZVWTTjCxP2urv5ydLCFC41K49enidOIils7f4MfhQL8
SxHEkpcM1RvVCVFRT0y+ZROmaddgVeP00VeOhVU48YQg7OESTd8mf+trPm0=
-----END CERTIFICATE-----