Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a740bdf5-4421-4ea8-bb60-33d4cd558809.roa
File:                     a740bdf5-4421-4ea8-bb60-33d4cd558809.roa (raw, json)
Hash identifier:          gwVsglplBRJb17GfWLyjQgQWTHkojres4eHBZj1UtG0=
Subject key identifier:   B3:46:98:96:31:2F:F7:24:7F:D3:C3:CE:2A:71:BA:2D:3B:03:39:56
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48D5BADAE09C191299C125D97C846C3C74E88B92
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a740bdf5-4421-4ea8-bb60-33d4cd558809.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        150.247.32.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:d5:ba:da:e0:9c:19:12:99:c1:25:d9:7c:84:6c:3c:74:e8:8b:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=5cad644a672fe19792693692ae6072c4da56f463a5c454fbcdb879fe04352f89, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bb:ba:6f:1c:18:67:37:52:0a:59:46:18:ba:
                    46:fb:43:59:2c:b7:ca:e2:9a:a2:83:66:a2:19:62:
                    ed:fc:9a:ce:df:bf:19:99:bc:0b:97:3a:61:25:5c:
                    c1:22:18:0d:27:fc:42:a6:2f:0c:ec:70:56:d6:23:
                    b5:37:0f:38:af:be:65:d2:67:62:ca:ba:0d:81:f3:
                    46:0e:f3:9d:12:c8:eb:f6:79:4e:a1:cf:e7:e2:67:
                    c4:2e:0e:d3:52:c5:10:46:32:74:7b:0a:61:02:78:
                    c4:b2:14:0e:5b:87:fd:eb:1c:93:5c:f4:98:50:50:
                    7c:0f:1f:da:80:bc:c1:c0:c8:a7:c9:5f:5f:6e:de:
                    f6:36:27:2a:25:bc:cd:36:f4:3b:13:b9:f7:fc:92:
                    42:ee:9c:12:9c:75:1e:42:76:ea:d6:88:f4:f2:1d:
                    51:80:37:81:ad:55:9a:95:aa:b1:22:2b:f6:ee:02:
                    dc:de:4a:9d:94:cc:88:df:12:ed:4f:b5:f7:47:06:
                    97:ff:57:9c:56:b2:e3:8c:b3:1c:56:6e:bf:c3:b8:
                    ec:85:0f:41:35:60:42:06:53:57:20:9e:24:a6:db:
                    9a:9c:1d:80:bc:54:88:94:24:35:e4:ec:13:23:8e:
                    84:6e:3c:5f:97:f8:d7:70:11:f8:04:f4:1d:82:99:
                    5b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:46:98:96:31:2F:F7:24:7F:D3:C3:CE:2A:71:BA:2D:3B:03:39:56
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a740bdf5-4421-4ea8-bb60-33d4cd558809.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.247.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         63:08:ef:dc:af:03:d3:b8:2a:94:f9:2b:f8:0c:a9:a5:9e:5c:
         0c:05:74:6c:55:2e:29:80:67:e3:a2:12:a9:f0:3c:eb:57:3e:
         7c:61:da:87:38:db:05:63:6f:54:66:44:26:70:e0:d0:97:a4:
         18:b9:5d:9c:b1:bd:5d:e4:02:04:b1:96:50:fb:85:1f:46:52:
         90:f5:2a:f9:15:e7:70:66:b9:8a:86:e1:02:8f:0d:b2:95:62:
         80:8f:d1:7a:39:da:5c:ca:e1:c1:02:b7:8d:0f:18:15:b8:fb:
         51:17:d6:ae:cb:04:35:61:e8:b5:3a:b8:59:c5:55:61:84:dd:
         17:43:de:67:6a:11:3c:35:34:f4:9a:98:a2:83:67:1f:ab:b7:
         69:2c:1a:b0:65:c1:b7:94:39:9e:2e:95:5c:7e:12:ea:f1:30:
         f2:a5:fc:f8:56:d0:45:70:ff:73:ea:e9:24:6f:6f:c6:6d:ad:
         03:ff:50:a8:8b:fb:62:e1:23:68:a4:97:d6:0d:eb:4d:b7:52:
         cf:b3:5f:ed:cd:52:97:f8:ec:c0:c4:d4:91:aa:8d:bb:4f:02:
         ef:ab:c1:19:d9:7b:e0:7a:a1:b2:7c:5d:eb:de:68:33:06:f8:
         d8:5e:d5:a8:35:78:a0:47:cf:f6:01:18:21:86:b7:84:cc:e5:
         56:85:b9:00
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSNW62uCcGRKZwSXZfIRsPHToi5IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2FkNjQ0YTY3MmZlMTk3OTI2OTM2OTJhZTYwNzJjNGRh
NTZmNDYzYTVjNDU0ZmJjZGI4NzlmZTA0MzUyZjg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0u7pvHBhnN1IKWUYYukb7Q1kst8rimqKDZqIZYu38ms7f
vxmZvAuXOmElXMEiGA0n/EKmLwzscFbWI7U3DzivvmXSZ2LKug2B80YO850SyOv2
eU6hz+fiZ8QuDtNSxRBGMnR7CmECeMSyFA5bh/3rHJNc9JhQUHwPH9qAvMHAyKfJ
X19u3vY2JyolvM029DsTuff8kkLunBKcdR5CdurWiPTyHVGAN4GtVZqVqrEiK/bu
AtzeSp2UzIjfEu1PtfdHBpf/V5xWsuOMsxxWbr/DuOyFD0E1YEIGU1cgniSm25qc
HYC8VIiUJDXk7BMjjoRuPF+X+NdwEfgE9B2CmVvHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUs0aYljEv9yR/08POKnG6LTsDOVYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3NDBiZGY1LTQ0MjEtNGVhOC1iYjYwLTMzZDRjZDU1ODgwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBASW9yAwDQYJKoZIhvcNAQELBQADggEBAGMI79yvA9O4KpT5K/gMqaWeXAwF
dGxVLimAZ+OiEqnwPOtXPnxh2oc42wVjb1RmRCZw4NCXpBi5XZyxvV3kAgSxllD7
hR9GUpD1KvkV53BmuYqG4QKPDbKVYoCP0Xo52lzK4cECt40PGBW4+1EX1q7LBDVh
6LU6uFnFVWGE3RdD3mdqETw1NPSamKKDZx+rt2ksGrBlwbeUOZ4ulVx+EurxMPKl
/PhW0EVw/3Pq6SRvb8ZtrQP/UKiL+2LhI2ikl9YN6023Us+zX+3NUpf47MDE1JGq
jbtPAu+rwRnZe+B6obJ8XeveaDMG+Nhe1ag1eKBHz/YBGCGGt4TM5VaFuQA=
-----END CERTIFICATE-----