Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afca9d1a-7be9-476f-a464-37dfcf569a5c.roa
File:                     afca9d1a-7be9-476f-a464-37dfcf569a5c.roa (raw, json)
Hash identifier:          13nwvIMRvyoFw3K8jCDba3iPZqM990Rcg/tlgvtphI8=
Subject key identifier:   51:8E:80:E4:EF:A2:12:9F:E7:DD:4D:B9:AF:F8:23:44:70:2C:98:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03DDCEE180EDCBAE2190935CCDB23A98A8CD90FA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afca9d1a-7be9-476f-a464-37dfcf569a5c.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        147.108.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:dd:ce:e1:80:ed:cb:ae:21:90:93:5c:cd:b2:3a:98:a8:cd:90:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=2e234f7117a6ec5e60cc188438768fcde0fac8f6659a01534a5e62ec3a673099, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:50:29:e8:eb:6c:2c:a3:66:fa:c2:86:b6:cf:
                    16:77:29:bd:60:b9:f0:38:ac:37:3d:74:d3:f1:e7:
                    ad:0b:64:9c:27:65:04:88:0b:ed:7e:13:2a:d6:d3:
                    7f:84:b5:20:48:02:61:b1:3a:f9:26:35:6b:cc:76:
                    11:a7:4e:6b:dd:ba:ac:91:13:d5:67:65:9c:05:f4:
                    29:83:be:39:5e:8c:0d:99:be:fe:8c:38:18:2e:af:
                    02:73:7e:50:56:88:46:64:f9:c2:ef:41:bf:27:c1:
                    9a:90:18:e8:09:da:cb:3c:ee:a7:16:32:37:a1:2d:
                    f7:bc:98:e0:7c:18:6c:10:80:5c:e1:60:22:b5:3c:
                    19:11:44:6d:0f:77:24:81:ca:31:6a:19:4e:77:4f:
                    a0:a8:fe:35:1c:62:e7:a9:ec:1e:86:19:97:ac:68:
                    87:fa:da:86:e1:f0:91:33:fa:7f:07:62:2a:c0:59:
                    90:e1:0a:cf:0a:4f:cb:78:2b:dd:e2:81:7f:f4:3f:
                    43:ec:71:29:32:4b:c0:d1:1d:12:14:79:73:47:04:
                    d5:8f:bb:a9:c3:46:21:b8:da:17:10:2d:d1:55:5a:
                    61:e3:e3:4c:64:93:5a:0d:6e:8d:6a:fa:a0:82:a9:
                    76:4b:b8:d7:8a:50:1a:39:6e:82:5c:e4:85:ff:f4:
                    52:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:8E:80:E4:EF:A2:12:9F:E7:DD:4D:B9:AF:F8:23:44:70:2C:98:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/afca9d1a-7be9-476f-a464-37dfcf569a5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.108.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         41:0f:d4:0e:7d:3b:15:c9:13:5f:ff:75:c5:67:08:9a:d0:35:
         fc:73:2a:51:75:d6:a2:0d:73:53:e5:c8:1f:b0:e9:11:cc:80:
         a3:8a:74:ff:73:02:9b:ce:01:3d:b1:97:27:fd:d8:51:e2:8d:
         17:9d:53:b9:7f:dd:b7:36:54:ff:c5:6a:1d:42:bd:8e:01:21:
         af:2b:f9:0e:05:83:eb:11:5c:5f:b6:a5:4f:a0:c1:77:50:fc:
         1e:ea:1f:5b:a1:ce:9e:07:39:3c:01:29:99:1e:0e:bb:fc:79:
         bb:90:a5:74:c1:a1:b9:d6:a6:d7:cd:32:ae:f8:e8:37:3b:b0:
         10:8b:d8:60:f3:38:9b:0f:ef:5b:ff:d5:35:b7:6d:ae:53:2c:
         d9:db:f4:86:83:46:2e:e8:95:9f:1a:58:01:a9:17:7d:23:35:
         5e:c8:89:87:52:90:71:37:1f:56:b8:98:ac:85:51:26:75:66:
         25:ee:ab:98:99:ce:5a:9b:7d:21:fe:06:1c:15:98:da:7f:eb:
         9b:64:c4:08:99:60:ab:78:5e:d1:c6:f6:d3:b7:eb:bb:3e:77:
         56:51:35:8e:74:b7:5e:f0:0d:e3:b2:09:3d:cc:3b:4c:91:65:
         18:c1:79:2d:9b:01:ce:20:4b:19:15:d7:7b:e8:0a:7c:17:cd:
         8b:79:ac:8e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUA93O4YDty64hkJNczbI6mKjNkPowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZTIzNGY3MTE3YTZlYzVlNjBjYzE4ODQzODc2OGZjZGUw
ZmFjOGY2NjU5YTAxNTM0YTVlNjJlYzNhNjczMDk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEUCno62wso2b6woa2zxZ3Kb1gufA4rDc9dNPx560LZJwn
ZQSIC+1+EyrW03+EtSBIAmGxOvkmNWvMdhGnTmvduqyRE9VnZZwF9CmDvjlejA2Z
vv6MOBgurwJzflBWiEZk+cLvQb8nwZqQGOgJ2ss87qcWMjehLfe8mOB8GGwQgFzh
YCK1PBkRRG0PdySByjFqGU53T6Co/jUcYuep7B6GGZesaIf62obh8JEz+n8HYirA
WZDhCs8KT8t4K93igX/0P0PscSkyS8DRHRIUeXNHBNWPu6nDRiG42hcQLdFVWmHj
40xkk1oNbo1q+qCCqXZLuNeKUBo5boJc5IX/9FIhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUUY6A5O+iEp/n3U25r/gjRHAsmI8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FmY2E5ZDFhLTdiZTktNDc2Zi1hNDY0LTM3ZGZjZjU2OWE1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCTbDANBgkqhkiG9w0BAQsFAAOCAQEAQQ/UDn07FckTX/91xWcImtA1/HMq
UXXWog1zU+XIH7DpEcyAo4p0/3MCm84BPbGXJ/3YUeKNF51TuX/dtzZU/8VqHUK9
jgEhryv5DgWD6xFcX7alT6DBd1D8HuofW6HOngc5PAEpmR4Ou/x5u5CldMGhudam
180yrvjoNzuwEIvYYPM4mw/vW//VNbdtrlMs2dv0hoNGLuiVnxpYAakXfSM1XsiJ
h1KQcTcfVriYrIVRJnVmJe6rmJnOWpt9If4GHBWY2n/rm2TECJlgq3he0cb207fr
uz53VlE1jnS3XvAN47IJPcw7TJFlGMF5LZsBziBLGRXXe+gKfBfNi3msjg==
-----END CERTIFICATE-----