Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c254d5da-a5dc-406d-bc41-b6d5b53f8199.roa
File:                     c254d5da-a5dc-406d-bc41-b6d5b53f8199.roa (raw, json)
Hash identifier:          yJPCyztl4ODKfNalO1RN6sNMuej3N5R7nIjJ22o92mo=
Subject key identifier:   23:B5:0C:92:70:49:DB:83:05:A5:B0:87:DB:EB:D1:86:E3:B5:AD:C0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       501F52C5A7772F74E6713856F68256A23B0081CB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c254d5da-a5dc-406d-bc41-b6d5b53f8199.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        147.115.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:1f:52:c5:a7:77:2f:74:e6:71:38:56:f6:82:56:a2:3b:00:81:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=571f8873285d31204f69fbba20ab20558c15d2f4435bc107af7028cd7fcd142c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:75:cd:6d:e2:ea:4d:a8:17:6d:bb:c6:50:91:
                    e5:00:5d:0d:5f:81:06:62:80:ca:6d:5a:54:2d:76:
                    5c:4d:c4:4c:46:07:dc:79:5f:87:ea:99:64:f7:11:
                    14:dd:99:e1:cf:f8:d3:2c:c4:39:1d:b9:d3:ed:48:
                    b5:93:ef:c6:f6:ec:0d:67:44:86:85:85:05:00:39:
                    85:3f:4d:33:b2:75:32:4c:48:b0:a7:f0:91:a7:7d:
                    30:36:d7:1a:a1:20:0b:99:63:46:ae:64:ce:84:f5:
                    f7:95:07:2a:e8:a9:4d:fd:eb:4f:24:a8:24:53:b7:
                    0c:e4:1e:3e:60:f2:0e:3c:66:c3:4f:4f:9e:f2:22:
                    51:61:1e:65:43:62:4f:54:55:52:99:94:e2:57:cc:
                    c3:77:35:df:71:29:96:aa:e8:fc:50:6c:e1:ec:49:
                    23:80:e8:3d:0b:12:db:25:44:90:b7:f5:c7:c9:6a:
                    75:86:cd:ae:69:11:28:8c:60:6d:2a:12:ce:ca:45:
                    cb:45:19:e3:00:1c:cb:c4:ee:80:20:34:ee:6d:1f:
                    4e:2d:d8:04:9a:15:43:58:78:2e:53:c1:1b:3e:27:
                    81:19:d4:14:2a:13:b7:78:ca:42:12:7d:34:8a:bf:
                    28:62:b4:53:18:c9:d4:05:d4:49:93:e4:24:9f:c3:
                    8c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B5:0C:92:70:49:DB:83:05:A5:B0:87:DB:EB:D1:86:E3:B5:AD:C0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c254d5da-a5dc-406d-bc41-b6d5b53f8199.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.115.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3a:df:40:7c:ae:45:20:b5:89:c9:37:12:5a:22:cf:0e:ae:9d:
         f6:52:18:81:b4:00:5d:81:22:a9:e1:dc:66:78:8c:29:1f:d6:
         ba:f9:67:42:1a:ae:68:63:d2:89:58:2d:f1:5b:ba:9f:cf:f6:
         a5:4e:16:df:25:a8:38:92:bb:d0:67:69:e4:8d:10:dd:99:e2:
         df:dc:1f:c4:2d:19:09:30:2c:61:32:4d:fc:29:b9:91:78:87:
         3e:71:05:af:c9:c9:a5:df:b8:7f:d2:6e:67:81:b6:a6:f0:0d:
         9b:16:63:a0:8e:21:db:c3:09:5a:98:e4:12:d3:57:55:c1:08:
         1f:8a:e7:61:a0:88:31:e6:5f:31:52:5e:f6:ce:b8:ee:2d:a0:
         0a:cc:bb:cf:00:c2:7c:fe:13:21:6c:cb:47:4a:9f:68:dc:09:
         e0:79:82:8f:0a:52:42:a5:ec:5d:d8:2a:3f:d4:c6:4b:a9:67:
         02:1c:18:6c:d7:9d:12:2e:f7:9e:85:7d:0b:40:f8:78:e6:5f:
         b9:c8:42:e3:b4:c1:7f:39:fd:eb:82:dd:4b:61:59:a9:5d:5c:
         5c:a3:e0:55:19:97:5f:e2:7a:fd:85:d7:9e:2e:15:5e:31:fd:
         dd:4c:9a:ee:57:b7:53:88:59:0e:29:f7:08:55:a2:cb:99:5e:
         f0:10:07:ac
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUB9Sxad3L3TmcThW9oJWojsAgcswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzFmODg3MzI4NWQzMTIwNGY2OWZiYmEyMGFiMjA1NThj
MTVkMmY0NDM1YmMxMDdhZjcwMjhjZDdmY2QxNDJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChdc1t4upNqBdtu8ZQkeUAXQ1fgQZigMptWlQtdlxNxExG
B9x5X4fqmWT3ERTdmeHP+NMsxDkdudPtSLWT78b27A1nRIaFhQUAOYU/TTOydTJM
SLCn8JGnfTA21xqhIAuZY0auZM6E9feVByroqU39608kqCRTtwzkHj5g8g48ZsNP
T57yIlFhHmVDYk9UVVKZlOJXzMN3Nd9xKZaq6PxQbOHsSSOA6D0LEtslRJC39cfJ
anWGza5pESiMYG0qEs7KRctFGeMAHMvE7oAgNO5tH04t2ASaFUNYeC5TwRs+J4EZ
1BQqE7d4ykISfTSKvyhitFMYydQF1EmT5CSfw4wlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUI7UMknBJ24MFpbCH2+vRhuO1rcAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyNTRkNWRhLWE1ZGMtNDA2ZC1iYzQxLWI2ZDViNTNmODE5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCTczANBgkqhkiG9w0BAQsFAAOCAQEAOt9AfK5FILWJyTcSWiLPDq6d9lIY
gbQAXYEiqeHcZniMKR/WuvlnQhquaGPSiVgt8Vu6n8/2pU4W3yWoOJK70Gdp5I0Q
3Zni39wfxC0ZCTAsYTJN/Cm5kXiHPnEFr8nJpd+4f9JuZ4G2pvANmxZjoI4h28MJ
WpjkEtNXVcEIH4rnYaCIMeZfMVJe9s647i2gCsy7zwDCfP4TIWzLR0qfaNwJ4HmC
jwpSQqXsXdgqP9TGS6lnAhwYbNedEi73noV9C0D4eOZfuchC47TBfzn964LdS2FZ
qV1cXKPgVRmXX+J6/YXXni4VXjH93Uya7le3U4hZDin3CFWiy5le8BAHrA==
-----END CERTIFICATE-----