Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e535d71b-2137-46a9-a280-8877a2d7d47d.roa
File:                     e535d71b-2137-46a9-a280-8877a2d7d47d.roa (raw, json)
Hash identifier:          B6XBXCczb8cNJKCzAdrJjeayHrnd6ktgvpwIiQ+n4Jk=
Subject key identifier:   74:07:5A:9D:4F:28:2F:1F:19:3D:C8:B8:A6:2E:2E:66:D8:34:DE:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       69DF544C28AF81D91180968CAC0955C25C0EC6A6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e535d71b-2137-46a9-a280-8877a2d7d47d.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        151.148.40.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:df:54:4c:28:af:81:d9:11:80:96:8c:ac:09:55:c2:5c:0e:c6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6e:69:9f:bb:34:ab:4e:42:a2:91:be:56:d6:
                    e6:e0:a5:b3:b4:a3:31:b0:7a:e6:98:af:5e:39:13:
                    69:86:56:43:8e:ab:91:51:34:71:3c:2b:4c:e5:d1:
                    3a:57:ac:54:75:da:44:f7:21:54:2c:13:b7:86:2f:
                    17:15:89:2e:71:67:8e:53:30:54:7a:6b:5d:68:22:
                    4d:8e:32:d1:cc:9e:49:b5:9d:2f:5f:64:11:ef:20:
                    c7:eb:c2:8b:47:d1:d2:f9:60:cb:09:f6:1b:31:f0:
                    dc:98:77:0f:da:7b:ae:e5:f2:43:cd:d9:59:53:53:
                    58:e5:33:44:43:b2:92:42:63:37:d1:b3:38:c2:2c:
                    d4:c3:e3:6f:51:98:af:6c:4b:00:68:80:af:5b:b6:
                    6d:67:30:a7:e7:b5:0a:e7:7e:e3:76:15:73:68:c7:
                    c1:4c:e8:1d:27:38:e5:41:a2:b1:f5:f7:bd:6d:ac:
                    b2:cd:da:b1:b3:47:12:3e:f6:a8:65:7e:e6:91:7a:
                    5a:24:9d:ce:d3:29:b0:b2:2b:6e:80:8b:13:dd:23:
                    75:d1:de:f1:b6:8b:12:70:a9:47:78:e8:c7:4c:ef:
                    eb:75:af:ad:10:3c:0b:26:c7:90:84:de:f8:35:58:
                    6e:fe:a7:ad:e5:b9:c0:63:82:e4:d9:ca:5b:ea:82:
                    58:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:07:5A:9D:4F:28:2F:1F:19:3D:C8:B8:A6:2E:2E:66:D8:34:DE:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e535d71b-2137-46a9-a280-8877a2d7d47d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.148.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:71:b8:60:15:8e:db:de:0e:5d:ed:2f:c4:41:28:d7:bb:d9:
         f1:5d:85:30:fe:dd:3c:c4:cb:f6:99:84:36:ec:d0:f1:ea:4a:
         b3:e2:99:33:8e:ab:b2:98:10:b2:10:96:6a:fd:4a:2d:04:8c:
         99:7f:87:2a:6b:8c:cf:34:02:1e:2d:7d:71:8a:5b:82:35:a7:
         36:0d:4f:29:ed:c8:ce:19:0f:22:3a:75:58:2c:c8:dc:90:61:
         b3:51:45:5b:9e:ac:1b:7d:35:c5:e6:58:ec:08:26:ac:60:0c:
         a2:f2:37:e5:c0:6f:b6:38:ac:97:a8:24:41:83:a5:c2:72:4c:
         1f:12:be:79:d3:8a:3c:16:e5:a1:13:f2:ef:1d:96:3e:06:2a:
         71:73:09:f0:40:fc:0e:3a:54:af:0c:fc:5b:71:66:67:a9:4c:
         16:69:65:32:af:f3:a0:0f:f4:31:51:04:86:34:7f:eb:8c:12:
         8b:b4:62:f7:58:a1:9a:bf:34:0a:2e:48:92:5e:6e:75:2b:32:
         c2:fd:46:38:7c:1d:49:21:f5:64:ce:05:96:f4:56:6f:7a:81:
         7d:0d:09:b6:4c:44:ec:d2:2c:bc:b4:d6:d7:46:16:7b:1d:ff:
         cb:54:b6:f2:51:33:df:b3:d1:c7:a1:6f:2c:50:f3:b7:cd:da:
         8f:de:f7:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUad9UTCivgdkRgJaMrAlVwlwOxqYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMDA3NzU1ZjJjNGUxNTg4MmVhMWZmYTE5OGQyZjFlNjVj
NmQxODU5MDFhNTFkNjUwZWU5MjUyYzdhNjk3NWY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxbmmfuzSrTkKikb5W1ubgpbO0ozGweuaYr145E2mGVkOO
q5FRNHE8K0zl0TpXrFR12kT3IVQsE7eGLxcViS5xZ45TMFR6a11oIk2OMtHMnkm1
nS9fZBHvIMfrwotH0dL5YMsJ9hsx8NyYdw/ae67l8kPN2VlTU1jlM0RDspJCYzfR
szjCLNTD429RmK9sSwBogK9btm1nMKfntQrnfuN2FXNox8FM6B0nOOVBorH1971t
rLLN2rGzRxI+9qhlfuaReloknc7TKbCyK26AixPdI3XR3vG2ixJwqUd46MdM7+t1
r60QPAsmx5CE3vg1WG7+p63lucBjguTZylvqglhlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUdAdanU8oLx8ZPci4pi4uZtg03nswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1MzVkNzFiLTIxMzctNDZhOS1hMjgwLTg4NzdhMmQ3ZDQ3ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACXlCgwDQYJKoZIhvcNAQELBQADggEBABVxuGAVjtveDl3tL8RBKNe72fFd
hTD+3TzEy/aZhDbs0PHqSrPimTOOq7KYELIQlmr9Si0EjJl/hyprjM80Ah4tfXGK
W4I1pzYNTyntyM4ZDyI6dVgsyNyQYbNRRVuerBt9NcXmWOwIJqxgDKLyN+XAb7Y4
rJeoJEGDpcJyTB8SvnnTijwW5aET8u8dlj4GKnFzCfBA/A46VK8M/FtxZmepTBZp
ZTKv86AP9DFRBIY0f+uMEou0YvdYoZq/NAouSJJebnUrMsL9Rjh8HUkh9WTOBZb0
Vm96gX0NCbZMROzSLLy01tdGFnsd/8tUtvJRM9+z0cehbyxQ87fN2o/e93I=
-----END CERTIFICATE-----