Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e809e1db-a0dd-4bd4-97d6-2a977c128a00.roa
File:                     e809e1db-a0dd-4bd4-97d6-2a977c128a00.roa (raw, json)
Hash identifier:          03FWISrugJ8EXinjA1vxUilXkszw+gD8cEzsS2d/if0=
Subject key identifier:   8F:F5:F7:3A:EE:9F:BF:AB:64:04:02:4E:D7:A6:85:10:5A:A3:DA:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F3951B7A3D7A3F2E8D7771A127883A9C2A17C9E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e809e1db-a0dd-4bd4-97d6-2a977c128a00.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        153.47.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:39:51:b7:a3:d7:a3:f2:e8:d7:77:1a:12:78:83:a9:c2:a1:7c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b6:5c:f8:a7:fe:c2:60:89:b1:83:00:7e:fd:
                    03:8f:86:cd:41:38:d0:78:e0:1f:eb:06:a8:34:8a:
                    14:1e:bb:20:da:86:d3:6c:a2:09:58:78:e7:b7:b5:
                    0c:cd:1a:8b:9c:b5:91:d5:e4:82:80:ca:1a:1b:38:
                    74:f5:01:82:ac:d4:bb:c0:96:e2:c4:50:b9:be:dd:
                    0a:f7:d7:e1:53:37:02:02:4d:b6:e7:6a:0f:5b:16:
                    99:f9:a5:9c:fa:11:17:6a:b3:04:ad:b4:bb:8a:ab:
                    36:57:25:a8:82:bb:61:99:bb:d7:6e:b1:7e:bd:d5:
                    9f:9a:82:66:fb:1c:12:8d:35:0b:05:eb:44:29:c8:
                    0b:82:32:00:d9:30:b4:84:70:f2:06:a1:24:6f:d9:
                    17:98:28:20:dc:48:28:24:07:09:92:9f:86:1f:7b:
                    2a:3e:aa:a6:18:a8:b6:98:14:92:fe:bd:11:98:42:
                    ad:2c:45:08:59:c1:0f:8d:25:aa:57:e6:e3:33:d4:
                    1a:9a:49:c2:fc:26:77:80:ce:ab:6f:81:d8:01:00:
                    da:44:09:0c:a9:82:2f:eb:dd:a3:81:5c:b9:55:72:
                    14:4b:44:5e:31:76:de:eb:a3:8b:31:fe:2f:46:49:
                    58:03:c2:43:d7:dd:97:54:c9:e2:f7:e8:c7:b6:31:
                    f4:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:F5:F7:3A:EE:9F:BF:AB:64:04:02:4E:D7:A6:85:10:5A:A3:DA:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e809e1db-a0dd-4bd4-97d6-2a977c128a00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  153.47.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a9:0e:56:ef:ac:a4:70:f5:03:8d:de:9d:e6:6f:d6:06:89:5d:
         76:3e:a7:cd:6a:df:25:cd:fc:2f:bc:0f:e0:3a:66:94:ff:f3:
         6b:30:17:17:f3:00:e9:95:f7:7e:53:0e:6c:43:30:bf:df:cd:
         4e:e3:d4:c3:8f:20:58:ec:e2:88:2b:1d:64:6d:12:d7:4b:86:
         c6:11:a8:dc:a3:d5:2a:d7:3f:85:fc:80:6a:c7:77:c5:02:c4:
         9a:88:71:a0:cc:42:cb:c4:d1:47:9b:a6:5a:bc:33:36:0b:58:
         3c:8d:85:53:e3:81:b5:6b:df:73:eb:ca:b9:6a:8c:fd:9c:b2:
         80:9d:e8:cf:4c:5d:46:21:bb:34:e6:17:3d:d2:49:f6:31:86:
         2b:ea:b7:1a:9c:97:58:de:ce:26:27:4b:51:6e:47:45:bd:bc:
         36:61:ec:a3:1b:0f:2b:15:df:80:19:e2:f9:77:d1:2a:bd:4c:
         96:d7:70:b2:f7:73:df:d0:00:b4:b1:c4:53:4f:84:d6:2d:3b:
         8a:c4:d6:91:3e:8a:fc:70:97:4c:58:4e:43:37:0b:53:43:2a:
         1f:6f:22:14:70:b1:86:5b:f4:84:55:88:34:67:6e:d0:5e:9d:
         33:2c:13:1a:d8:9f:87:99:ce:fc:55:12:b3:0d:ad:6c:ae:06:
         aa:99:cb:0e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDzlRt6PXo/Lo13caEniDqcKhfJ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNGVlNzA4ZDBiZTI5MTI4MzIyN2JiNjIxZjUxYTlkYzMz
ODdkMGVmYWVjMWEyMzk1YjQ5NDA0YmYxYzVlMjg0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6tlz4p/7CYImxgwB+/QOPhs1BONB44B/rBqg0ihQeuyDa
htNsoglYeOe3tQzNGouctZHV5IKAyhobOHT1AYKs1LvAluLEULm+3Qr31+FTNwIC
Tbbnag9bFpn5pZz6ERdqswSttLuKqzZXJaiCu2GZu9dusX691Z+agmb7HBKNNQsF
60QpyAuCMgDZMLSEcPIGoSRv2ReYKCDcSCgkBwmSn4Yfeyo+qqYYqLaYFJL+vRGY
Qq0sRQhZwQ+NJapX5uMz1BqaScL8JneAzqtvgdgBANpECQypgi/r3aOBXLlVchRL
RF4xdt7ro4sx/i9GSVgDwkPX3ZdUyeL36Me2MfQTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUj/X3Ou6fv6tkBAJO16aFEFqj2sUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MDllMWRiLWEwZGQtNGJkNC05N2Q2LTJhOTc3YzEyOGEwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCZLzANBgkqhkiG9w0BAQsFAAOCAQEAqQ5W76ykcPUDjd6d5m/WBolddj6n
zWrfJc38L7wP4DpmlP/zazAXF/MA6ZX3flMObEMwv9/NTuPUw48gWOziiCsdZG0S
10uGxhGo3KPVKtc/hfyAasd3xQLEmohxoMxCy8TRR5umWrwzNgtYPI2FU+OBtWvf
c+vKuWqM/ZyygJ3oz0xdRiG7NOYXPdJJ9jGGK+q3GpyXWN7OJidLUW5HRb28NmHs
oxsPKxXfgBni+XfRKr1Mltdwsvdz39AAtLHEU0+E1i07isTWkT6K/HCXTFhOQzcL
U0MqH28iFHCxhlv0hFWINGdu0F6dMywTGtifh5nO/FUSsw2tbK4GqpnLDg==
-----END CERTIFICATE-----