Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea582330-67bf-4874-9a0f-c423d8dbd0ef.roa
File:                     ea582330-67bf-4874-9a0f-c423d8dbd0ef.roa (raw, json)
Hash identifier:          0O+1inbmagcAs8bP+Rb42FQxBB94wxU5bO03+ZRkH00=
Subject key identifier:   BF:97:89:93:27:09:46:3D:75:9A:DC:6C:FD:B1:61:B4:ED:EE:95:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       482E76965CF0528E8D770A6099C3A7C169E9E4CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea582330-67bf-4874-9a0f-c423d8dbd0ef.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        104.153.117.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:2e:76:96:5c:f0:52:8e:8d:77:0a:60:99:c3:a7:c1:69:e9:e4:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:1c:8d:3a:42:b2:67:b2:23:16:24:6f:b7:10:
                    66:7f:c8:99:06:59:8f:e7:70:fb:f2:de:eb:e4:be:
                    b8:b7:61:62:6c:71:cc:8c:00:70:19:90:12:64:e9:
                    5c:53:b4:b7:bf:43:be:67:6b:f8:8c:1c:02:b4:36:
                    54:ed:31:bc:51:07:f9:c4:b9:ff:b0:56:08:94:05:
                    4d:65:03:1a:74:f6:77:ca:86:1a:21:02:43:e4:7c:
                    14:6b:35:19:5a:b8:72:eb:1c:ed:ed:a6:76:b0:be:
                    73:c4:bc:6e:fd:b6:e5:7b:f3:72:d4:4d:ba:1a:cd:
                    04:17:36:4e:ee:ab:64:e3:c9:8d:c1:5a:6d:9a:25:
                    f1:1f:f1:bb:8c:73:39:7e:b2:e9:8c:c1:4b:d6:46:
                    86:bb:24:9a:37:1c:a8:94:52:e0:63:5d:29:8d:b1:
                    d6:32:5f:73:61:c5:78:83:9f:09:e9:2a:b9:0a:19:
                    de:18:18:38:e2:55:a6:b0:70:4b:6c:ee:6e:67:fc:
                    c5:16:92:13:bd:9a:97:f8:20:0b:17:c2:85:ce:70:
                    a1:75:b2:74:4c:04:88:53:cc:2e:c1:85:32:5c:e3:
                    6f:9c:02:3a:74:52:9f:47:35:67:21:c8:e1:8c:6c:
                    6a:92:7d:a9:34:92:46:dc:ff:e2:a3:c1:d3:c5:6a:
                    bf:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:97:89:93:27:09:46:3D:75:9A:DC:6C:FD:B1:61:B4:ED:EE:95:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea582330-67bf-4874-9a0f-c423d8dbd0ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.153.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:79:c9:ba:b9:ec:cb:92:d2:d6:ac:8a:c2:92:1e:8b:51:a4:
         22:85:34:04:47:4a:8f:f6:95:09:77:3d:db:38:d6:97:9b:b1:
         e4:6e:cc:49:2f:2d:dc:f8:53:d0:21:0d:04:83:2e:86:37:47:
         64:3d:e2:24:85:c1:ee:91:d1:e1:d1:f3:e0:5b:0c:71:76:87:
         77:51:67:b5:82:6d:5e:12:dd:b3:93:8b:74:89:85:c7:5d:c4:
         96:2d:b2:b8:99:23:cb:ff:b0:8f:f5:be:34:84:f2:19:84:c7:
         4a:38:cf:93:c9:06:d8:67:a9:7a:2a:89:b8:ae:33:12:9a:c8:
         47:1f:06:21:dc:84:36:e2:12:9f:7e:4f:77:f1:d5:80:b8:ca:
         8c:14:4d:ea:ab:d9:ef:33:80:c2:fa:16:1d:58:72:ba:e9:0f:
         db:fc:a8:92:e7:f5:ab:5f:8a:88:16:7d:79:38:e9:0a:a3:3b:
         c3:87:24:90:87:c8:04:2f:ef:32:02:e8:47:b1:ff:52:0d:05:
         66:da:0a:a6:bc:da:57:b1:a1:c1:e0:5d:d7:d9:80:3c:d7:0a:
         c4:89:cd:ae:49:47:38:ce:6a:7e:ce:ab:0c:22:a6:fe:f8:89:
         48:3a:60:77:e5:a3:d3:1c:0c:d4:f9:75:47:ea:bd:04:e7:81:
         1d:af:2f:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSC52llzwUo6NdwpgmcOnwWnp5MowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2RjNmQ1YThhYTkwZDMxMmM2ZTU0MzBiNDU3ZWE3OWM3
Nzc3MmQ1ZThlMTQwM2IwNWNiNTc4ZTU2OWQ4NzRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnHI06QrJnsiMWJG+3EGZ/yJkGWY/ncPvy3uvkvri3YWJs
ccyMAHAZkBJk6VxTtLe/Q75na/iMHAK0NlTtMbxRB/nEuf+wVgiUBU1lAxp09nfK
hhohAkPkfBRrNRlauHLrHO3tpnawvnPEvG79tuV783LUTboazQQXNk7uq2TjyY3B
Wm2aJfEf8buMczl+sumMwUvWRoa7JJo3HKiUUuBjXSmNsdYyX3NhxXiDnwnpKrkK
Gd4YGDjiVaawcEts7m5n/MUWkhO9mpf4IAsXwoXOcKF1snRMBIhTzC7BhTJc42+c
Ajp0Up9HNWchyOGMbGqSfak0kkbc/+KjwdPFar+PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv5eJkycJRj11mtxs/bFhtO3ulaowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhNTgyMzMwLTY3YmYtNDg3NC05YTBmLWM0MjNkOGRiZDBlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABomXUwDQYJKoZIhvcNAQELBQADggEBACN5ybq57MuS0tasisKSHotRpCKF
NARHSo/2lQl3Pds41pebseRuzEkvLdz4U9AhDQSDLoY3R2Q94iSFwe6R0eHR8+Bb
DHF2h3dRZ7WCbV4S3bOTi3SJhcddxJYtsriZI8v/sI/1vjSE8hmEx0o4z5PJBthn
qXoqibiuMxKayEcfBiHchDbiEp9+T3fx1YC4yowUTeqr2e8zgML6Fh1YcrrpD9v8
qJLn9atfiogWfXk46QqjO8OHJJCHyAQv7zIC6Eex/1INBWbaCqa82lexocHgXdfZ
gDzXCsSJza5JRzjOan7Oqwwipv74iUg6YHflo9McDNT5dUfqvQTngR2vL1k=
-----END CERTIFICATE-----