Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/13c71171-970f-484b-85c9-a988595339a7.roa
File:                     13c71171-970f-484b-85c9-a988595339a7.roa (raw, json)
Hash identifier:          jKJUV+ZLP16sQwSaDLTo3PpXr3N/fvv43zIq5JeTyPA=
Subject key identifier:   EC:13:B1:97:D7:50:1C:98:97:8F:11:1C:ED:43:75:E2:F5:29:18:3B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4AB13BB1B89AB838937EB3B123C20F202F766B36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/13c71171-970f-484b-85c9-a988595339a7.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.12.64.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:b1:3b:b1:b8:9a:b8:38:93:7e:b3:b1:23:c2:0f:20:2f:76:6b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b6:b6:f5:3a:53:67:ec:ef:44:af:29:70:b1:
                    2d:c2:a6:38:93:3e:d4:fd:10:43:76:fa:b6:15:f9:
                    c7:59:e6:8a:80:ca:49:48:d3:8c:ad:f2:7f:18:ac:
                    65:7c:dc:71:4a:15:a9:72:d2:26:c4:e3:a8:98:c3:
                    2a:73:5f:f6:8c:97:2c:75:fb:59:8f:09:f5:60:9b:
                    7b:fe:75:c6:03:20:f7:8d:c2:8b:1f:e7:24:3f:0d:
                    aa:6c:55:0d:5a:fe:cd:e8:e2:10:3d:4b:55:60:5c:
                    c5:c1:d3:d1:26:1b:77:79:97:d6:f9:5b:a6:73:dd:
                    56:b6:13:bb:0f:68:88:c5:0e:22:ff:95:d7:32:c4:
                    2a:be:35:5c:1f:16:ae:c6:16:41:85:74:88:30:83:
                    62:f5:9c:6e:31:ad:f0:85:ac:59:c7:c9:e8:49:9d:
                    91:4b:02:c1:dc:6f:6c:2e:2f:1e:d6:66:b8:87:22:
                    a9:26:d9:27:0f:86:ca:e6:66:ca:02:98:4e:01:c0:
                    5e:20:69:52:ed:1c:48:a9:bf:cb:2e:f7:cc:69:bd:
                    df:44:00:61:a0:63:27:50:ab:5c:da:a8:ec:e7:cf:
                    de:53:fe:a7:40:97:45:4c:19:c3:86:16:dc:79:0d:
                    69:d9:33:97:5f:bf:f1:12:c5:73:51:ff:68:8e:a2:
                    49:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:13:B1:97:D7:50:1C:98:97:8F:11:1C:ED:43:75:E2:F5:29:18:3B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/13c71171-970f-484b-85c9-a988595339a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.12.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:c3:8b:4a:57:6a:18:48:41:28:ba:02:18:bf:85:bd:72:bb:
         c5:bd:81:69:a1:0a:03:3a:70:42:fa:88:39:99:ee:00:c7:38:
         8a:3c:67:43:b5:3d:60:43:56:62:ba:3f:d4:e7:00:fc:1a:8e:
         3a:93:98:76:f0:30:ef:be:3a:e5:0a:07:0c:fb:ca:52:b4:b6:
         36:79:fe:61:02:86:82:b8:bd:3d:0b:a6:20:1e:89:fd:d1:3d:
         98:31:48:2a:9d:1f:25:79:13:47:35:b2:d1:64:88:74:ab:5c:
         b0:e5:34:32:44:a2:95:af:8f:43:f8:5e:05:85:cf:5b:55:47:
         54:99:dd:dd:ed:a4:d9:a1:d0:da:da:39:f8:20:d3:85:3a:03:
         ff:74:ba:23:04:c4:e7:f9:7c:bb:1c:28:83:24:0e:d4:f1:c2:
         6e:29:1a:70:9e:44:55:91:ec:b1:8c:13:73:6f:c4:d1:66:f6:
         b5:4e:a1:a5:5f:b5:2f:cf:12:0b:77:aa:3c:1e:f8:cb:ae:2d:
         03:a5:cb:b5:e8:e5:ee:09:2b:0e:29:58:6f:ab:c9:c8:33:63:
         7c:a3:89:de:94:da:9e:8d:02:f7:f0:32:92:23:0b:a2:2b:f3:
         aa:f8:ed:90:9b:38:40:9f:6b:aa:79:d7:17:55:f4:fb:10:22:
         70:03:f0:63
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSrE7sbiauDiTfrOxI8IPIC92azYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MGVkNzFlNTMyYzVlNDY2NmViMDc0NjMzN2U3NWU3ODk2
YzQyNjhhNjMzNWVhOTA3OGQ4MDVhMjk5YzU0Y2RmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQtrb1OlNn7O9ErylwsS3CpjiTPtT9EEN2+rYV+cdZ5oqA
yklI04yt8n8YrGV83HFKFaly0ibE46iYwypzX/aMlyx1+1mPCfVgm3v+dcYDIPeN
wosf5yQ/DapsVQ1a/s3o4hA9S1VgXMXB09EmG3d5l9b5W6Zz3Va2E7sPaIjFDiL/
ldcyxCq+NVwfFq7GFkGFdIgwg2L1nG4xrfCFrFnHyehJnZFLAsHcb2wuLx7WZriH
Iqkm2ScPhsrmZsoCmE4BwF4gaVLtHEipv8su98xpvd9EAGGgYydQq1zaqOznz95T
/qdAl0VMGcOGFtx5DWnZM5dfv/ESxXNR/2iOoklfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7BOxl9dQHJiXjxEc7UN14vUpGDswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEzYzcxMTcxLTk3MGYtNDg0Yi04NWM5LWE5ODg1OTUzMzlhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIQDEAwDQYJKoZIhvcNAQELBQADggEBAKPDi0pXahhIQSi6Ahi/hb1yu8W9
gWmhCgM6cEL6iDmZ7gDHOIo8Z0O1PWBDVmK6P9TnAPwajjqTmHbwMO++OuUKBwz7
ylK0tjZ5/mEChoK4vT0LpiAeif3RPZgxSCqdHyV5E0c1stFkiHSrXLDlNDJEopWv
j0P4XgWFz1tVR1SZ3d3tpNmh0NraOfgg04U6A/90uiMExOf5fLscKIMkDtTxwm4p
GnCeRFWR7LGME3NvxNFm9rVOoaVftS/PEgt3qjwe+MuuLQOly7Xo5e4JKw4pWG+r
ycgzY3yjid6U2p6NAvfwMpIjC6Ir86r47ZCbOECfa6p51xdV9PsQInAD8GM=
-----END CERTIFICATE-----