Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/13f7bb97-d422-4789-81f1-7e72dcd9b6f0.roa
File:                     13f7bb97-d422-4789-81f1-7e72dcd9b6f0.roa (raw, json)
Hash identifier:          2BMFE5GoJsgMcB6s/SmJj6Vf+75FwgrnOLXtI7ES214=
Subject key identifier:   D2:72:71:E1:3B:24:20:54:0B:2A:09:D8:7B:D7:C2:6F:C9:C2:8A:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       12207B3EB12117792F0290192B6B4C7DB957EFE1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/13f7bb97-d422-4789-81f1-7e72dcd9b6f0.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.184.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:20:7b:3e:b1:21:17:79:2f:02:90:19:2b:6b:4c:7d:b9:57:ef:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:f3:10:71:cc:95:2d:b1:4f:8e:f9:90:04:90:
                    b2:72:84:89:54:c5:e1:6a:8f:4d:94:6a:29:de:e7:
                    70:16:53:2f:8f:2c:30:ab:37:e6:d9:6f:4a:be:6d:
                    07:c2:1b:18:d1:f7:25:aa:0d:67:ea:d7:a9:72:c4:
                    1e:f1:e9:52:e4:69:23:b6:50:99:ed:8e:be:f0:49:
                    bb:a1:09:4d:61:b3:a3:c1:c3:7b:3d:9b:95:3a:cb:
                    5f:c4:dc:60:93:62:ee:68:da:93:5a:f9:f2:76:44:
                    f0:c2:c3:21:71:2a:86:6b:3d:83:8c:aa:d4:75:d9:
                    d6:c1:7e:2e:ce:64:9a:0c:84:3d:0b:5d:32:ac:ae:
                    d1:07:ad:9c:fa:49:bd:42:3b:82:a0:c4:3b:a0:ee:
                    9a:57:d2:3d:61:9e:7a:d1:6f:fb:cf:f3:64:fc:d2:
                    60:44:7e:4e:7a:21:a4:5c:56:2e:34:68:fd:15:61:
                    01:7d:75:ca:65:d9:0c:6a:aa:14:d0:98:79:04:3e:
                    01:f7:00:a2:98:57:b6:cb:a8:b3:35:21:2c:88:dc:
                    39:5d:9f:2d:56:3c:14:c6:d5:3f:7b:d3:70:64:8a:
                    bf:3e:9c:3b:ae:04:db:23:f9:87:f6:cc:e2:3d:e9:
                    5b:22:d1:a1:b9:27:72:67:66:e5:f1:c9:8c:47:0b:
                    53:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:72:71:E1:3B:24:20:54:0B:2A:09:D8:7B:D7:C2:6F:C9:C2:8A:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/13f7bb97-d422-4789-81f1-7e72dcd9b6f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.184.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         16:ab:f3:a7:7c:78:a1:6b:45:3d:67:cb:03:3a:c2:a5:6a:22:
         83:13:b5:4b:05:01:b4:4a:6f:23:95:4a:f0:52:36:c1:b3:41:
         c3:fa:5e:c7:83:27:c2:13:9d:43:4c:d7:c0:22:60:85:1d:3a:
         96:40:f7:6a:12:00:96:89:87:e7:8e:44:67:98:3a:9d:fb:68:
         a9:94:4f:a9:6d:4b:31:04:8c:fa:e6:3f:62:6d:c2:8f:8f:ea:
         f0:59:8e:cd:6b:38:53:aa:76:b0:b5:6b:e4:4f:a0:02:2b:04:
         bf:0e:6f:84:fe:74:da:57:fa:54:82:07:cd:74:a9:59:5d:c6:
         92:18:c9:7e:b6:e9:fa:76:90:53:68:d4:d5:b1:d4:b1:3f:fe:
         22:04:76:25:30:71:c1:f1:86:bd:d0:71:38:84:97:0e:2e:66:
         bb:f8:ca:8d:8e:4c:85:a2:6c:71:54:a8:31:d0:c5:7d:9d:76:
         3d:e9:2f:72:7e:ed:43:15:27:57:d0:28:44:da:f4:db:63:58:
         97:f3:a9:be:d1:ec:d0:cd:c5:06:d3:a4:ca:3e:0a:86:a5:59:
         77:1f:30:9c:bf:96:e9:01:b3:60:2d:15:bc:e4:4d:d2:e1:15:
         49:a9:55:7a:81:e3:71:cb:d3:88:26:b6:e7:6a:e7:3a:26:ee:
         69:0e:51:7a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEiB7PrEhF3kvApAZK2tMfblX7+EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWFhNThkNTUyNTUwYzMzZTliZDg1MTRkNzMyNmI5NWEw
NGRhOTIxMzg1OGYxZDA4MDRhZDE2ZjRiNDBhN2U5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn8xBxzJUtsU+O+ZAEkLJyhIlUxeFqj02Uaine53AWUy+P
LDCrN+bZb0q+bQfCGxjR9yWqDWfq16lyxB7x6VLkaSO2UJntjr7wSbuhCU1hs6PB
w3s9m5U6y1/E3GCTYu5o2pNa+fJ2RPDCwyFxKoZrPYOMqtR12dbBfi7OZJoMhD0L
XTKsrtEHrZz6Sb1CO4KgxDug7ppX0j1hnnrRb/vP82T80mBEfk56IaRcVi40aP0V
YQF9dcpl2QxqqhTQmHkEPgH3AKKYV7bLqLM1ISyI3Dldny1WPBTG1T9703Bkir8+
nDuuBNsj+Yf2zOI96Vsi0aG5J3JnZuXxyYxHC1MjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0nJx4TskIFQLKgnYe9fCb8nCijMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEzZjdiYjk3LWQ0MjItNDc4OS04MWYxLTdlNzJkY2Q5YjZmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQuDANBgkqhkiG9w0BAQsFAAOCAQEAFqvzp3x4oWtFPWfLAzrCpWoigxO1
SwUBtEpvI5VK8FI2wbNBw/pex4MnwhOdQ0zXwCJghR06lkD3ahIAlomH545EZ5g6
nftoqZRPqW1LMQSM+uY/Ym3Cj4/q8FmOzWs4U6p2sLVr5E+gAisEvw5vhP502lf6
VIIHzXSpWV3GkhjJfrbp+naQU2jU1bHUsT/+IgR2JTBxwfGGvdBxOISXDi5mu/jK
jY5MhaJscVSoMdDFfZ12Pekvcn7tQxUnV9AoRNr022NYl/OpvtHs0M3FBtOkyj4K
hqVZdx8wnL+W6QGzYC0VvORN0uEVSalVeoHjccvTiCa252rnOibuaQ5Reg==
-----END CERTIFICATE-----