Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e9aae5b-cd1d-4f55-8f96-3cbbe898ce34.roa
File:                     1e9aae5b-cd1d-4f55-8f96-3cbbe898ce34.roa (raw, json)
Hash identifier:          VO+hyJnUVFTpZfULJ/hUeW3U0NCo4PsXnRHtVSF4z14=
Subject key identifier:   BE:C8:57:1F:ED:5D:C2:D9:BF:02:C7:AF:39:21:93:E3:58:CC:B8:D2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2805EA94245574B7E8B9B07950E86CD6D5767E6F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e9aae5b-cd1d-4f55-8f96-3cbbe898ce34.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.22.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:05:ea:94:24:55:74:b7:e8:b9:b0:79:50:e8:6c:d6:d5:76:7e:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=327417f1b57bbab2d14d783095975ac6a07eea227812223b34177f7d207d7c3c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:05:14:87:76:8b:e0:6f:c0:58:6f:cb:94:e6:
                    18:73:ea:21:72:f2:4d:88:30:aa:12:cd:a5:80:cc:
                    f9:51:df:49:c5:08:e6:bf:8f:81:d9:ab:7a:20:f3:
                    12:72:14:48:6a:5e:3a:82:ab:65:71:f0:75:1b:43:
                    d8:ea:bf:80:60:80:79:34:9e:4a:eb:50:e4:99:00:
                    5f:86:1d:5e:49:70:c9:cc:9c:1f:f5:48:95:02:2e:
                    dc:45:72:d1:08:ee:c9:ef:0a:df:70:00:5c:d5:22:
                    9d:ab:b5:6b:2e:5a:75:01:32:3c:c8:44:85:22:45:
                    fe:9b:9f:07:f6:b4:10:2c:4f:bb:5e:aa:c5:a1:21:
                    b2:59:44:6f:65:4f:0b:e1:12:ac:6c:3f:00:26:5a:
                    12:e3:35:08:50:12:70:b1:06:f2:9e:90:05:d1:d0:
                    fd:65:6a:3b:59:d4:3b:56:44:d4:b0:66:46:97:d2:
                    dc:1d:f9:b6:58:6a:ce:24:6e:72:28:ac:b8:c9:01:
                    b8:37:2e:cb:6e:a8:02:fa:e6:23:93:6a:65:da:14:
                    fd:24:55:30:1b:ae:d4:55:8b:58:ab:04:f0:2f:40:
                    6e:68:94:78:16:ec:08:37:ec:bf:cf:50:96:c6:79:
                    e7:af:3c:a0:03:cf:59:56:ce:d3:b0:e2:8c:84:15:
                    a1:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C8:57:1F:ED:5D:C2:D9:BF:02:C7:AF:39:21:93:E3:58:CC:B8:D2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e9aae5b-cd1d-4f55-8f96-3cbbe898ce34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.22.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         56:6e:d6:65:e2:ba:10:51:86:c8:8c:47:eb:39:e4:f0:03:50:
         b1:8c:0a:12:ee:df:1e:7c:7a:77:c4:03:ff:6c:13:35:36:31:
         71:10:44:ab:13:3a:97:38:fc:5d:69:ca:1a:d9:3f:47:f1:74:
         0c:d9:26:94:3a:dc:be:a0:38:ad:36:bd:7d:3e:ac:61:10:d9:
         02:e3:5a:ad:cd:d9:9e:dd:e4:c7:23:10:1c:66:c0:23:d9:be:
         9a:7e:ec:18:30:bf:05:18:d8:42:7f:46:db:97:b8:94:b5:b6:
         96:52:2b:19:a7:8f:a0:8b:84:97:06:67:dc:a8:fe:24:37:62:
         60:0f:9e:0a:06:31:64:1f:a2:94:7f:f6:34:70:a5:79:6a:7e:
         65:9a:89:e9:64:2d:74:60:08:74:6f:bd:1f:8a:08:46:1d:cc:
         f7:ff:35:c6:3c:7b:b3:24:2c:61:29:56:36:c7:eb:c9:81:12:
         6c:10:a3:27:fa:c1:21:50:bf:1b:05:b7:d2:e2:6f:73:18:1a:
         05:9a:ee:df:42:11:96:39:3c:b3:71:a4:91:f2:4b:39:94:5e:
         73:f3:23:b6:74:6c:db:44:fd:93:e7:e7:a4:49:ae:9e:a8:e7:
         c1:2a:c2:17:1f:f8:1a:9d:4c:86:07:36:a3:99:80:3c:6b:7b:
         01:76:83:e2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKAXqlCRVdLfoubB5UOhs1tV2fm8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMjc0MTdmMWI1N2JiYWIyZDE0ZDc4MzA5NTk3NWFjNmEw
N2VlYTIyNzgxMjIyM2IzNDE3N2Y3ZDIwN2Q3YzNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYBRSHdovgb8BYb8uU5hhz6iFy8k2IMKoSzaWAzPlR30nF
COa/j4HZq3og8xJyFEhqXjqCq2Vx8HUbQ9jqv4BggHk0nkrrUOSZAF+GHV5JcMnM
nB/1SJUCLtxFctEI7snvCt9wAFzVIp2rtWsuWnUBMjzIRIUiRf6bnwf2tBAsT7te
qsWhIbJZRG9lTwvhEqxsPwAmWhLjNQhQEnCxBvKekAXR0P1lajtZ1DtWRNSwZkaX
0twd+bZYas4kbnIorLjJAbg3LstuqAL65iOTamXaFP0kVTAbrtRVi1irBPAvQG5o
lHgW7Ag37L/PUJbGeeevPKADz1lWztOw4oyEFaFZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvshXH+1dwtm/AsevOSGT41jMuNIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFlOWFhZTViLWNkMWQtNGY1NS04Zjk2LTNjYmJlODk4Y2UzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFjANBgkqhkiG9w0BAQsFAAOCAQEAVm7WZeK6EFGGyIxH6znk8ANQsYwK
Eu7fHnx6d8QD/2wTNTYxcRBEqxM6lzj8XWnKGtk/R/F0DNkmlDrcvqA4rTa9fT6s
YRDZAuNarc3Znt3kxyMQHGbAI9m+mn7sGDC/BRjYQn9G25e4lLW2llIrGaePoIuE
lwZn3Kj+JDdiYA+eCgYxZB+ilH/2NHCleWp+ZZqJ6WQtdGAIdG+9H4oIRh3M9/81
xjx7syQsYSlWNsfryYESbBCjJ/rBIVC/GwW30uJvcxgaBZru30IRljk8s3GkkfJL
OZRec/MjtnRs20T9k+fnpEmunqjnwSrCFx/4Gp1Mhgc2o5mAPGt7AXaD4g==
-----END CERTIFICATE-----