Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34413670-6903-4feb-9963-f609b3808dcf.roa
File:                     34413670-6903-4feb-9963-f609b3808dcf.roa (raw, json)
Hash identifier:          KoMbMENMdk4e7eHL88RMy1hvU4Srm1Ehc7HzqhtW2W0=
Subject key identifier:   55:76:1C:7A:33:93:53:BE:15:A8:9F:AD:62:69:96:17:6A:CE:CD:21
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47C7E9EEA3FA26736D4CBD71CEF8F4AD9D880699
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34413670-6903-4feb-9963-f609b3808dcf.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.20.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:c7:e9:ee:a3:fa:26:73:6d:4c:bd:71:ce:f8:f4:ad:9d:88:06:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:35:61:ca:b8:e8:d3:b6:31:d1:37:38:5c:5d:
                    03:f8:7b:15:cd:52:e8:c2:94:8e:e7:8b:4f:78:76:
                    5a:bf:26:fa:40:5e:80:37:e3:2d:d6:0b:17:06:23:
                    4b:01:38:fc:13:99:2a:ba:3e:f7:7b:1f:4a:97:d4:
                    d0:dc:0a:4a:27:01:4f:b4:a9:4b:d2:05:c3:09:c5:
                    da:6f:18:a7:54:21:5b:fc:1b:5e:ad:82:43:e2:cd:
                    fb:f8:4a:8d:00:fe:c9:a2:1c:5f:e1:c6:9f:09:8a:
                    3f:1c:e3:4f:94:e4:1e:fd:97:33:9d:bc:72:03:9e:
                    93:e3:dd:8a:89:a8:77:e3:a0:aa:8d:32:7f:4d:c8:
                    ed:4a:b6:7d:24:fb:f1:51:44:e2:3c:fd:1a:1d:ef:
                    97:5b:d7:ae:af:9c:13:df:ba:11:ea:ab:9f:71:b2:
                    dd:a5:12:30:fe:e1:21:02:ae:84:2f:00:a9:88:0a:
                    7d:88:39:a1:a6:97:d4:74:f3:c4:e5:3e:be:ba:32:
                    0d:98:89:a7:df:a1:03:2c:85:a1:92:18:cf:4e:8d:
                    7f:57:42:95:7d:de:b5:5c:27:76:a9:f6:d8:cb:45:
                    92:dd:aa:00:8a:69:d0:7c:52:4c:c5:4a:19:e7:41:
                    01:38:a5:14:fb:14:45:0d:7b:f5:d6:56:16:72:66:
                    a3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:76:1C:7A:33:93:53:BE:15:A8:9F:AD:62:69:96:17:6A:CE:CD:21
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/34413670-6903-4feb-9963-f609b3808dcf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         89:38:5e:91:20:41:72:5f:2b:2f:fc:a4:a8:20:3a:54:13:16:
         db:9a:25:52:41:12:b9:9f:32:35:2a:5c:b1:3a:af:fa:3e:e9:
         a3:0f:6f:95:e3:ac:b9:db:7c:3e:1e:99:d7:89:be:3e:da:3a:
         f6:9f:60:89:c8:17:3d:97:83:bf:9a:3e:b1:41:ad:18:e8:3a:
         cf:cf:f5:2a:50:e2:e1:84:13:66:99:e2:3a:ca:7b:e8:d2:87:
         c6:6d:9c:55:e8:27:ee:dc:53:c0:4d:83:76:3e:3f:14:1d:f1:
         02:b9:97:f2:81:4a:d3:1a:13:b3:3f:a0:25:ed:45:91:82:7f:
         bd:14:90:26:56:7c:7b:30:dd:7a:40:e5:7b:0a:b8:0f:ff:75:
         83:61:41:e7:ba:f8:cc:db:35:59:62:95:9b:5b:d9:4c:35:9c:
         91:73:07:c8:37:59:36:39:60:2c:ab:48:67:dc:f4:40:57:65:
         48:55:f2:5b:63:78:91:2c:6c:02:77:0a:3a:45:4e:5c:3f:52:
         17:c5:68:a9:f4:f0:e9:bd:3e:92:f2:0c:61:61:f9:76:f9:e5:
         3d:b4:c8:98:af:6c:c4:3d:36:7a:3f:61:da:06:14:8b:73:90:
         54:77:21:87:1d:9a:a7:95:bb:45:7e:a6:39:c4:31:01:95:b9:
         77:2a:38:0e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR8fp7qP6JnNtTL1xzvj0rZ2IBpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMmM0Mjc5MTU4ZTAyNGZhNzJlMjM3ZjM4N2IyODRkOGIz
YzNkNjI2YjZiNDA2MGJjMjNmZjk3NzcwMmU5MjZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLNWHKuOjTtjHRNzhcXQP4exXNUujClI7ni094dlq/JvpA
XoA34y3WCxcGI0sBOPwTmSq6Pvd7H0qX1NDcCkonAU+0qUvSBcMJxdpvGKdUIVv8
G16tgkPizfv4So0A/smiHF/hxp8Jij8c40+U5B79lzOdvHIDnpPj3YqJqHfjoKqN
Mn9NyO1Ktn0k+/FRROI8/Rod75db166vnBPfuhHqq59xst2lEjD+4SECroQvAKmI
Cn2IOaGml9R088TlPr66Mg2YiaffoQMshaGSGM9OjX9XQpV93rVcJ3ap9tjLRZLd
qgCKadB8UkzFShnnQQE4pRT7FEUNe/XWVhZyZqNXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVXYcejOTU74VqJ+tYmmWF2rOzSEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM0NDEzNjcwLTY5MDMtNGZlYi05OTYzLWY2MDliMzgwOGRjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFDANBgkqhkiG9w0BAQsFAAOCAQEAiThekSBBcl8rL/ykqCA6VBMW25ol
UkESuZ8yNSpcsTqv+j7pow9vleOsudt8Ph6Z14m+Pto69p9gicgXPZeDv5o+sUGt
GOg6z8/1KlDi4YQTZpniOsp76NKHxm2cVegn7txTwE2Ddj4/FB3xArmX8oFK0xoT
sz+gJe1FkYJ/vRSQJlZ8ezDdekDlewq4D/91g2FB57r4zNs1WWKVm1vZTDWckXMH
yDdZNjlgLKtIZ9z0QFdlSFXyW2N4kSxsAncKOkVOXD9SF8VoqfTw6b0+kvIMYWH5
dvnlPbTImK9sxD02ej9h2gYUi3OQVHchhx2ap5W7RX6mOcQxAZW5dyo4Dg==
-----END CERTIFICATE-----