Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ac536e0-baeb-4870-a3d8-8077ae09df1d.roa
File:                     3ac536e0-baeb-4870-a3d8-8077ae09df1d.roa (raw, json)
Hash identifier:          2Wxjunz3SmihokeHXQH1wDqy/eGxN+kRFlNHqB8jeVE=
Subject key identifier:   39:27:5B:CB:A2:04:C2:D5:74:E3:E5:26:41:C7:93:18:7F:0D:5C:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0D7D9DAD4C23B3BDDE63489C389FDBF817F716F9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ac536e0-baeb-4870-a3d8-8077ae09df1d.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.155.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:7d:9d:ad:4c:23:b3:bd:de:63:48:9c:38:9f:db:f8:17:f7:16:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:91:e3:76:28:e2:38:c5:c6:5c:05:f0:6c:0f:
                    dd:63:75:8e:ef:8b:a6:06:24:be:a6:0e:46:d1:94:
                    a8:e6:11:86:13:48:39:a6:ef:3d:e1:1a:a7:65:08:
                    88:bf:b9:00:ab:5e:77:1d:21:ea:c8:89:19:ba:98:
                    17:e5:27:d6:89:cd:1f:23:20:6b:2c:33:c8:e6:3c:
                    07:13:98:90:dc:b2:86:58:85:72:bc:e2:f0:16:dc:
                    0d:ba:21:56:b6:34:2b:42:ac:a8:92:f9:e0:5c:83:
                    f3:a3:62:78:e2:1f:32:75:12:51:ae:8a:ce:91:d0:
                    a9:a3:7e:55:82:25:87:a0:df:08:d9:52:ad:54:39:
                    14:a1:63:30:51:ad:32:53:dd:d4:c1:fc:dc:dc:32:
                    a3:8f:c8:fa:7a:f4:d4:21:bb:8c:2a:86:65:60:29:
                    2f:4e:42:fe:68:15:f7:2d:3c:6a:27:d1:03:5b:48:
                    4c:35:1e:9b:88:68:9e:c9:cc:2a:4a:d4:52:5b:c8:
                    7c:7e:b5:a6:73:9b:cd:83:96:06:2d:21:c6:ec:33:
                    2a:69:49:d2:19:af:77:a8:35:a0:bb:7f:e2:dc:78:
                    07:ec:36:3e:29:9f:ff:6b:c6:e2:7b:34:77:a3:e7:
                    fe:d7:cc:b6:6e:49:11:9d:c8:91:b8:ae:e7:6f:66:
                    30:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:27:5B:CB:A2:04:C2:D5:74:E3:E5:26:41:C7:93:18:7F:0D:5C:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ac536e0-baeb-4870-a3d8-8077ae09df1d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.155.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:ff:76:9e:28:41:d5:a7:a5:9b:76:ce:ca:af:9d:0a:26:b5:
         c1:25:fb:d2:35:6e:bc:c8:e3:1a:2a:10:a6:cb:de:71:47:16:
         a6:15:36:88:8e:b3:5b:84:c9:7c:7c:06:bd:de:a0:a6:09:45:
         de:4c:c7:17:93:5a:bf:f4:5c:d5:4c:93:52:93:c2:8d:e9:c4:
         06:01:19:b7:71:d8:c7:e1:94:2e:cb:ef:8c:78:14:3f:be:20:
         53:d4:cb:8b:38:a8:1d:d4:63:28:53:39:b7:53:c3:eb:a5:0f:
         5e:29:8f:25:4f:08:6b:a5:93:9e:de:1b:6d:b4:66:39:80:1d:
         ef:95:61:16:30:ef:fb:c3:08:d0:c3:e2:a2:d8:39:1f:30:21:
         85:f0:9d:ee:dc:47:4e:0d:65:be:1d:09:04:5b:22:5a:55:50:
         b9:81:c2:1e:62:20:59:b8:d1:f0:0b:64:fb:96:7d:a1:74:9a:
         c3:65:e6:fe:76:cb:a0:80:ef:9e:dc:90:2c:b5:7d:9a:65:01:
         a4:26:c5:ce:85:34:1a:10:9b:a8:9d:71:25:ab:18:74:3b:46:
         ed:c3:76:f9:07:7d:3a:54:d0:ed:7a:ee:f1:1c:e6:01:00:b3:
         5f:a8:96:bd:0e:d9:c7:77:d4:b4:3d:85:88:e9:eb:0a:21:94:
         83:c3:47:00
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDX2drUwjs73eY0icOJ/b+Bf3FvkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjQ1MDhhNDA4MDFkNjMzMjQ1MmY2OGYzMTAyODVlZGQ1
NDA4OGI0MWViN2Q0NzYwM2JlMWNhZGUzMDM0OTg5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvkeN2KOI4xcZcBfBsD91jdY7vi6YGJL6mDkbRlKjmEYYT
SDmm7z3hGqdlCIi/uQCrXncdIerIiRm6mBflJ9aJzR8jIGssM8jmPAcTmJDcsoZY
hXK84vAW3A26IVa2NCtCrKiS+eBcg/OjYnjiHzJ1ElGuis6R0KmjflWCJYeg3wjZ
Uq1UORShYzBRrTJT3dTB/NzcMqOPyPp69NQhu4wqhmVgKS9OQv5oFfctPGon0QNb
SEw1HpuIaJ7JzCpK1FJbyHx+taZzm82DlgYtIcbsMyppSdIZr3eoNaC7f+LceAfs
Nj4pn/9rxuJ7NHej5/7XzLZuSRGdyJG4rudvZjDTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOSdby6IEwtV04+UmQceTGH8NXDYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNhYzUzNmUwLWJhZWItNDg3MC1hM2Q4LTgwNzdhZTA5ZGYxZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQmzANBgkqhkiG9w0BAQsFAAOCAQEAMP92nihB1aelm3bOyq+dCia1wSX7
0jVuvMjjGioQpsvecUcWphU2iI6zW4TJfHwGvd6gpglF3kzHF5Nav/Rc1UyTUpPC
jenEBgEZt3HYx+GULsvvjHgUP74gU9TLizioHdRjKFM5t1PD66UPXimPJU8Ia6WT
nt4bbbRmOYAd75VhFjDv+8MI0MPiotg5HzAhhfCd7txHTg1lvh0JBFsiWlVQuYHC
HmIgWbjR8Atk+5Z9oXSaw2Xm/nbLoIDvntyQLLV9mmUBpCbFzoU0GhCbqJ1xJasY
dDtG7cN2+Qd9OlTQ7Xru8RzmAQCzX6iWvQ7Zx3fUtD2FiOnrCiGUg8NHAA==
-----END CERTIFICATE-----