Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4321cb03-f4f3-4e9c-87f0-cc4fb6e1eabb.roa
File:                     4321cb03-f4f3-4e9c-87f0-cc4fb6e1eabb.roa (raw, json)
Hash identifier:          BWklwSALLhDS0dlQMgcnBBNSL1wm4gkfqQGK+He+BTk=
Subject key identifier:   C1:5D:0B:F3:7B:E6:36:01:E3:99:B8:0D:F3:36:F1:6A:ED:EA:92:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A1E9D7A3F9314FE3590AA79488FD5CB98FA2D7F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4321cb03-f4f3-4e9c-87f0-cc4fb6e1eabb.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.69.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:1e:9d:7a:3f:93:14:fe:35:90:aa:79:48:8f:d5:cb:98:fa:2d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2c:f0:8b:c0:a1:51:b6:73:bc:f1:6f:5c:93:
                    b9:40:57:3d:8c:17:01:00:76:11:81:a3:ef:23:e0:
                    e5:de:38:e4:97:f7:40:a1:2d:ed:32:e6:fe:5d:c4:
                    65:55:77:f3:92:97:b5:85:a3:92:07:ec:68:63:07:
                    41:ad:5b:7f:40:c1:4f:a3:39:d8:6e:21:2f:68:2f:
                    fb:b8:db:d0:46:50:fd:71:a6:90:7c:d8:56:b7:67:
                    df:4d:09:2f:8a:e6:a2:90:1d:33:0e:28:ec:68:d0:
                    29:8c:e5:8d:85:d7:5c:4b:cb:7e:3f:a3:b0:74:98:
                    38:d8:63:88:02:af:c3:05:84:5f:84:e8:0c:05:a9:
                    7b:cc:91:c2:76:82:b4:97:7f:67:ed:5d:91:b6:2d:
                    85:87:4f:f2:41:27:0c:e6:e0:35:74:25:e4:8f:82:
                    55:f9:b2:28:53:9d:54:dc:27:d8:15:c9:e4:27:61:
                    6e:2d:f2:8c:64:a0:56:2d:0a:e3:fd:b5:f0:c4:3b:
                    ae:82:aa:d7:58:f0:41:d1:81:e8:9b:84:44:0f:41:
                    87:41:ab:70:ad:ee:5c:04:0d:23:4e:3a:98:4f:28:
                    61:43:1b:3d:e8:91:7e:46:0a:62:42:2b:2e:c0:c5:
                    35:ed:94:a9:03:b0:c7:c9:66:37:74:ee:8d:5f:f8:
                    a4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:5D:0B:F3:7B:E6:36:01:E3:99:B8:0D:F3:36:F1:6A:ED:EA:92:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4321cb03-f4f3-4e9c-87f0-cc4fb6e1eabb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:96:93:39:d9:2c:03:0a:70:19:3a:bf:e1:c4:23:36:23:6a:
         7f:24:37:9e:61:d3:6c:cb:bf:aa:3e:c0:c7:c6:f3:1a:3b:a5:
         cb:c6:73:ca:c0:4c:9b:a0:51:bd:68:0e:c2:a1:82:f9:75:63:
         d8:6a:e3:9e:a7:d9:5f:c4:fd:48:d5:0b:36:ba:15:85:93:67:
         47:33:77:f3:a3:f8:ad:df:2b:48:af:d8:39:e5:ba:f0:02:45:
         13:70:8c:44:7d:a9:f2:de:a8:69:8c:4a:0b:48:c0:34:39:18:
         bd:2c:b7:a0:8e:5d:a6:0d:6d:e3:3c:21:c3:e7:92:45:6b:65:
         2f:11:fb:ca:84:39:e1:25:f2:b0:c5:05:02:72:29:98:3a:1d:
         43:6f:7c:d9:59:12:92:8c:c4:ac:13:56:b8:35:55:bb:fb:e8:
         3b:fc:ae:05:2a:7b:af:c8:6c:13:c2:ea:91:4c:72:09:da:c3:
         67:72:c7:45:1c:76:8c:76:bf:f1:08:f2:1b:9b:79:75:74:2a:
         90:71:b7:8d:cb:b4:77:2b:d0:bc:34:9b:01:3f:84:de:03:ba:
         50:78:81:b7:ce:bc:1f:0a:8e:48:53:d5:da:fc:7b:78:97:dc:
         7b:55:40:ea:f9:86:8e:a9:1d:a7:08:49:2d:2f:a0:58:12:4b:
         88:4e:e1:d4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKh6dej+TFP41kKp5SI/Vy5j6LX8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzYyNWMxMTdhZDA4NTZmZDRiMTU1YjgwOTkwYWI3ZjE5
ZmIxMDQ2ZjAxYjJhMjk1ZjMxZmRkNjY4ZjAzYzljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtLPCLwKFRtnO88W9ck7lAVz2MFwEAdhGBo+8j4OXeOOSX
90ChLe0y5v5dxGVVd/OSl7WFo5IH7GhjB0GtW39AwU+jOdhuIS9oL/u429BGUP1x
ppB82Fa3Z99NCS+K5qKQHTMOKOxo0CmM5Y2F11xLy34/o7B0mDjYY4gCr8MFhF+E
6AwFqXvMkcJ2grSXf2ftXZG2LYWHT/JBJwzm4DV0JeSPglX5sihTnVTcJ9gVyeQn
YW4t8oxkoFYtCuP9tfDEO66CqtdY8EHRgeibhEQPQYdBq3Ct7lwEDSNOOphPKGFD
Gz3okX5GCmJCKy7AxTXtlKkDsMfJZjd07o1f+KQHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwV0L83vmNgHjmbgN8zbxau3qkpcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzMjFjYjAzLWY0ZjMtNGU5Yy04N2YwLWNjNGZiNmUxZWFiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQRTANBgkqhkiG9w0BAQsFAAOCAQEAJ5aTOdksAwpwGTq/4cQjNiNqfyQ3
nmHTbMu/qj7Ax8bzGjuly8ZzysBMm6BRvWgOwqGC+XVj2GrjnqfZX8T9SNULNroV
hZNnRzN386P4rd8rSK/YOeW68AJFE3CMRH2p8t6oaYxKC0jANDkYvSy3oI5dpg1t
4zwhw+eSRWtlLxH7yoQ54SXysMUFAnIpmDodQ2982VkSkozErBNWuDVVu/voO/yu
BSp7r8hsE8LqkUxyCdrDZ3LHRRx2jHa/8QjyG5t5dXQqkHG3jcu0dyvQvDSbAT+E
3gO6UHiBt868HwqOSFPV2vx7eJfce1VA6vmGjqkdpwhJLS+gWBJLiE7h1A==
-----END CERTIFICATE-----