Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4bbc6105-b3a1-4200-b600-848f4f9328ca.roa
File:                     4bbc6105-b3a1-4200-b600-848f4f9328ca.roa (raw, json)
Hash identifier:          kCRCjgktg+zsI3QyFoVyhntEEWoOyQTxccYJecd+Q5M=
Subject key identifier:   9E:42:EA:80:1C:F1:F4:99:C2:21:33:F4:49:4B:D8:EF:A9:EC:6F:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B86F7A6D896C5BA6654CFD3E64064643DB41A99
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4bbc6105-b3a1-4200-b600-848f4f9328ca.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.15.12.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:86:f7:a6:d8:96:c5:ba:66:54:cf:d3:e6:40:64:64:3d:b4:1a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: serialNumber=78d18138af3be40b2d02ecfa1329114e1cf92eb3fcc51ae6ef040bc5b949eb6b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bd:24:01:d8:7a:43:36:92:ee:16:7e:e0:f7:
                    80:89:b4:32:5b:fe:10:12:ca:ad:9b:9c:cf:f0:43:
                    17:d8:72:e3:5a:e4:8b:19:15:77:33:fd:ef:0f:86:
                    5e:cd:8d:f6:25:e6:75:e4:30:c6:dd:e2:1e:35:74:
                    54:a6:c4:7e:cf:99:32:94:ff:df:85:3e:c7:ee:7f:
                    7f:b1:a6:33:3e:76:59:66:39:71:22:83:45:cb:7f:
                    99:21:90:41:05:36:1c:08:e6:6a:68:f3:cf:8e:8a:
                    4f:a8:7a:18:4d:b8:5d:c0:9f:b3:d7:71:64:15:3b:
                    78:78:e7:a4:f0:f5:56:53:56:5a:4f:69:40:8b:00:
                    11:55:88:68:28:df:ca:81:b2:7e:4f:c6:da:03:22:
                    af:38:a5:54:e8:58:dc:09:bf:b5:5b:97:e7:9c:d2:
                    37:13:e3:17:56:4d:67:5f:b7:69:62:52:8a:9c:8b:
                    31:ec:74:5c:5d:ea:f2:74:cb:ac:16:70:75:42:e9:
                    3d:95:43:06:79:4f:fa:ae:2d:60:d8:2c:f7:a7:fe:
                    92:ce:a9:75:b0:bb:7e:66:7f:1c:20:4a:bd:b1:94:
                    44:d2:a8:d3:4b:09:48:68:de:a5:e3:cd:9e:25:bb:
                    42:04:1a:d9:af:53:b2:ec:0f:45:1c:10:c1:d1:a4:
                    fb:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:42:EA:80:1C:F1:F4:99:C2:21:33:F4:49:4B:D8:EF:A9:EC:6F:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4bbc6105-b3a1-4200-b600-848f4f9328ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.15.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b4:19:01:d9:6c:11:51:aa:83:b4:c9:af:b4:49:8b:27:20:83:
         5f:00:9d:9e:de:7a:bc:b5:57:44:6f:0e:bf:d8:d4:03:dd:64:
         05:08:ae:5f:1f:ea:c0:e3:1e:58:b5:c2:54:33:05:b0:8d:0e:
         59:24:2b:c1:01:7a:2d:f7:cb:ed:2c:58:7b:dc:61:ee:b3:ce:
         11:b1:57:d2:03:30:81:fd:a5:9b:76:da:99:93:d7:c9:ab:db:
         38:80:35:16:72:05:6e:7e:58:af:d2:fd:97:1b:d6:f6:94:61:
         1c:48:18:e8:0b:b2:e4:f3:05:62:b0:d3:f8:0c:7a:f4:58:c9:
         80:67:5c:40:06:f4:cd:2c:db:e5:05:2f:1d:86:3a:bb:27:c7:
         8d:da:da:7e:89:c3:be:02:e3:70:68:e6:09:aa:92:36:8d:b9:
         63:f9:cd:e1:10:70:ba:18:93:58:c5:28:45:c9:4c:5f:c1:2e:
         d6:af:38:c3:a3:ac:6e:d8:f5:8d:67:5a:8e:a7:a1:19:e2:11:
         cd:f1:b5:30:ac:70:64:1a:6d:ad:41:05:e3:d6:3b:6c:65:0f:
         ce:66:a8:98:71:4b:97:92:31:6e:b9:88:b9:73:5e:97:4b:f2:
         5c:ea:47:c7:80:8c:1e:b9:f7:94:21:82:e3:1e:fc:fe:a0:06:
         c4:06:19:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW4b3ptiWxbpmVM/T5kBkZD20GpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGQxODEzOGFmM2JlNDBiMmQwMmVjZmExMzI5MTE0ZTFj
ZjkyZWIzZmNjNTFhZTZlZjA0MGJjNWI5NDllYjZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTvSQB2HpDNpLuFn7g94CJtDJb/hASyq2bnM/wQxfYcuNa
5IsZFXcz/e8Phl7NjfYl5nXkMMbd4h41dFSmxH7PmTKU/9+FPsfuf3+xpjM+dllm
OXEig0XLf5khkEEFNhwI5mpo88+Oik+oehhNuF3An7PXcWQVO3h456Tw9VZTVlpP
aUCLABFViGgo38qBsn5PxtoDIq84pVToWNwJv7Vbl+ec0jcT4xdWTWdft2liUoqc
izHsdFxd6vJ0y6wWcHVC6T2VQwZ5T/quLWDYLPen/pLOqXWwu35mfxwgSr2xlETS
qNNLCUho3qXjzZ4lu0IEGtmvU7LsD0UcEMHRpPt5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnkLqgBzx9JnCITP0SUvY76nsb38wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRiYmM2MTA1LWIzYTEtNDIwMC1iNjAwLTg0OGY0ZjkzMjhjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEQDwwwDQYJKoZIhvcNAQELBQADggEBALQZAdlsEVGqg7TJr7RJiycgg18A
nZ7eery1V0RvDr/Y1APdZAUIrl8f6sDjHli1wlQzBbCNDlkkK8EBei33y+0sWHvc
Ye6zzhGxV9IDMIH9pZt22pmT18mr2ziANRZyBW5+WK/S/Zcb1vaUYRxIGOgLsuTz
BWKw0/gMevRYyYBnXEAG9M0s2+UFLx2GOrsnx43a2n6Jw74C43Bo5gmqkjaNuWP5
zeEQcLoYk1jFKEXJTF/BLtavOMOjrG7Y9Y1nWo6noRniEc3xtTCscGQaba1BBePW
O2xlD85mqJhxS5eSMW65iLlzXpdL8lzqR8eAjB6595QhguMe/P6gBsQGGY4=
-----END CERTIFICATE-----