Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e4e777e-975c-4510-8293-acd763f2b337.roa
File:                     4e4e777e-975c-4510-8293-acd763f2b337.roa (raw, json)
Hash identifier:          sDRDO3dGnjEaCAwnUmnyrK6lQ1Hd8fWDKa8815X0lMw=
Subject key identifier:   59:4B:CB:17:07:DF:5E:DB:0E:D9:4B:C6:2E:07:AC:EB:33:00:5A:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BA2E2318819C23F3A236850F8234CBF9BCCC39F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e4e777e-975c-4510-8293-acd763f2b337.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.119.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a2:e2:31:88:19:c2:3f:3a:23:68:50:f8:23:4c:bf:9b:cc:c3:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:31:2d:e6:20:d5:2e:95:0d:cb:2c:72:49:ea:
                    c3:85:53:6b:9d:84:a0:45:fc:a7:a5:9a:88:8d:7f:
                    a9:55:1a:ba:9b:e1:2a:36:29:52:2f:c7:ca:34:51:
                    a4:80:7b:f5:bc:29:d6:b4:55:28:46:d9:2c:76:a3:
                    83:ef:a3:ad:9e:31:28:43:b4:0c:15:93:f8:98:4d:
                    9b:20:4c:2d:3d:68:82:88:48:30:c9:7e:d1:27:29:
                    ef:ac:6c:bf:12:f6:34:af:a7:75:00:9b:c4:b6:90:
                    af:3b:ae:5d:3b:33:cd:a8:59:14:25:fc:2c:e4:4d:
                    cf:76:c8:1a:b8:e8:e2:5d:0e:8e:b4:9c:ce:37:3c:
                    84:07:f0:8f:6e:06:97:6c:ec:a6:b1:67:99:d3:1f:
                    5d:bb:e5:97:d6:45:da:b1:0f:99:98:32:00:4e:21:
                    0a:f0:cd:2c:72:96:02:ba:cb:5e:1a:96:d1:9c:55:
                    11:ca:ae:99:de:56:85:d8:95:0c:15:f6:be:ab:d2:
                    86:7f:98:ac:45:07:3c:09:93:00:f6:f0:85:a4:18:
                    d5:70:83:06:b8:7f:29:22:26:8c:55:77:39:75:e5:
                    12:10:21:93:99:fd:34:85:ee:d9:5d:13:1a:a3:65:
                    a2:33:49:09:78:28:7a:be:9a:e0:c5:d6:2e:fc:41:
                    63:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4B:CB:17:07:DF:5E:DB:0E:D9:4B:C6:2E:07:AC:EB:33:00:5A:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e4e777e-975c-4510-8293-acd763f2b337.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.119.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         18:dc:2f:05:0c:a7:eb:e5:eb:9c:d9:c2:77:d4:d3:c4:86:34:
         67:ca:1f:25:19:44:52:e9:1c:6f:58:7d:54:da:78:b6:6f:89:
         b1:a1:9e:28:5a:8a:bd:bd:6a:52:25:a6:99:2f:f9:c1:d9:4f:
         a3:3b:3b:bb:09:7c:14:42:0b:4e:96:45:04:89:bd:59:7c:d8:
         5e:ff:85:c8:2d:d6:36:2f:83:87:a5:c4:80:5b:5f:13:a2:d5:
         f2:65:81:60:da:7a:8d:9b:96:e4:4f:52:f7:f3:7b:fb:44:67:
         81:bd:0c:7c:b9:35:98:2e:04:a4:46:5a:11:ef:77:b4:5d:93:
         c9:12:d8:f2:99:7c:cb:b2:19:48:68:39:71:47:ae:27:9f:90:
         85:b8:54:57:16:83:e0:1e:a1:fc:3b:4f:be:18:d6:51:30:04:
         45:a2:ec:e1:e0:10:15:cd:39:a6:46:21:40:f7:df:bc:e8:44:
         c7:5b:99:35:6c:93:9d:e4:eb:da:1d:e9:04:ff:d5:49:2c:65:
         9f:df:fe:32:7f:9a:7b:df:ee:ff:1e:cc:c7:1b:d8:99:3b:e7:
         c5:21:f6:43:40:17:d0:bb:69:07:5b:b9:1b:3f:94:e4:82:ec:
         c2:17:12:d1:28:7d:e0:54:89:0f:c6:d5:5a:44:6c:0a:e4:7f:
         90:1d:62:50
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUC6LiMYgZwj86I2hQ+CNMv5vMw58wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTgzYjg2NTVkYTUyZDg5YjZjZTk4NjlhMDU3MjllMWVl
NjdkOTFhZGIwYTY3NWFkNDc1ZTdhYTEyMWQ2YTRlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1MS3mINUulQ3LLHJJ6sOFU2udhKBF/KelmoiNf6lVGrqb
4So2KVIvx8o0UaSAe/W8Kda0VShG2Sx2o4Pvo62eMShDtAwVk/iYTZsgTC09aIKI
SDDJftEnKe+sbL8S9jSvp3UAm8S2kK87rl07M82oWRQl/CzkTc92yBq46OJdDo60
nM43PIQH8I9uBpds7KaxZ5nTH1275ZfWRdqxD5mYMgBOIQrwzSxylgK6y14altGc
VRHKrpneVoXYlQwV9r6r0oZ/mKxFBzwJkwD28IWkGNVwgwa4fykiJoxVdzl15RIQ
IZOZ/TSF7tldExqjZaIzSQl4KHq+muDF1i78QWNvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWUvLFwffXtsO2UvGLges6zMAWiMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRlNGU3NzdlLTk3NWMtNDUxMC04MjkzLWFjZDc2M2YyYjMzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdzANBgkqhkiG9w0BAQsFAAOCAQEAGNwvBQyn6+XrnNnCd9TTxIY0Z8of
JRlEUukcb1h9VNp4tm+JsaGeKFqKvb1qUiWmmS/5wdlPozs7uwl8FEILTpZFBIm9
WXzYXv+FyC3WNi+Dh6XEgFtfE6LV8mWBYNp6jZuW5E9S9/N7+0Rngb0MfLk1mC4E
pEZaEe93tF2TyRLY8pl8y7IZSGg5cUeuJ5+QhbhUVxaD4B6h/DtPvhjWUTAERaLs
4eAQFc05pkYhQPffvOhEx1uZNWyTneTr2h3pBP/VSSxln9/+Mn+ae9/u/x7MxxvY
mTvnxSH2Q0AX0LtpB1u5Gz+U5ILswhcS0Sh94FSJD8bVWkRsCuR/kB1iUA==
-----END CERTIFICATE-----