Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/571fdf41-1c8b-48c7-a7af-e30f0a6a6adc.roa
File:                     571fdf41-1c8b-48c7-a7af-e30f0a6a6adc.roa (raw, json)
Hash identifier:          kfDiBkO+GfkDj5vN5K7sB6hRY8FF/sjERs8gCiWtkek=
Subject key identifier:   7E:27:36:4F:F3:AA:68:89:C0:F5:19:93:94:6D:54:77:5F:C6:6D:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72279BF7AC10D98A97532D80E166F72CF4283D13
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/571fdf41-1c8b-48c7-a7af-e30f0a6a6adc.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.156.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:27:9b:f7:ac:10:d9:8a:97:53:2d:80:e1:66:f7:2c:f4:28:3d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:f2:ec:6d:0a:20:d6:fa:c6:09:ce:0b:1e:1d:
                    71:57:91:e5:97:9d:d8:55:6f:31:ba:e8:19:0d:0c:
                    14:b0:68:a2:6b:6e:54:1d:0b:0d:6e:61:00:d6:a2:
                    8b:4d:5f:e4:08:31:f7:ac:a1:bc:34:64:f9:7e:f0:
                    0b:0b:12:19:9d:90:a2:56:9f:fe:4c:8e:ff:39:6c:
                    46:f2:71:ea:35:45:1a:88:fc:a1:9c:62:8c:c6:c5:
                    73:8d:06:41:b5:26:eb:2a:6a:b2:f9:aa:0d:5e:3f:
                    64:70:6b:21:77:1a:f2:0e:6e:f6:92:c5:ef:dd:98:
                    87:b9:11:e3:39:a0:8c:aa:d4:55:26:24:1b:58:1a:
                    cf:97:78:df:93:46:4d:d4:36:90:58:85:35:5d:dd:
                    cd:e2:66:22:c6:f2:10:82:e3:b2:19:69:43:10:d9:
                    2c:97:4b:c2:6d:0a:cc:48:2a:23:bb:3c:63:ea:be:
                    86:3d:7c:cb:27:9b:6a:3c:31:33:e0:c2:d6:b7:75:
                    c9:5a:b4:f2:b9:e0:69:e3:41:ca:55:02:9b:59:4f:
                    db:4a:3a:ce:d8:b3:8e:4d:be:c0:17:15:a1:1b:13:
                    82:18:95:3a:52:2e:34:62:8e:df:69:be:34:44:cd:
                    2d:45:18:5e:5b:08:e8:72:90:43:57:9c:1c:25:6a:
                    a8:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:27:36:4F:F3:AA:68:89:C0:F5:19:93:94:6D:54:77:5F:C6:6D:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/571fdf41-1c8b-48c7-a7af-e30f0a6a6adc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.156.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5b:42:34:c8:1b:03:7a:75:53:cf:de:e3:a6:df:19:ae:e4:9a:
         1c:d5:ca:91:c2:f4:56:b5:14:08:99:54:30:ea:31:d1:89:98:
         a1:01:f8:5a:9c:7c:65:6d:23:5b:0e:fc:e9:3b:79:cf:5e:66:
         73:3c:90:5e:b9:76:94:32:91:0e:38:7b:53:e8:04:f2:ac:8a:
         0b:ce:29:1e:4b:36:38:eb:bb:7b:d5:85:ea:9a:b8:dc:cd:ef:
         5a:98:30:7b:30:ad:eb:17:f3:98:4f:70:43:60:be:4f:a6:6a:
         37:c2:88:44:da:49:34:e6:f3:39:0c:23:6f:db:05:37:48:e4:
         01:1c:88:ae:b0:59:b9:39:de:89:0c:34:62:cf:9e:65:51:8c:
         13:22:fa:b2:f8:78:5b:3d:fd:bf:c9:4e:a0:19:6b:33:ed:84:
         bc:8b:c6:f9:f0:72:7e:e7:cf:b2:68:33:28:bc:b7:ad:0a:96:
         11:1d:a2:bd:63:35:57:8f:08:ba:8b:f9:1d:2e:d8:95:a8:ce:
         97:1e:19:cc:a4:e8:e4:9b:84:61:3d:65:de:ab:d7:9a:33:89:
         4b:e6:34:c0:e0:3d:5f:84:65:01:a4:0d:0b:2e:bc:cd:c5:b2:
         b3:e3:34:2a:0b:25:93:c0:bd:35:a0:68:a1:bb:2a:1f:af:00:
         f5:f9:0a:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcieb96wQ2YqXUy2A4Wb3LPQoPRMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWRhZmVlYWY1MzVlMjA1YjRmMGUyMDQxYWE5YjRjZDk5
OTdkOTMwN2I2Y2FhMzkwMmMzMTUzYTBmNzJkNGFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDi8uxtCiDW+sYJzgseHXFXkeWXndhVbzG66BkNDBSwaKJr
blQdCw1uYQDWootNX+QIMfesobw0ZPl+8AsLEhmdkKJWn/5Mjv85bEbyceo1RRqI
/KGcYozGxXONBkG1JusqarL5qg1eP2RwayF3GvIObvaSxe/dmIe5EeM5oIyq1FUm
JBtYGs+XeN+TRk3UNpBYhTVd3c3iZiLG8hCC47IZaUMQ2SyXS8JtCsxIKiO7PGPq
voY9fMsnm2o8MTPgwta3dclatPK54GnjQcpVAptZT9tKOs7Ys45NvsAXFaEbE4IY
lTpSLjRijt9pvjREzS1FGF5bCOhykENXnBwlaqjPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfic2T/OqaInA9RmTlG1Ud1/GbYAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU3MWZkZjQxLTFjOGItNDhjNy1hN2FmLWUzMGYwYTZhNmFkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQnDANBgkqhkiG9w0BAQsFAAOCAQEAW0I0yBsDenVTz97jpt8ZruSaHNXK
kcL0VrUUCJlUMOox0YmYoQH4Wpx8ZW0jWw786Tt5z15mczyQXrl2lDKRDjh7U+gE
8qyKC84pHks2OOu7e9WF6pq43M3vWpgwezCt6xfzmE9wQ2C+T6ZqN8KIRNpJNObz
OQwjb9sFN0jkARyIrrBZuTneiQw0Ys+eZVGMEyL6svh4Wz39v8lOoBlrM+2EvIvG
+fByfufPsmgzKLy3rQqWER2ivWM1V48Iuov5HS7YlajOlx4ZzKTo5JuEYT1l3qvX
mjOJS+Y0wOA9X4RlAaQNCy68zcWys+M0Kgslk8C9NaBoobsqH68A9fkKLw==
-----END CERTIFICATE-----