Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faea040-33a3-4f29-a8da-c7c7fba2abe9.roa
File:                     6faea040-33a3-4f29-a8da-c7c7fba2abe9.roa (raw, json)
Hash identifier:          4grco1joeqY9nsXAa7peC5gwr+m99OB9wr1doXsXcs8=
Subject key identifier:   0C:99:02:8E:6E:89:C4:AB:C6:2F:8B:2C:15:25:2F:BC:40:23:14:0E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6253B0DE556F369438C93002D875267099EF1414
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faea040-33a3-4f29-a8da-c7c7fba2abe9.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.184.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:53:b0:de:55:6f:36:94:38:c9:30:02:d8:75:26:70:99:ef:14:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: serialNumber=83a44ddb2d53f8f20f1e2bd03536ee1a7aa64a945d507e9c5992b93512a1121f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cc:90:c5:ff:61:4b:f3:86:c6:c6:89:f3:ae:
                    70:c2:7a:a7:d7:4c:dc:e5:95:17:a8:8e:e1:38:a5:
                    cc:33:47:22:b9:db:e6:dd:1c:74:9e:44:24:73:34:
                    ea:96:67:7e:2b:82:18:32:fd:f3:3c:eb:29:1f:38:
                    87:df:01:5f:63:4a:1b:71:97:62:ff:41:28:9d:46:
                    74:28:9e:c0:1d:92:f2:e7:1a:12:a6:79:6f:0c:a5:
                    cf:df:61:4a:04:71:51:b9:aa:8d:07:3d:64:d4:f9:
                    55:55:ab:2f:91:41:2c:6e:d6:80:b7:c5:16:66:3e:
                    09:a1:0f:27:d7:63:5a:bc:26:56:c7:a2:e9:c5:fe:
                    0f:52:a7:49:b5:ad:d3:5e:46:79:62:28:22:4e:fb:
                    e3:49:6e:c1:9f:d4:89:14:34:bc:ec:13:b9:ff:53:
                    2c:f4:52:89:d1:87:ae:ae:26:a9:87:9f:ac:bf:64:
                    12:54:9a:22:65:a5:8e:10:34:33:d4:92:35:8c:4a:
                    1d:12:07:b7:02:3c:2f:7b:b0:41:66:26:62:dc:3e:
                    d3:0e:86:80:ec:55:6b:1c:8d:67:5a:73:dd:58:61:
                    54:bf:48:e0:f0:d7:e2:23:50:17:a2:ac:2a:f7:0d:
                    53:8f:4b:f1:7a:32:18:bc:1f:b7:1d:ec:a6:55:3e:
                    7d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:99:02:8E:6E:89:C4:AB:C6:2F:8B:2C:15:25:2F:BC:40:23:14:0E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6faea040-33a3-4f29-a8da-c7c7fba2abe9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.184.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         05:17:4c:e9:e8:15:0a:71:10:04:09:06:24:63:48:16:4d:28:
         fb:d6:73:51:d4:1b:73:e6:31:9b:a0:01:46:29:69:4b:95:2a:
         9d:4d:10:e0:9e:2d:48:44:5d:db:72:d6:e1:8f:3e:e4:24:75:
         37:6e:c5:51:92:d6:31:5a:2f:02:2e:ea:71:f7:77:24:d4:55:
         8c:89:1d:75:5e:b6:1e:58:a9:ae:d1:0f:d7:82:ea:8b:ed:d8:
         f2:ae:65:1b:c4:3d:a4:e4:b0:1d:69:e9:5d:82:d4:2c:df:94:
         0b:47:98:79:cd:22:5b:f9:8c:63:a5:58:c5:04:37:ce:d5:7a:
         75:0f:f1:b7:2a:0b:5a:64:fe:95:57:0c:eb:35:a3:f9:06:e6:
         07:53:dc:da:9c:c6:4e:1e:bf:96:95:e0:53:08:81:1c:6a:e9:
         e4:21:93:85:a8:bb:a2:e3:a3:0f:29:0d:cb:ae:12:42:2d:32:
         36:af:55:47:d9:43:d6:71:ea:a0:fa:07:46:a3:1d:2e:e1:bc:
         da:0b:33:fa:6f:31:8b:30:ff:69:fd:ce:c7:de:b8:db:ce:54:
         40:47:74:20:5d:02:7a:38:39:9b:20:16:a5:b7:a2:02:5b:6e:
         99:bb:fd:a5:e9:29:cd:c8:ab:23:b1:99:07:cf:fc:44:48:eb:
         e2:d5:63:e1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYlOw3lVvNpQ4yTAC2HUmcJnvFBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A4M2E0NGRkYjJkNTNmOGYyMGYxZTJiZDAzNTM2ZWUxYTdh
YTY0YTk0NWQ1MDdlOWM1OTkyYjkzNTEyYTExMjFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuzJDF/2FL84bGxonzrnDCeqfXTNzllReojuE4pcwzRyK5
2+bdHHSeRCRzNOqWZ34rghgy/fM86ykfOIffAV9jShtxl2L/QSidRnQonsAdkvLn
GhKmeW8Mpc/fYUoEcVG5qo0HPWTU+VVVqy+RQSxu1oC3xRZmPgmhDyfXY1q8JlbH
ounF/g9Sp0m1rdNeRnliKCJO++NJbsGf1IkUNLzsE7n/Uyz0UonRh66uJqmHn6y/
ZBJUmiJlpY4QNDPUkjWMSh0SB7cCPC97sEFmJmLcPtMOhoDsVWscjWdac91YYVS/
SODw1+IjUBeirCr3DVOPS/F6Mhi8H7cd7KZVPn1HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUDJkCjm6JxKvGL4ssFSUvvEAjFA4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZmYWVhMDQwLTMzYTMtNGYyOS1hOGRhLWM3YzdmYmEyYWJlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQuDANBgkqhkiG9w0BAQsFAAOCAQEABRdM6egVCnEQBAkGJGNIFk0o+9Zz
UdQbc+Yxm6ABRilpS5UqnU0Q4J4tSERd23LW4Y8+5CR1N27FUZLWMVovAi7qcfd3
JNRVjIkddV62HliprtEP14Lqi+3Y8q5lG8Q9pOSwHWnpXYLULN+UC0eYec0iW/mM
Y6VYxQQ3ztV6dQ/xtyoLWmT+lVcM6zWj+QbmB1Pc2pzGTh6/lpXgUwiBHGrp5CGT
hai7ouOjDykNy64SQi0yNq9VR9lD1nHqoPoHRqMdLuG82gsz+m8xizD/af3Ox964
285UQEd0IF0Cejg5myAWpbeiAltumbv9pekpzcirI7GZB8/8REjr4tVj4Q==
-----END CERTIFICATE-----