Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71de7f77-a645-4f02-8a8c-f7f465b4aa48.roa
File:                     71de7f77-a645-4f02-8a8c-f7f465b4aa48.roa (raw, json)
Hash identifier:          jzwRtev+5JWM+Y5vVQfqt+RI0P5BW6mGIZyXsLcjm7E=
Subject key identifier:   84:FF:65:C7:C4:25:4B:CB:2D:3D:BD:C2:0C:23:A8:6E:87:D0:76:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6B8E544317484F0CCD45A38CE707DC05F8DB5A61
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71de7f77-a645-4f02-8a8c-f7f465b4aa48.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.73.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:8e:54:43:17:48:4f:0c:cd:45:a3:8c:e7:07:dc:05:f8:db:5a:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ad:0a:ab:6e:4b:66:5a:d7:94:ba:6a:1e:50:
                    05:69:b6:bf:71:c3:2f:be:24:45:6b:c5:a3:ec:56:
                    21:1c:c9:ff:fb:d5:4a:d5:1b:54:ff:3b:96:20:bf:
                    92:2c:72:87:17:c6:0f:07:0d:bd:10:2c:b6:6f:ea:
                    d4:ff:06:0c:e6:5a:3f:67:0e:0e:97:4b:bb:a1:20:
                    6a:2d:f5:b9:b0:08:90:2a:37:77:b6:2d:00:bc:1a:
                    f3:2a:bf:0c:3f:9f:96:41:a6:98:25:49:57:0b:4e:
                    24:9d:e2:50:6c:d2:df:83:b5:55:94:85:48:f8:6a:
                    e2:9f:d9:98:d3:10:41:2a:60:6c:fe:a1:1e:e6:38:
                    dc:40:6e:d5:0a:6d:3e:e9:b8:f9:a7:24:ed:9f:9a:
                    e5:e8:f3:3e:14:73:ac:b4:c5:f3:74:88:d7:ec:11:
                    41:9f:85:d8:93:1c:74:e9:dc:49:42:f3:0a:71:20:
                    98:2b:bd:b3:41:d6:76:3a:2a:d1:c3:11:b4:38:f5:
                    4c:e8:f0:00:7d:99:20:51:7e:1e:55:38:66:b8:9c:
                    1b:69:f8:81:92:d3:ef:c6:5a:67:37:55:53:f0:df:
                    a8:83:5e:75:f8:86:ff:28:14:e7:29:0b:57:4a:71:
                    09:f9:ff:ba:f3:0b:01:d9:c6:c6:3a:bc:b2:e5:3b:
                    da:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:FF:65:C7:C4:25:4B:CB:2D:3D:BD:C2:0C:23:A8:6E:87:D0:76:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/71de7f77-a645-4f02-8a8c-f7f465b4aa48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:71:37:59:9d:c8:75:af:32:34:3b:cf:63:9c:40:72:62:03:
         80:dc:15:b9:41:0f:08:14:83:7e:d9:04:5a:63:d2:dc:34:0c:
         ea:17:fb:01:7a:65:9c:ff:dc:d8:9b:a0:7e:e0:e7:bf:9c:1a:
         d9:07:a0:23:48:23:e5:c0:34:b1:ba:ac:08:07:ac:da:f8:2b:
         b9:4d:da:39:c2:0c:ce:d9:46:49:63:95:65:db:fa:d4:16:e2:
         bd:ba:bc:b0:0d:90:fd:91:14:f7:67:aa:a5:4c:8f:37:3a:27:
         10:b2:7b:9c:96:0f:1d:ec:3c:da:24:07:0a:ba:38:4c:a3:e5:
         45:46:be:87:ae:2a:83:6a:51:36:97:9a:51:b6:f9:f9:ce:7e:
         dc:d1:f4:64:d4:64:48:7c:16:c2:b9:fe:f7:87:46:13:93:62:
         b1:d2:0e:a0:d9:d9:de:9e:91:fc:2d:a7:c0:85:28:4b:cd:07:
         7a:c7:fa:19:a3:aa:56:95:2a:17:30:90:3c:6b:71:f1:67:e9:
         3c:66:a5:0d:54:5f:61:f0:45:b1:32:46:84:45:e4:fb:21:c1:
         dd:56:86:fd:9a:5c:fc:ae:fd:be:c5:5e:f7:f9:2f:56:b9:31:
         12:2d:f5:cf:ba:d5:99:98:60:2e:b4:c6:31:e3:9f:4a:91:bd:
         69:80:e8:c4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUa45UQxdITwzNRaOM5wfcBfjbWmEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhODRhMzdkODUxYjU5ZTI0OTgxYjM2YTU4ZTBiMDhjZDU3
M2FmZmQ2ZmM1MDk2MTM1YzVlMjA5MzVjZDVjNmQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCurQqrbktmWteUumoeUAVptr9xwy++JEVrxaPsViEcyf/7
1UrVG1T/O5Ygv5IscocXxg8HDb0QLLZv6tT/BgzmWj9nDg6XS7uhIGot9bmwCJAq
N3e2LQC8GvMqvww/n5ZBppglSVcLTiSd4lBs0t+DtVWUhUj4auKf2ZjTEEEqYGz+
oR7mONxAbtUKbT7puPmnJO2fmuXo8z4Uc6y0xfN0iNfsEUGfhdiTHHTp3ElC8wpx
IJgrvbNB1nY6KtHDEbQ49Uzo8AB9mSBRfh5VOGa4nBtp+IGS0+/GWmc3VVPw36iD
XnX4hv8oFOcpC1dKcQn5/7rzCwHZxsY6vLLlO9pTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUhP9lx8QlS8stPb3CDCOobofQdigwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcxZGU3Zjc3LWE2NDUtNGYwMi04YThjLWY3ZjQ2NWI0YWE0OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQSTANBgkqhkiG9w0BAQsFAAOCAQEAdnE3WZ3Ida8yNDvPY5xAcmIDgNwV
uUEPCBSDftkEWmPS3DQM6hf7AXplnP/c2JugfuDnv5wa2QegI0gj5cA0sbqsCAes
2vgruU3aOcIMztlGSWOVZdv61Bbivbq8sA2Q/ZEU92eqpUyPNzonELJ7nJYPHew8
2iQHCro4TKPlRUa+h64qg2pRNpeaUbb5+c5+3NH0ZNRkSHwWwrn+94dGE5NisdIO
oNnZ3p6R/C2nwIUoS80Hesf6GaOqVpUqFzCQPGtx8WfpPGalDVRfYfBFsTJGhEXk
+yHB3VaG/Zpc/K79vsVe9/kvVrkxEi31z7rVmZhgLrTGMeOfSpG9aYDoxA==
-----END CERTIFICATE-----