Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74e7008f-a85b-4c1f-bd1f-953472f2542b.roa
File:                     74e7008f-a85b-4c1f-bd1f-953472f2542b.roa (raw, json)
Hash identifier:          YPqng6eoxET7G5lT1y4vpP+/Z5Og0MO2wekewiIVT4w=
Subject key identifier:   42:2B:BE:F6:43:33:AC:04:6C:C0:B9:0E:59:B7:E1:0B:71:11:39:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       306F6DDB274F4F6ED2DE1C52FFAD3C32DB39A7E6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74e7008f-a85b-4c1f-bd1f-953472f2542b.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.12.68.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:6f:6d:db:27:4f:4f:6e:d2:de:1c:52:ff:ad:3c:32:db:39:a7:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=9abf286275ecc9518d3f308f6fb9aa2b03ee139bb55083db9a1b87a6d6d4be6e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:1f:93:d5:f1:5f:73:2b:44:c6:3c:cb:fc:aa:
                    61:20:74:40:e8:36:83:df:81:a8:b8:11:27:35:03:
                    48:dc:b0:2e:f7:b7:40:c4:a0:fc:1f:31:e5:79:bc:
                    84:2f:81:5a:ed:66:eb:3a:14:10:f1:d7:07:e4:3c:
                    9c:89:70:21:ef:3b:c1:5b:70:c7:f9:e9:1e:2d:a3:
                    ca:eb:08:94:d3:8c:b6:1d:41:4a:21:fa:76:56:ae:
                    40:a9:e1:31:08:35:0e:f5:bd:bd:13:e4:7e:c8:0f:
                    a8:63:5d:28:36:1b:c1:c4:75:03:a3:ec:03:c3:ec:
                    50:96:ab:49:39:f2:dc:8b:b3:e7:83:cd:89:c7:bf:
                    df:77:6b:df:f7:bd:d8:36:5f:5e:f9:99:b0:f8:d0:
                    78:31:67:ce:35:47:c0:83:05:1e:69:36:f8:ff:dd:
                    ec:89:d1:e2:86:c9:01:b4:2d:39:55:f6:3f:b7:a7:
                    23:9e:8c:34:e7:28:71:63:c6:82:68:00:eb:64:b5:
                    4e:b0:82:6c:0e:96:ca:99:38:20:dd:f9:ce:45:91:
                    33:56:66:93:b1:76:5e:46:be:96:82:d1:95:62:13:
                    21:60:e0:48:32:9b:b2:6c:d2:79:a3:3e:6a:9e:82:
                    82:4d:de:73:65:d4:38:b2:a3:55:fd:d6:b5:54:e7:
                    9f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:2B:BE:F6:43:33:AC:04:6C:C0:B9:0E:59:B7:E1:0B:71:11:39:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/74e7008f-a85b-4c1f-bd1f-953472f2542b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.12.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:e9:57:6e:28:9c:1e:82:72:dd:fa:80:8c:12:2b:07:8f:a6:
         e2:d0:84:fb:77:61:cd:29:76:10:a3:d4:71:88:ad:52:7a:c5:
         57:5b:0a:62:cf:e4:c8:36:c1:6c:4f:81:17:f7:f2:8b:05:75:
         6c:e2:14:ba:e6:aa:1a:04:a9:d1:9c:74:73:0c:11:0d:81:78:
         91:b1:6e:fa:c3:2b:3f:47:e1:b6:e1:f9:cb:06:6d:e7:71:81:
         bb:81:b2:bf:21:9e:6d:4b:35:5f:f9:6a:07:bb:37:73:f4:d0:
         bd:13:5d:21:1e:c1:e7:5b:52:d5:39:77:fe:69:eb:b7:35:32:
         70:f5:41:44:8c:c5:c4:76:ed:a1:f4:6f:56:8e:71:3f:cd:f3:
         6a:38:3f:25:6b:df:d3:ef:1f:d8:f2:a9:a2:30:8a:96:eb:1d:
         22:86:a7:b5:0a:63:2a:7a:f4:7c:f8:3d:02:3f:7f:52:52:52:
         88:6a:df:98:b6:96:b0:da:6e:93:89:f2:ce:57:aa:21:45:4c:
         d1:78:ae:6e:13:e8:ea:24:09:e4:7f:d9:73:50:93:05:5c:48:
         4a:77:e8:ad:d6:5c:95:59:c5:99:8e:2c:dd:6c:7f:66:47:18:
         d8:ce:94:46:56:05:25:52:8a:b6:73:19:e3:ce:fd:16:62:c3:
         46:db:98:35
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMG9t2ydPT27S3hxS/608Mts5p+YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YWJmMjg2Mjc1ZWNjOTUxOGQzZjMwOGY2ZmI5YWEyYjAz
ZWUxMzliYjU1MDgzZGI5YTFiODdhNmQ2ZDRiZTZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoH5PV8V9zK0TGPMv8qmEgdEDoNoPfgai4ESc1A0jcsC73
t0DEoPwfMeV5vIQvgVrtZus6FBDx1wfkPJyJcCHvO8FbcMf56R4to8rrCJTTjLYd
QUoh+nZWrkCp4TEINQ71vb0T5H7ID6hjXSg2G8HEdQOj7APD7FCWq0k58tyLs+eD
zYnHv993a9/3vdg2X175mbD40HgxZ841R8CDBR5pNvj/3eyJ0eKGyQG0LTlV9j+3
pyOejDTnKHFjxoJoAOtktU6wgmwOlsqZOCDd+c5FkTNWZpOxdl5GvpaC0ZViEyFg
4Egym7Js0nmjPmqegoJN3nNl1Diyo1X91rVU559TAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQiu+9kMzrARswLkOWbfhC3EROcIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc0ZTcwMDhmLWE4NWItNGMxZi1iZDFmLTk1MzQ3MmYyNTQyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEQDEQwDQYJKoZIhvcNAQELBQADggEBAI3pV24onB6Cct36gIwSKwePpuLQ
hPt3Yc0pdhCj1HGIrVJ6xVdbCmLP5Mg2wWxPgRf38osFdWziFLrmqhoEqdGcdHMM
EQ2BeJGxbvrDKz9H4bbh+csGbedxgbuBsr8hnm1LNV/5age7N3P00L0TXSEewedb
UtU5d/5p67c1MnD1QUSMxcR27aH0b1aOcT/N82o4PyVr39PvH9jyqaIwipbrHSKG
p7UKYyp69Hz4PQI/f1JSUohq35i2lrDabpOJ8s5XqiFFTNF4rm4T6OokCeR/2XNQ
kwVcSEp36K3WXJVZxZmOLN1sf2ZHGNjOlEZWBSVSirZzGePO/RZiw0bbmDU=
-----END CERTIFICATE-----