Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82efbcd9-2a68-4d1d-9f53-e9b0ab42e655.roa
File:                     82efbcd9-2a68-4d1d-9f53-e9b0ab42e655.roa (raw, json)
Hash identifier:          c8t7bTfwGC3igSanjKIr+DQoX8ZG+cSoNNK0vyWJcSU=
Subject key identifier:   76:70:06:2E:DF:0F:D2:02:23:39:01:8F:15:86:C5:0F:31:39:8C:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0BD57D246CFD3CF92FC54856316F049113D77466
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82efbcd9-2a68-4d1d-9f53-e9b0ab42e655.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.128.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:d5:7d:24:6c:fd:3c:f9:2f:c5:48:56:31:6f:04:91:13:d7:74:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:74:e5:71:d5:e7:e2:01:be:23:ae:66:be:c8:
                    8c:78:28:00:28:4d:9a:53:49:ef:ea:82:a7:f4:b9:
                    14:ac:8d:bf:ea:31:f6:21:9e:49:7b:87:d6:ee:7b:
                    af:4a:a2:0e:fa:0d:50:5a:7f:a5:11:a4:4d:4c:77:
                    1a:50:70:76:f4:49:69:2e:2c:0a:1b:ea:b1:88:c0:
                    1d:76:cb:26:b3:bd:f7:e8:4e:f3:31:3f:6c:0f:07:
                    03:04:88:0b:37:71:4c:9e:2f:62:d0:60:d8:90:e6:
                    33:9d:ba:81:92:46:26:60:31:5e:ce:e5:56:b5:80:
                    1c:db:f1:27:13:f0:29:65:31:3d:37:32:7c:36:4b:
                    20:50:c8:d9:32:31:c9:e7:01:76:5e:94:80:9e:9f:
                    f6:22:5d:4d:2b:7b:86:82:23:e7:05:48:66:51:f4:
                    15:73:18:61:a2:40:b7:5d:5e:86:c3:db:c6:d3:70:
                    83:5c:b8:80:7a:9d:c6:48:2c:94:d5:71:99:2f:fd:
                    c2:33:a8:2c:72:f1:fa:50:6b:c6:cc:89:1d:37:c8:
                    78:61:5d:63:9a:12:f5:af:0f:ac:20:aa:7c:90:64:
                    8e:8a:64:36:1c:b9:74:ef:d1:8c:bf:7f:b8:e2:e1:
                    f0:7e:85:15:f1:72:a0:41:3b:b1:4c:05:02:b3:54:
                    fe:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:70:06:2E:DF:0F:D2:02:23:39:01:8F:15:86:C5:0F:31:39:8C:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/82efbcd9-2a68-4d1d-9f53-e9b0ab42e655.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8f:c7:9f:4a:66:9e:e5:90:4d:28:33:5f:73:e0:9e:63:24:a0:
         c8:a5:4c:63:04:39:5d:b6:a7:d4:52:ea:fe:63:2e:00:ef:2a:
         45:bb:76:8f:82:a4:95:c3:b5:52:14:80:50:62:4c:89:62:1f:
         cc:1f:80:2f:67:5c:fe:58:15:43:94:89:9c:33:71:49:3f:e6:
         fd:85:6e:c3:51:51:dc:7b:c2:f0:31:bc:b9:b7:fe:c8:46:6b:
         15:e2:71:15:de:ff:2f:c1:92:3e:c6:83:8a:4e:a7:91:58:37:
         66:8f:82:e7:c5:ef:d6:05:be:3f:47:ca:65:06:51:fe:60:3d:
         1d:78:8f:2f:26:3e:7d:10:6c:69:27:43:cc:a5:75:bb:5f:a4:
         51:64:5b:9e:33:1e:6b:6b:2a:2e:be:ce:41:f9:eb:5d:bc:13:
         f9:3e:96:c4:a9:ea:ed:9b:2c:c7:ea:54:dd:6b:8d:b0:ca:14:
         c3:52:85:af:f3:f9:10:eb:b2:b4:d9:ca:c7:47:f4:a7:84:fc:
         21:6c:85:8c:a5:ee:33:95:8e:81:69:77:12:64:6f:08:18:6c:
         32:3a:07:05:02:13:e9:e4:61:36:95:a5:63:02:89:19:f9:17:
         fb:4a:9f:fe:d6:e5:37:74:c5:ce:37:bd:83:5e:3d:26:c2:0f:
         4c:5b:b0:53
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUC9V9JGz9PPkvxUhWMW8EkRPXdGYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjVmODM0ZWViYzdkMjhmZjQ0OTZmMzMxOGM3ZGFmYzNl
ZjY2OTU4NGJmM2JkYzU4Y2NjNzIzNTdiYzNhNDUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZdOVx1efiAb4jrma+yIx4KAAoTZpTSe/qgqf0uRSsjb/q
MfYhnkl7h9bue69Kog76DVBaf6URpE1MdxpQcHb0SWkuLAob6rGIwB12yyazvffo
TvMxP2wPBwMEiAs3cUyeL2LQYNiQ5jOduoGSRiZgMV7O5Va1gBzb8ScT8CllMT03
Mnw2SyBQyNkyMcnnAXZelICen/YiXU0re4aCI+cFSGZR9BVzGGGiQLddXobD28bT
cINcuIB6ncZILJTVcZkv/cIzqCxy8fpQa8bMiR03yHhhXWOaEvWvD6wgqnyQZI6K
ZDYcuXTv0Yy/f7ji4fB+hRXxcqBBO7FMBQKzVP5jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdnAGLt8P0gIjOQGPFYbFDzE5jN8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgyZWZiY2Q5LTJhNjgtNGQxZC05ZjUzLWU5YjBhYjQyZTY1NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQgDANBgkqhkiG9w0BAQsFAAOCAQEAj8efSmae5ZBNKDNfc+CeYySgyKVM
YwQ5Xban1FLq/mMuAO8qRbt2j4KklcO1UhSAUGJMiWIfzB+AL2dc/lgVQ5SJnDNx
ST/m/YVuw1FR3HvC8DG8ubf+yEZrFeJxFd7/L8GSPsaDik6nkVg3Zo+C58Xv1gW+
P0fKZQZR/mA9HXiPLyY+fRBsaSdDzKV1u1+kUWRbnjMea2sqLr7OQfnrXbwT+T6W
xKnq7Zssx+pU3WuNsMoUw1KFr/P5EOuytNnKx0f0p4T8IWyFjKXuM5WOgWl3EmRv
CBhsMjoHBQIT6eRhNpWlYwKJGfkX+0qf/tblN3TFzje9g149JsIPTFuwUw==
-----END CERTIFICATE-----