Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/84f6069b-8b14-4821-a245-6fcd3abbf4c7.roa
File:                     84f6069b-8b14-4821-a245-6fcd3abbf4c7.roa (raw, json)
Hash identifier:          mQaAEXZ5VnERdbD50TKtgeP90MjepavvwW635nELTtI=
Subject key identifier:   79:93:B4:E6:9E:C2:95:BB:DE:4F:B1:AD:C8:C1:43:FF:FA:2F:AA:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02CE8CEDEE7188AB4906229417A809809D81088F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/84f6069b-8b14-4821-a245-6fcd3abbf4c7.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.55.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ce:8c:ed:ee:71:88:ab:49:06:22:94:17:a8:09:80:9d:81:08:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1c:ad:15:60:3c:e3:4b:ce:bd:cc:7e:75:e2:
                    35:92:9b:aa:ff:26:ba:92:07:5e:b8:1c:f0:76:c1:
                    0b:50:d8:76:a8:8d:2d:57:7a:39:fc:69:e4:66:53:
                    20:d3:93:cc:6a:74:2b:b0:30:c2:b0:60:97:b1:d7:
                    18:46:57:42:45:81:dd:a9:de:e2:a9:13:1d:73:7e:
                    ba:ca:d8:4b:d5:69:9f:b2:c1:9c:60:39:79:ec:de:
                    d0:26:81:96:25:44:22:cc:27:cc:62:ec:b2:bb:86:
                    ef:f4:ab:5f:b3:3b:76:3c:b1:7e:27:03:48:6e:f1:
                    67:8b:bf:6f:21:e8:b8:fa:8c:6b:dc:97:89:44:71:
                    7c:4e:ad:7d:22:6b:b8:87:b0:cf:af:73:3b:89:14:
                    9d:4f:82:73:11:e1:70:97:ee:bd:ce:cd:94:ac:e0:
                    6b:e7:2b:41:6e:2e:57:85:7c:4c:6b:19:5f:69:1d:
                    31:d4:c7:57:f7:70:50:d1:58:40:ae:00:b6:99:4b:
                    39:c8:87:81:18:5e:87:2c:04:bf:43:d9:a9:46:13:
                    da:36:4e:87:f3:91:ae:55:bf:09:b3:e9:94:24:9b:
                    18:41:cd:39:a3:bd:f9:dd:74:c7:9e:e2:5e:dd:8a:
                    15:b1:09:80:80:a3:4b:6f:c9:f2:c8:1c:15:6a:9e:
                    4f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:93:B4:E6:9E:C2:95:BB:DE:4F:B1:AD:C8:C1:43:FF:FA:2F:AA:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/84f6069b-8b14-4821-a245-6fcd3abbf4c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cc:ad:11:7f:eb:11:e9:bb:54:42:32:a1:9e:4d:be:d7:c4:b5:
         2b:21:38:91:0f:3d:3a:11:75:9e:cb:a2:7e:dc:18:2b:a8:b4:
         04:f1:3d:68:71:f0:6a:53:88:fa:6d:3a:5d:cf:f3:7f:c8:08:
         5a:ba:88:3b:30:c2:32:29:f8:34:c9:7f:c3:bf:ee:6a:28:b5:
         ea:00:69:99:0f:29:7b:0b:21:ab:b7:97:61:a6:09:b0:7b:58:
         d5:64:45:ef:65:5c:46:1c:f2:d7:ed:b7:af:f2:f9:ce:dc:1c:
         ac:3c:11:da:20:3c:83:4b:85:38:ce:1b:7a:02:cb:c7:30:ea:
         73:d8:90:10:0f:11:88:f1:10:1f:b6:cf:68:8a:27:4a:36:29:
         c3:c1:36:13:38:8d:64:e2:51:f7:65:1d:95:39:64:5c:45:a5:
         a6:dd:cd:4b:c3:b9:70:9b:a6:a2:e6:25:ef:c5:7c:77:50:c2:
         a4:80:98:c4:5d:ac:b7:7e:db:b5:1d:b8:85:af:08:ad:56:a1:
         b3:bc:77:98:a8:40:08:52:06:93:42:17:a1:45:51:88:3f:82:
         52:67:ec:c8:04:8f:1f:c9:46:41:2d:d0:ea:5f:69:23:35:3c:
         54:d5:ad:c2:73:6f:87:6e:5e:35:4d:3b:12:da:67:3e:65:f6:
         aa:8e:50:3d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAs6M7e5xiKtJBiKUF6gJgJ2BCI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZjI1NTdlM2ZhODdlMDE3M2Q5YzliNDkyZjJhNDk2ZWRj
YmY4ZjgyZTVkOTEyMjVhMTYyNjNiNGIxNTFkZWEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrHK0VYDzjS869zH514jWSm6r/JrqSB164HPB2wQtQ2Hao
jS1Xejn8aeRmUyDTk8xqdCuwMMKwYJex1xhGV0JFgd2p3uKpEx1zfrrK2EvVaZ+y
wZxgOXns3tAmgZYlRCLMJ8xi7LK7hu/0q1+zO3Y8sX4nA0hu8WeLv28h6Lj6jGvc
l4lEcXxOrX0ia7iHsM+vczuJFJ1PgnMR4XCX7r3OzZSs4GvnK0FuLleFfExrGV9p
HTHUx1f3cFDRWECuALaZSznIh4EYXocsBL9D2alGE9o2Tofzka5Vvwmz6ZQkmxhB
zTmjvfnddMee4l7dihWxCYCAo0tvyfLIHBVqnk/1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeZO05p7ClbveT7GtyMFD//ovqiUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0ZjYwNjliLThiMTQtNDgyMS1hMjQ1LTZmY2QzYWJiZjRjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNzANBgkqhkiG9w0BAQsFAAOCAQEAzK0Rf+sR6btUQjKhnk2+18S1KyE4
kQ89OhF1nsuiftwYK6i0BPE9aHHwalOI+m06Xc/zf8gIWrqIOzDCMin4NMl/w7/u
aii16gBpmQ8pewshq7eXYaYJsHtY1WRF72VcRhzy1+23r/L5ztwcrDwR2iA8g0uF
OM4begLLxzDqc9iQEA8RiPEQH7bPaIonSjYpw8E2EziNZOJR92UdlTlkXEWlpt3N
S8O5cJumouYl78V8d1DCpICYxF2st37btR24ha8IrVahs7x3mKhACFIGk0IXoUVR
iD+CUmfsyASPH8lGQS3Q6l9pIzU8VNWtwnNvh25eNU07EtpnPmX2qo5QPQ==
-----END CERTIFICATE-----