Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a968700-a089-4299-8b14-9a9aa6edf062.roa
File:                     8a968700-a089-4299-8b14-9a9aa6edf062.roa (raw, json)
Hash identifier:          xj/FCBZdkevm3p/7h8SkLlTI2k5tMVES23m7qPjBjhU=
Subject key identifier:   01:26:3F:BE:49:4B:B8:A8:D7:08:B7:92:36:6C:FA:83:43:8C:9A:A5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       542DF6012F5C8DEB0081AFF3E67641E41278B8AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a968700-a089-4299-8b14-9a9aa6edf062.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.12.18.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:2d:f6:01:2f:5c:8d:eb:00:81:af:f3:e6:76:41:e4:12:78:b8:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=82076fc00f4bf21801fe1e747412a3b5545c7eca3a060170be184bc18cceeacc, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:e3:28:90:6c:1d:e8:ed:f3:be:64:56:e1:9e:
                    c0:a3:4f:51:7c:d3:aa:b9:08:be:17:53:b7:79:0c:
                    da:b0:96:da:0b:62:d2:55:4a:3f:6c:5d:b9:85:e7:
                    11:b2:69:b2:3b:e4:14:07:8d:93:c8:a4:47:c6:3c:
                    8b:d8:93:13:d7:d7:fb:db:fb:f2:68:d4:fc:18:29:
                    13:4f:b9:ff:cb:05:79:81:78:72:cd:c9:e1:57:62:
                    d9:ed:64:7d:e0:0f:e5:c1:81:a8:e0:57:f3:33:b4:
                    50:9b:c5:16:f8:20:86:52:b0:ab:80:19:de:0c:32:
                    66:9c:43:14:2e:00:bd:7e:25:8c:97:b2:fe:42:d8:
                    57:99:08:d6:d9:75:52:62:0e:87:f7:e3:83:6e:f5:
                    a0:6d:a0:40:0a:01:37:b1:7b:0d:d1:bc:6b:3e:01:
                    c8:3b:12:c9:a8:d9:44:ef:f7:59:ae:98:4a:9e:cf:
                    2e:a2:52:69:eb:c2:23:b7:ea:c8:8e:97:56:73:db:
                    eb:f8:a4:f0:93:ec:3b:4e:a3:e8:fe:51:80:91:d4:
                    c3:51:74:13:97:24:21:3f:e2:60:eb:e0:b4:97:eb:
                    aa:82:1d:3b:50:b7:9b:52:a7:b5:59:b1:3a:83:ab:
                    fe:3d:a7:31:53:77:1b:02:5d:81:a8:7d:a2:11:2d:
                    1e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:26:3F:BE:49:4B:B8:A8:D7:08:B7:92:36:6C:FA:83:43:8C:9A:A5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8a968700-a089-4299-8b14-9a9aa6edf062.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.12.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:5c:0f:ac:88:7f:db:df:4d:a0:92:73:89:84:01:70:0a:2e:
         26:70:21:49:d9:f9:d8:89:2f:ed:e4:4b:2e:f3:d7:4f:6e:6b:
         bd:b6:5b:3b:e1:34:19:98:47:c0:2f:5c:77:32:a0:cb:55:58:
         3f:70:26:06:99:27:3a:e8:fa:a3:5a:1a:d3:db:54:0f:7e:ad:
         1e:b8:17:2d:04:79:f6:60:b2:dd:1b:c6:f5:7b:f0:0e:d1:39:
         b9:d4:f6:1c:52:50:68:e2:66:c4:89:3f:30:93:61:12:7a:31:
         cf:3b:94:12:b6:3a:db:66:6f:5c:24:5c:31:c6:a4:29:e1:44:
         2d:72:21:dd:e7:89:24:fd:7f:bf:65:28:b9:72:f9:40:96:3e:
         87:61:a8:86:c3:93:d1:4f:03:b6:0b:1b:b8:50:16:4f:16:c5:
         9c:cf:96:b1:39:ac:8b:d9:2f:fb:19:f2:ea:d6:f1:e1:64:21:
         80:20:d9:bc:23:d4:ba:c4:90:76:cd:49:e1:c2:d7:90:c2:ea:
         65:48:7a:e9:f0:3d:d5:65:be:bd:b5:63:db:81:e9:ce:ec:b5:
         39:13:0d:f0:51:40:97:04:e3:37:8a:d5:a3:56:ec:4c:b3:64:
         f3:91:db:7d:0e:bd:83:4d:a1:3d:19:e8:d3:17:bb:fc:db:8c:
         d0:ce:fc:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVC32AS9cjesAga/z5nZB5BJ4uKowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjA3NmZjMDBmNGJmMjE4MDFmZTFlNzQ3NDEyYTNiNTU0
NWM3ZWNhM2EwNjAxNzBiZTE4NGJjMThjY2VlYWNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf4yiQbB3o7fO+ZFbhnsCjT1F806q5CL4XU7d5DNqwltoL
YtJVSj9sXbmF5xGyabI75BQHjZPIpEfGPIvYkxPX1/vb+/Jo1PwYKRNPuf/LBXmB
eHLNyeFXYtntZH3gD+XBgajgV/MztFCbxRb4IIZSsKuAGd4MMmacQxQuAL1+JYyX
sv5C2FeZCNbZdVJiDof344Nu9aBtoEAKATexew3RvGs+Acg7Esmo2UTv91mumEqe
zy6iUmnrwiO36siOl1Zz2+v4pPCT7DtOo+j+UYCR1MNRdBOXJCE/4mDr4LSX66qC
HTtQt5tSp7VZsTqDq/49pzFTdxsCXYGofaIRLR5rAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUASY/vklLuKjXCLeSNmz6g0OMmqUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhhOTY4NzAwLWEwODktNDI5OS04YjE0LTlhOWFhNmVkZjA2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAEQDBIwDQYJKoZIhvcNAQELBQADggEBAIpcD6yIf9vfTaCSc4mEAXAKLiZw
IUnZ+diJL+3kSy7z109ua722WzvhNBmYR8AvXHcyoMtVWD9wJgaZJzro+qNaGtPb
VA9+rR64Fy0EefZgst0bxvV78A7RObnU9hxSUGjiZsSJPzCTYRJ6Mc87lBK2Ottm
b1wkXDHGpCnhRC1yId3niST9f79lKLly+UCWPodhqIbDk9FPA7YLG7hQFk8WxZzP
lrE5rIvZL/sZ8urW8eFkIYAg2bwj1LrEkHbNSeHC15DC6mVIeunwPdVlvr21Y9uB
6c7stTkTDfBRQJcE4zeK1aNW7EyzZPOR230OvYNNoT0Z6NMXu/zbjNDO/Pk=
-----END CERTIFICATE-----