Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b5be703-5092-4b56-aefa-f3fd683a3354.roa
File:                     8b5be703-5092-4b56-aefa-f3fd683a3354.roa (raw, json)
Hash identifier:          mLQipK/QD7SL7BB2ImM7O056flV6ark8/HMTlHDc3Js=
Subject key identifier:   D0:C2:CB:4C:D7:85:F2:EB:5F:D7:EB:E1:A6:2E:01:1C:CE:C2:7A:64
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3BB22753E9DC5647A16E571239A2412B0BF81837
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b5be703-5092-4b56-aefa-f3fd683a3354.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        15.216.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b2:27:53:e9:dc:56:47:a1:6e:57:12:39:a2:41:2b:0b:f8:18:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=34d56bf2d1ea7f5db9849646139092dc48f50256e4ea33a02fd9dae200abe51f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:8c:af:e9:c5:1f:62:be:95:fd:9e:e9:9d:26:
                    38:94:05:5d:fb:8f:16:ae:35:7e:ba:96:ca:2a:11:
                    1c:06:09:0f:30:df:f5:3f:95:72:47:ea:e2:9d:50:
                    bc:ab:84:18:0d:6a:e1:6d:e9:ee:83:6f:56:9f:3b:
                    84:bf:4d:b9:02:21:20:1b:b9:38:36:36:c8:7f:7a:
                    ac:6d:21:d6:fb:60:e7:e6:e0:c6:94:dd:34:7d:c8:
                    89:af:7c:ff:cf:1f:91:e9:e3:7e:ee:de:76:85:87:
                    b0:a5:07:a5:c7:6c:50:30:80:10:f0:89:91:af:15:
                    17:4f:de:ff:d7:6c:8b:30:b2:7c:3b:96:2a:e4:95:
                    32:4b:dc:e3:55:18:e5:1b:9c:44:50:f5:53:f3:28:
                    3f:77:d9:12:21:7e:2f:bc:08:ae:39:06:77:7a:cd:
                    72:0d:f0:a8:79:c3:44:5b:f7:f9:50:e7:8f:b8:f5:
                    1b:87:f6:70:5e:48:ea:45:c7:d7:ab:1e:39:90:58:
                    49:0f:0d:94:72:47:c6:94:cf:47:06:13:53:3f:63:
                    11:d8:ca:e3:22:c3:d0:56:ef:92:cf:94:c3:6f:92:
                    38:34:3b:6c:76:e0:fd:28:71:31:b4:23:f8:2a:d4:
                    37:74:39:ab:75:d6:f6:92:b2:20:85:00:4e:b8:a0:
                    53:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C2:CB:4C:D7:85:F2:EB:5F:D7:EB:E1:A6:2E:01:1C:CE:C2:7A:64
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8b5be703-5092-4b56-aefa-f3fd683a3354.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.216.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:fa:29:c6:c7:91:be:42:d0:4f:15:c5:ab:8e:04:9e:cd:c0:
         16:4e:f9:68:7d:8d:ae:c5:2d:58:e4:48:36:cc:60:88:c1:4a:
         a5:ee:12:e5:9f:45:a7:25:16:9f:5f:b5:fb:c3:c1:fd:6e:68:
         9f:cd:dd:18:80:07:70:b6:fe:95:4c:d9:a1:c5:fd:d9:4a:a5:
         d9:99:de:94:ee:e9:68:b4:00:98:77:4d:d6:5a:95:4c:65:40:
         81:7c:1f:3a:4c:90:c0:5d:da:fe:e2:5d:75:3f:f0:1f:3f:ce:
         10:ce:ba:98:16:44:49:4c:0d:6a:2f:d9:23:ad:35:75:c8:69:
         49:b6:d1:5b:e7:93:2e:b8:f8:50:61:13:b9:ff:76:4f:5b:42:
         1f:42:b8:d9:d9:0c:f4:39:b5:76:af:ea:b3:52:13:bc:3c:a1:
         6d:18:64:d2:48:56:91:b3:3d:a1:84:1c:e3:f7:3a:17:33:03:
         dd:ba:cd:45:3d:6f:6e:c6:b3:d4:5c:0d:91:c7:67:97:bd:0c:
         a8:5d:21:3f:fd:80:04:d3:4b:7c:00:f6:59:40:34:3f:d7:a9:
         bc:91:cf:09:c7:5f:28:8a:9a:42:2c:28:17:f5:78:fc:1d:f8:
         08:74:37:84:29:57:ad:8d:b3:8c:77:40:f3:60:e3:48:a5:06:
         d5:30:c3:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUO7InU+ncVkehblcSOaJBKwv4GDcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNGQ1NmJmMmQxZWE3ZjVkYjk4NDk2NDYxMzkwOTJkYzQ4
ZjUwMjU2ZTRlYTMzYTAyZmQ5ZGFlMjAwYWJlNTFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/jK/pxR9ivpX9numdJjiUBV37jxauNX66lsoqERwGCQ8w
3/U/lXJH6uKdULyrhBgNauFt6e6Db1afO4S/TbkCISAbuTg2Nsh/eqxtIdb7YOfm
4MaU3TR9yImvfP/PH5Hp437u3naFh7ClB6XHbFAwgBDwiZGvFRdP3v/XbIswsnw7
lirklTJL3ONVGOUbnERQ9VPzKD932RIhfi+8CK45Bnd6zXIN8Kh5w0Rb9/lQ54+4
9RuH9nBeSOpFx9erHjmQWEkPDZRyR8aUz0cGE1M/YxHYyuMiw9BW75LPlMNvkjg0
O2x24P0ocTG0I/gq1Dd0Oat11vaSsiCFAE64oFONAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU0MLLTNeF8utf1+vhpi4BHM7CemQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiNWJlNzAzLTUwOTItNGI1Ni1hZWZhLWYzZmQ2ODNhMzM1NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP2DANBgkqhkiG9w0BAQsFAAOCAQEAIPopxseRvkLQTxXFq44Ens3AFk75
aH2NrsUtWORINsxgiMFKpe4S5Z9FpyUWn1+1+8PB/W5on83dGIAHcLb+lUzZocX9
2Uql2ZnelO7paLQAmHdN1lqVTGVAgXwfOkyQwF3a/uJddT/wHz/OEM66mBZESUwN
ai/ZI601dchpSbbRW+eTLrj4UGETuf92T1tCH0K42dkM9Dm1dq/qs1ITvDyhbRhk
0khWkbM9oYQc4/c6FzMD3brNRT1vbsaz1FwNkcdnl70MqF0hP/2ABNNLfAD2WUA0
P9epvJHPCcdfKIqaQiwoF/V4/B34CHQ3hClXrY2zjHdA82DjSKUG1TDDKg==
-----END CERTIFICATE-----