Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9124904b-426b-48a1-baae-8271bff51c24.roa
File:                     9124904b-426b-48a1-baae-8271bff51c24.roa (raw, json)
Hash identifier:          TFI/sRsZt+Q5YGaNTM1fb+YSVFxJix/H+px4mhMdPng=
Subject key identifier:   9B:3B:F1:E4:F6:87:75:77:F0:CB:2A:7E:DF:BA:A5:64:7F:87:87:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18114A4D5F76F8C35CFE9147409A34D2DA02CACD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9124904b-426b-48a1-baae-8271bff51c24.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.52.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:11:4a:4d:5f:76:f8:c3:5c:fe:91:47:40:9a:34:d2:da:02:ca:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=59c165f8678e828010b68274319456482abe84bcb562a97518e723890a905f10, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0c:08:7f:0a:a5:a5:76:7a:e0:2d:64:37:5c:
                    b0:7f:6d:02:f0:70:84:a9:37:b8:76:57:ae:4c:0f:
                    7d:03:54:a6:50:9f:c3:08:78:7a:b1:89:c4:d1:f1:
                    b0:79:8e:d6:95:96:cd:c6:ff:c4:76:cb:e2:3c:f1:
                    35:a5:45:cb:68:4d:fa:03:3a:35:21:72:d2:f3:de:
                    99:e2:cb:d9:01:cc:16:82:22:01:bb:9a:eb:80:fc:
                    12:09:1d:20:18:aa:33:6c:95:c0:26:58:2c:cc:f4:
                    41:ab:eb:da:ca:90:7e:2f:44:fb:85:4e:4a:03:01:
                    fb:15:2c:67:14:8b:ed:a2:c3:19:ef:43:97:02:c2:
                    0a:58:15:4d:88:ac:74:12:f9:0a:98:13:6d:69:8c:
                    61:e2:83:bd:34:3b:39:33:4c:dc:f6:b5:9e:22:34:
                    15:d4:5d:84:e1:ef:81:80:03:8b:bb:5e:1b:51:60:
                    17:f6:ea:34:30:32:a5:18:61:8d:2c:66:ed:b4:01:
                    dd:9e:f6:20:5c:1e:75:e8:84:12:3a:39:5e:72:92:
                    a9:ab:53:49:38:c9:05:60:d4:79:0a:f0:18:1d:2a:
                    9e:53:e2:42:5c:25:b0:1a:9a:9d:a4:47:96:5e:9a:
                    af:13:ff:70:a7:31:e8:fb:88:bf:db:44:a1:4c:bc:
                    24:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:3B:F1:E4:F6:87:75:77:F0:CB:2A:7E:DF:BA:A5:64:7F:87:87:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9124904b-426b-48a1-baae-8271bff51c24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.52.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         40:72:0d:fe:88:79:17:98:2c:fe:c8:fa:3d:31:b2:5f:27:d0:
         7b:98:e1:d6:14:62:d8:10:3d:22:28:8e:1e:26:28:12:8e:a1:
         80:b3:c6:3d:e7:6e:b7:e3:7e:dc:2a:31:47:32:ec:60:28:c2:
         5f:f6:d5:d1:3c:00:81:a7:8e:30:3a:84:de:03:a4:96:4a:e4:
         73:d5:f5:9f:84:71:5a:a2:10:db:d0:61:bc:0f:6c:fb:01:3b:
         8b:81:e0:98:1e:23:9e:90:fc:b7:a6:ab:b6:c0:03:2d:0c:13:
         bd:3a:03:86:5e:29:0c:12:d9:6c:2d:c6:bd:3c:6e:c9:c7:b7:
         cf:ab:45:08:d1:da:5e:73:51:70:03:86:60:2c:78:ef:cd:b3:
         a2:d9:be:9b:29:ae:7c:60:27:f2:f2:cd:4d:a3:b7:f0:49:e4:
         e4:9d:9f:d8:9c:65:e0:7a:4a:a5:dd:60:f8:80:6b:3a:b5:6f:
         59:50:72:f5:0d:87:b5:53:cd:98:ee:09:52:30:ea:ac:f3:18:
         52:1e:b4:ed:5c:42:08:12:27:96:95:5d:a4:24:ed:f8:79:cd:
         83:62:b3:4a:9d:99:f7:5b:79:d8:86:c1:36:9d:66:6c:65:68:
         0d:f3:26:47:0c:5e:8b:d1:9a:28:b3:1d:55:a4:c7:25:0f:d9:
         e0:f6:df:18
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGBFKTV92+MNc/pFHQJo00toCys0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWMxNjVmODY3OGU4MjgwMTBiNjgyNzQzMTk0NTY0ODJh
YmU4NGJjYjU2MmE5NzUxOGU3MjM4OTBhOTA1ZjEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNDAh/CqWldnrgLWQ3XLB/bQLwcISpN7h2V65MD30DVKZQ
n8MIeHqxicTR8bB5jtaVls3G/8R2y+I88TWlRctoTfoDOjUhctLz3pniy9kBzBaC
IgG7muuA/BIJHSAYqjNslcAmWCzM9EGr69rKkH4vRPuFTkoDAfsVLGcUi+2iwxnv
Q5cCwgpYFU2IrHQS+QqYE21pjGHig700OzkzTNz2tZ4iNBXUXYTh74GAA4u7XhtR
YBf26jQwMqUYYY0sZu20Ad2e9iBcHnXohBI6OV5ykqmrU0k4yQVg1HkK8BgdKp5T
4kJcJbAamp2kR5Zemq8T/3CnMej7iL/bRKFMvCRRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUmzvx5PaHdXfwyyp+37qlZH+Hh8MwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxMjQ5MDRiLTQyNmItNDhhMS1iYWFlLTgyNzFiZmY1MWMyNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIQNDANBgkqhkiG9w0BAQsFAAOCAQEAQHIN/oh5F5gs/sj6PTGyXyfQe5jh
1hRi2BA9IiiOHiYoEo6hgLPGPedut+N+3CoxRzLsYCjCX/bV0TwAgaeOMDqE3gOk
lkrkc9X1n4RxWqIQ29BhvA9s+wE7i4HgmB4jnpD8t6artsADLQwTvToDhl4pDBLZ
bC3GvTxuyce3z6tFCNHaXnNRcAOGYCx4782zotm+mymufGAn8vLNTaO38Enk5J2f
2Jxl4HpKpd1g+IBrOrVvWVBy9Q2HtVPNmO4JUjDqrPMYUh607VxCCBInlpVdpCTt
+HnNg2KzSp2Z91t52IbBNp1mbGVoDfMmRwxei9GaKLMdVaTHJQ/Z4PbfGA==
-----END CERTIFICATE-----