Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/915eed93-29ec-45eb-b704-b28c96a06443.roa
File:                     915eed93-29ec-45eb-b704-b28c96a06443.roa (raw, json)
Hash identifier:          YNmiKLmqLH4pkWeVm27jonzLy9EsCGk/Bte8y8juhoU=
Subject key identifier:   80:38:3A:0F:89:E4:70:75:F7:42:62:F9:12:08:5B:F7:C1:0F:E3:A2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       476FEBE897C4DA7B20328851C8337C515914286C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/915eed93-29ec-45eb-b704-b28c96a06443.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.64.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:6f:eb:e8:97:c4:da:7b:20:32:88:51:c8:33:7c:51:59:14:28:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=73740baed4db46306591ae47e27603cbbe08bb08eb9072ddf74f3e866c2e0d75, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:50:34:25:7b:fe:11:b5:9d:e0:45:fc:e3:12:
                    26:53:3e:95:f9:d4:74:1d:89:75:0c:36:6b:66:e1:
                    6a:dd:58:9d:89:13:b4:e7:68:76:69:69:45:2c:1e:
                    42:4c:26:7a:21:31:65:67:3e:0d:10:d7:33:56:04:
                    43:ca:02:e5:55:bb:da:96:24:f0:7c:b7:be:32:f1:
                    78:95:6e:c3:2d:fa:9e:02:01:4d:03:8b:2b:5f:33:
                    9f:c5:a0:93:21:1c:44:91:f7:13:40:d1:73:e1:31:
                    dc:d1:43:5b:f2:8a:27:4d:3a:88:ce:5f:6d:65:6e:
                    1e:46:3b:7e:50:f7:46:70:c5:93:c7:16:10:11:8b:
                    89:d3:f6:80:a8:f0:1e:db:dc:2e:32:af:80:5b:6e:
                    32:83:ba:3f:b4:8e:f1:a7:ec:70:43:70:65:3e:70:
                    fa:c6:73:6c:b1:b4:63:c2:7a:ff:a3:f6:9c:ab:a0:
                    0e:fd:23:2a:c9:84:be:e2:36:18:23:df:94:a4:58:
                    26:e9:89:67:d8:7e:04:70:e2:ba:01:dc:67:a4:f2:
                    52:08:91:37:d6:29:ef:06:fa:a4:62:52:61:a3:84:
                    a2:f5:36:ca:31:72:48:fe:85:94:87:d7:1d:88:ed:
                    79:65:06:98:e8:c6:f0:8e:6f:c4:11:40:03:91:e7:
                    71:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:38:3A:0F:89:E4:70:75:F7:42:62:F9:12:08:5B:F7:C1:0F:E3:A2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/915eed93-29ec-45eb-b704-b28c96a06443.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.64.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cc:6e:44:8f:a9:2e:4b:a2:45:9a:69:f0:31:a1:dd:15:0b:be:
         08:ac:ad:9e:e8:ee:30:44:e6:07:9c:5a:5e:84:2a:a6:a2:de:
         42:57:f1:2d:42:f6:4e:51:95:1f:50:04:b3:60:c3:1e:76:bb:
         c1:db:5b:5b:94:0f:58:37:5c:df:74:78:0f:c8:e2:e5:8d:1b:
         d0:07:ae:5d:e5:27:2f:9d:cc:77:04:57:ed:51:47:df:a8:6a:
         ad:81:d1:b9:a1:da:4e:4d:6d:b6:a7:c3:22:b5:83:3a:99:be:
         18:65:65:48:60:ef:13:86:6c:9d:43:23:57:9d:ec:4f:64:f7:
         3b:e9:6a:4e:6d:a6:55:4a:23:57:13:04:73:42:39:11:12:be:
         52:51:d7:6e:b8:1e:6d:03:77:2f:cb:78:31:c9:66:95:72:b1:
         28:fd:21:57:7b:36:e8:2c:7b:a5:d3:a3:80:0c:24:75:24:79:
         54:dd:c8:02:d3:6c:24:60:db:26:9b:a0:25:a3:0f:b5:0e:fd:
         5a:71:68:1f:5c:49:3d:68:c9:ea:17:86:a9:f3:af:a1:44:4b:
         11:6f:c2:12:08:14:f6:36:1e:87:72:67:9d:e7:b1:89:3b:4d:
         af:8b:60:f5:15:09:ba:06:14:e8:df:c2:cd:ac:7c:af:76:79:
         6a:73:3c:a6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR2/r6JfE2nsgMohRyDN8UVkUKGwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3Mzc0MGJhZWQ0ZGI0NjMwNjU5MWFlNDdlMjc2MDNjYmJl
MDhiYjA4ZWI5MDcyZGRmNzRmM2U4NjZjMmUwZDc1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjUDQle/4RtZ3gRfzjEiZTPpX51HQdiXUMNmtm4WrdWJ2J
E7TnaHZpaUUsHkJMJnohMWVnPg0Q1zNWBEPKAuVVu9qWJPB8t74y8XiVbsMt+p4C
AU0DiytfM5/FoJMhHESR9xNA0XPhMdzRQ1vyiidNOojOX21lbh5GO35Q90ZwxZPH
FhARi4nT9oCo8B7b3C4yr4BbbjKDuj+0jvGn7HBDcGU+cPrGc2yxtGPCev+j9pyr
oA79IyrJhL7iNhgj35SkWCbpiWfYfgRw4roB3Gek8lIIkTfWKe8G+qRiUmGjhKL1
Nsoxckj+hZSH1x2I7XllBpjoxvCOb8QRQAOR53HrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgDg6D4nkcHX3QmL5Eghb98EP46IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkxNWVlZDkzLTI5ZWMtNDVlYi1iNzA0LWIyOGM5NmEwNjQ0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQQDANBgkqhkiG9w0BAQsFAAOCAQEAzG5Ej6kuS6JFmmnwMaHdFQu+CKyt
nujuMETmB5xaXoQqpqLeQlfxLUL2TlGVH1AEs2DDHna7wdtbW5QPWDdc33R4D8ji
5Y0b0AeuXeUnL53MdwRX7VFH36hqrYHRuaHaTk1ttqfDIrWDOpm+GGVlSGDvE4Zs
nUMjV53sT2T3O+lqTm2mVUojVxMEc0I5ERK+UlHXbrgebQN3L8t4MclmlXKxKP0h
V3s26Cx7pdOjgAwkdSR5VN3IAtNsJGDbJpugJaMPtQ79WnFoH1xJPWjJ6heGqfOv
oURLEW/CEggU9jYeh3JnneexiTtNr4tg9RUJugYU6N/Czax8r3Z5anM8pg==
-----END CERTIFICATE-----