Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9929b47c-a127-4e49-9843-84b3967adcfc.roa
File:                     9929b47c-a127-4e49-9843-84b3967adcfc.roa (raw, json)
Hash identifier:          Uq995KRsj8LcGts/MaWMcp0mB+/eB0FtEYNXy3ZKQiQ=
Subject key identifier:   BB:FC:C7:40:C4:99:0F:73:4B:EB:4D:C2:E6:D6:C4:8D:CA:14:F1:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57A605EF128C05F1E4868B10A3991E850599795C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9929b47c-a127-4e49-9843-84b3967adcfc.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.15.0.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a6:05:ef:12:8c:05:f1:e4:86:8b:10:a3:99:1e:85:05:99:79:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:be:a4:fa:f6:af:49:7f:31:ba:cd:9f:f0:22:
                    ff:30:08:a1:b8:2f:ca:11:d3:8b:bb:0c:fe:c1:ef:
                    a5:6c:88:d0:32:0f:08:f8:e4:82:22:82:25:ba:5a:
                    47:7e:de:86:93:59:97:e2:d0:c7:7a:ce:1e:76:fd:
                    cb:e4:97:62:a8:ca:c4:5c:c4:17:fa:48:e4:15:9b:
                    58:92:21:57:e1:01:58:42:2e:a6:c9:5c:5a:d0:bb:
                    2b:5f:1d:ef:27:b5:2a:ae:1e:2d:be:59:e9:d9:91:
                    be:f9:dc:35:d1:e5:49:d1:40:90:2c:d1:a5:16:9b:
                    49:1b:03:dc:0a:f8:e8:4e:4b:af:60:e9:9c:a3:f8:
                    f7:af:b0:7c:d2:2f:59:32:ee:d0:46:10:00:77:90:
                    21:f6:87:9e:44:1a:bc:83:e0:74:08:4d:63:a8:6d:
                    b9:36:9f:cb:14:5b:9c:4d:7c:bf:30:ca:1e:8b:bc:
                    52:de:b5:25:75:25:49:fa:42:3d:c7:88:1b:29:d9:
                    aa:14:6d:1b:2e:e9:d0:3a:27:be:b5:45:db:eb:67:
                    cd:d8:a5:2a:93:7e:d5:86:76:d6:f2:89:21:e0:8d:
                    59:8b:f0:35:21:f9:27:f9:85:8b:55:b0:e1:7c:c0:
                    6a:d8:7b:86:93:26:2e:7d:1d:7b:3d:a7:99:8d:0d:
                    c6:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:FC:C7:40:C4:99:0F:73:4B:EB:4D:C2:E6:D6:C4:8D:CA:14:F1:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9929b47c-a127-4e49-9843-84b3967adcfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.15.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         71:20:66:e7:20:8c:9e:b3:a4:56:a2:a5:7f:e0:13:06:a4:91:
         5a:2c:28:ae:da:e0:d9:48:f9:31:35:c7:76:fe:f0:40:38:2c:
         8f:61:7e:31:34:be:3b:37:6e:61:bb:b5:a9:e6:80:12:b5:ef:
         6f:49:2a:b6:8b:6c:ab:34:9e:9d:17:90:f6:0c:ce:9d:06:a2:
         97:90:a7:a0:18:d1:01:62:5f:56:17:f5:a2:c2:eb:a9:86:f7:
         87:1d:4a:ac:80:64:a9:8b:c8:83:04:69:dd:a5:96:c6:2f:74:
         06:61:07:a2:82:7c:c8:07:9e:83:1f:3d:cb:14:1c:23:f8:51:
         84:89:3a:2c:6e:07:85:b8:94:11:33:99:7f:c7:73:7e:c7:5f:
         37:88:25:ce:30:99:5e:05:46:78:48:cd:3a:30:8b:bb:d6:d8:
         d8:f6:b0:e0:cc:f6:0c:88:55:c8:c7:0b:e3:ec:d3:15:11:c6:
         89:df:1f:b1:c0:00:2c:04:c7:36:1c:bf:bb:f0:84:cc:80:ee:
         10:43:f0:37:33:ea:ca:e4:c8:40:ae:04:0e:a1:03:68:a7:8d:
         e4:5e:f1:74:ae:64:26:05:e2:0b:c0:47:74:21:3e:ac:ec:4c:
         88:ed:b7:97:b2:61:94:88:f8:a9:b0:0b:45:a1:4d:70:73:4b:
         6e:fb:ac:de
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV6YF7xKMBfHkhosQo5kehQWZeVwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjhhNmI2NTVmMTA2ZjcyZWFjMjU0M2E1MDY4MTMxZjVm
YzBmYjhiOGJlNjhlOGM1OWY0OGVmMjVmM2Q4NjllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCyvqT69q9JfzG6zZ/wIv8wCKG4L8oR04u7DP7B76VsiNAy
Dwj45IIigiW6Wkd+3oaTWZfi0Md6zh52/cvkl2KoysRcxBf6SOQVm1iSIVfhAVhC
LqbJXFrQuytfHe8ntSquHi2+WenZkb753DXR5UnRQJAs0aUWm0kbA9wK+OhOS69g
6Zyj+PevsHzSL1ky7tBGEAB3kCH2h55EGryD4HQITWOobbk2n8sUW5xNfL8wyh6L
vFLetSV1JUn6Qj3HiBsp2aoUbRsu6dA6J761RdvrZ83YpSqTftWGdtbyiSHgjVmL
8DUh+Sf5hYtVsOF8wGrYe4aTJi59HXs9p5mNDcalAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu/zHQMSZD3NL603C5tbEjcoU8WkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5MjliNDdjLWExMjctNGU0OS05ODQzLTg0YjM5NjdhZGNmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAMQDwAwDQYJKoZIhvcNAQELBQADggEBAHEgZucgjJ6zpFaipX/gEwakkVos
KK7a4NlI+TE1x3b+8EA4LI9hfjE0vjs3bmG7tanmgBK1729JKraLbKs0np0XkPYM
zp0GopeQp6AY0QFiX1YX9aLC66mG94cdSqyAZKmLyIMEad2llsYvdAZhB6KCfMgH
noMfPcsUHCP4UYSJOixuB4W4lBEzmX/Hc37HXzeIJc4wmV4FRnhIzTowi7vW2Nj2
sODM9gyIVcjHC+Ps0xURxonfH7HAACwExzYcv7vwhMyA7hBD8Dcz6srkyECuBA6h
A2injeRe8XSuZCYF4gvAR3QhPqzsTIjtt5eyYZSI+KmwC0WhTXBzS277rN4=
-----END CERTIFICATE-----