Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9bc18d10-10e3-49dc-b874-0a5e8b6951ba.roa
File:                     9bc18d10-10e3-49dc-b874-0a5e8b6951ba.roa (raw, json)
Hash identifier:          DbdCc3gk6y15gOsEwEGknAWp4wecuU5yjt2xB66yyso=
Subject key identifier:   E2:75:37:DB:E1:07:20:10:89:7B:17:5F:02:C2:2E:FC:5A:EE:2A:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79B850C3E0FE5CFC59D78054DF92C00473CCEF5A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9bc18d10-10e3-49dc-b874-0a5e8b6951ba.roa
Signing time:             Wed 27 Nov 2024 00:00:00 +0000
ROA not before:           Wed 27 Nov 2024 00:00:00 +0000
ROA not after:            Wed 01 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.78.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:b8:50:c3:e0:fe:5c:fc:59:d7:80:54:df:92:c0:04:73:cc:ef:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 27 00:00:00 2024 GMT
            Not After : Jan  1 23:59:59 2025 GMT
        Subject: serialNumber=452a9c86bfd33c2e99730b671057eb750e8566c595993375b905686490814cd7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7b:f9:8b:ff:64:69:df:b1:be:a6:2b:e6:b2:
                    36:58:58:53:a2:b2:9f:51:20:66:9c:63:f9:d1:af:
                    cb:83:e0:f3:ba:6a:ef:2a:24:6b:68:8e:33:2b:12:
                    9b:af:99:74:8c:24:30:ff:68:8e:9b:c0:ce:1a:11:
                    03:87:81:2a:d0:f3:20:f0:97:e9:c8:d5:39:2b:02:
                    0e:a5:f8:de:3c:30:cb:35:34:49:b0:53:56:d0:c8:
                    75:9e:a7:dd:f6:db:1c:21:0a:98:71:7a:1c:2a:64:
                    b9:ec:8c:50:98:0c:7f:86:de:71:e8:d2:44:f4:8b:
                    bd:e9:f8:d4:c5:47:b6:23:d1:f6:3a:97:d4:c7:57:
                    4a:15:18:3a:d6:b8:6f:92:92:40:ae:f2:ae:24:5b:
                    b0:b6:30:3d:52:ff:62:81:2f:58:a5:1e:cd:6f:bd:
                    e9:b6:aa:c6:b1:47:b1:d8:51:98:c3:1e:3d:02:b4:
                    1b:49:91:2f:92:07:1d:7e:06:d3:a3:21:3d:e1:b0:
                    e3:cb:85:3d:ad:c1:a3:9e:50:92:6f:d8:84:99:d5:
                    55:e3:39:42:9e:6f:05:25:92:d9:aa:b4:a3:77:8d:
                    5e:80:2f:af:b0:aa:b7:7a:d6:34:2a:eb:00:0c:dd:
                    3e:23:2b:94:ef:94:f3:d4:f5:a2:a4:9b:da:1d:4c:
                    a9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:75:37:DB:E1:07:20:10:89:7B:17:5F:02:C2:2E:FC:5A:EE:2A:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9bc18d10-10e3-49dc-b874-0a5e8b6951ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.78.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b0:2a:7c:54:85:e7:fb:b5:4a:e4:8e:cc:1d:16:ac:16:e0:d4:
         db:8c:ab:73:0c:06:1a:90:e0:87:f1:be:79:44:bc:d0:2d:5e:
         f1:b1:8f:5a:5b:43:f4:b1:13:19:a8:c1:02:87:95:1c:16:70:
         cb:19:ad:71:be:e9:a0:a9:43:46:33:c0:ac:4b:e5:cc:c5:fb:
         f5:c4:9d:12:70:a5:07:67:c6:aa:ce:df:82:2d:7c:bb:7e:63:
         6f:86:c3:ab:bb:01:29:93:b8:d4:c2:fe:e7:e8:55:a8:cb:1b:
         49:8f:dc:c0:a4:bb:be:87:85:16:04:2a:aa:99:fa:87:34:aa:
         62:41:02:82:66:fd:2d:55:19:79:54:c8:cb:c3:c7:46:05:47:
         31:e7:94:d5:71:68:aa:73:5a:b4:f7:73:f0:69:ba:1b:d0:c1:
         0a:32:b9:bf:cd:30:15:97:c3:ed:d7:59:c0:ba:cb:27:58:4c:
         7b:38:ed:16:14:39:6a:b4:81:7c:ae:dd:f2:bf:10:b9:3b:19:
         89:49:ca:ed:9a:d6:ea:68:8d:7a:55:1e:bf:93:42:a4:95:cb:
         6e:57:d4:11:9e:b6:cb:d4:01:f5:92:11:e1:8b:e6:6f:b3:fc:
         7b:6b:03:28:55:0a:dc:d7:6d:a4:9a:f2:1e:54:7b:eb:77:50:
         82:c8:a6:f5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUebhQw+D+XPxZ14BU35LABHPM71owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI3MDAwMDAwWhcNMjUwMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTJhOWM4NmJmZDMzYzJlOTk3MzBiNjcxMDU3ZWI3NTBl
ODU2NmM1OTU5OTMzNzViOTA1Njg2NDkwODE0Y2Q3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCke/mL/2Rp37G+pivmsjZYWFOisp9RIGacY/nRr8uD4PO6
au8qJGtojjMrEpuvmXSMJDD/aI6bwM4aEQOHgSrQ8yDwl+nI1TkrAg6l+N48MMs1
NEmwU1bQyHWep9322xwhCphxehwqZLnsjFCYDH+G3nHo0kT0i73p+NTFR7Yj0fY6
l9THV0oVGDrWuG+SkkCu8q4kW7C2MD1S/2KBL1ilHs1vvem2qsaxR7HYUZjDHj0C
tBtJkS+SBx1+BtOjIT3hsOPLhT2twaOeUJJv2ISZ1VXjOUKebwUlktmqtKN3jV6A
L6+wqrd61jQq6wAM3T4jK5TvlPPU9aKkm9odTKlDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4nU32+EHIBCJexdfAsIu/FruKgUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzliYzE4ZDEwLTEwZTMtNDlkYy1iODc0LTBhNWU4YjY5NTFiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQTjANBgkqhkiG9w0BAQsFAAOCAQEAsCp8VIXn+7VK5I7MHRasFuDU24yr
cwwGGpDgh/G+eUS80C1e8bGPWltD9LETGajBAoeVHBZwyxmtcb7poKlDRjPArEvl
zMX79cSdEnClB2fGqs7fgi18u35jb4bDq7sBKZO41ML+5+hVqMsbSY/cwKS7voeF
FgQqqpn6hzSqYkECgmb9LVUZeVTIy8PHRgVHMeeU1XFoqnNatPdz8Gm6G9DBCjK5
v80wFZfD7ddZwLrLJ1hMezjtFhQ5arSBfK7d8r8QuTsZiUnK7ZrW6miNelUev5NC
pJXLblfUEZ62y9QB9ZIR4Yvmb7P8e2sDKFUK3NdtpJryHlR763dQgsim9Q==
-----END CERTIFICATE-----