Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c75697e-cdbd-476b-87c4-53743d6d51ae.roa
File:                     9c75697e-cdbd-476b-87c4-53743d6d51ae.roa (raw, json)
Hash identifier:          v0UcGxOadJNuCshELyxEqgUgx9d1UZqhKwsEXra8uOk=
Subject key identifier:   B1:16:79:3B:9B:BA:1B:0F:32:3E:E4:7F:7A:F5:54:12:89:D1:2C:2C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       245D3EB5A5624782C494F6F3ED76B37CE6AA2415
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c75697e-cdbd-476b-87c4-53743d6d51ae.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.155.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:5d:3e:b5:a5:62:47:82:c4:94:f6:f3:ed:76:b3:7c:e6:aa:24:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:af:a2:35:95:bd:1a:59:5b:da:55:5b:7a:0b:
                    33:bb:1e:49:d6:87:c1:a7:b9:e6:0b:5b:9a:f2:a5:
                    23:36:0b:8c:f7:92:f2:5a:9d:2e:e7:b1:39:f4:56:
                    2a:3b:ac:20:45:3b:8d:75:1d:72:ce:50:5c:6e:cd:
                    cf:c6:f9:8d:e5:1b:74:07:74:f2:90:2e:ea:a3:1a:
                    47:36:6e:df:b5:87:d0:b1:5c:fe:2c:c7:c6:fe:84:
                    ef:37:6a:36:5a:d0:bb:bf:e0:16:7b:48:c2:0e:bb:
                    48:18:59:c2:b3:7d:87:98:bd:e3:9e:d5:3f:fa:d3:
                    90:fd:cd:38:23:50:25:ff:f5:ef:7a:5b:2c:23:7c:
                    ef:c9:36:6b:c0:ef:64:b0:1b:de:2f:50:b5:39:65:
                    8d:2e:53:61:91:c8:c3:38:59:b0:a8:18:af:f0:1a:
                    5a:d0:3b:2d:b4:d4:b7:28:3e:43:67:87:e6:a6:56:
                    29:d7:93:27:95:2d:da:f1:8a:8a:83:32:f1:30:be:
                    53:13:2a:fb:5f:d1:c4:45:d3:9b:6b:bf:6a:b6:ec:
                    09:ad:e1:ea:2a:09:97:88:40:7c:98:c3:d5:cb:d6:
                    d0:9d:21:5f:8b:1a:5d:b6:37:4d:27:30:78:0e:d8:
                    f4:6c:19:13:75:75:a9:c9:98:b8:c5:cf:7f:ee:f3:
                    e9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:16:79:3B:9B:BA:1B:0F:32:3E:E4:7F:7A:F5:54:12:89:D1:2C:2C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9c75697e-cdbd-476b-87c4-53743d6d51ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.155.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:9c:a4:10:d3:9d:31:69:e4:96:41:dc:49:9f:6b:45:45:13:
         32:76:79:a6:cc:1c:13:5a:61:b2:19:c6:62:d2:61:27:90:40:
         67:de:b7:f0:ad:01:47:8a:4c:5a:c8:04:6c:b1:de:79:42:f7:
         61:2f:4f:3d:af:40:e5:70:4e:1f:83:5a:6f:3e:39:73:53:9b:
         17:1a:9e:d3:1f:a1:16:aa:93:82:c7:be:2a:0d:8b:9e:51:9e:
         0a:1e:6e:ed:2c:d9:3c:a2:5e:42:74:98:6d:3f:5a:e0:47:e6:
         42:3f:5a:90:ee:1c:6e:52:9d:f3:f8:3b:c2:a3:67:59:27:c4:
         bd:97:7b:ec:f1:9b:59:a8:27:ff:57:a2:ef:6e:63:24:b4:7d:
         e2:e3:c9:89:5a:1b:0e:a1:55:f1:a0:bf:41:7c:ec:c5:c0:04:
         f8:86:49:85:7c:f2:de:e3:7c:ea:fc:f8:48:61:41:8c:bc:77:
         bb:53:59:39:4e:44:65:f3:41:3f:5c:3a:aa:3f:cc:f9:9e:b5:
         18:37:5c:45:74:7d:8c:55:ea:b5:8c:63:23:cb:c8:d6:b9:4b:
         ef:d0:23:c5:3b:9a:95:20:cb:5c:80:10:86:41:57:fc:7c:d6:
         b9:cf:8a:d9:85:e7:55:18:42:43:0d:7f:30:76:19:dd:aa:7b:
         19:41:14:6c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJF0+taViR4LElPbz7XazfOaqJBUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlM2QwMDA4NDFlOWVmYjBiZDVhNmJiNWIzMzRiZTNlZGU5
N2E0ZGUyMDgxMjEyMTQ3Y2JhYzhkOTMzMjA4ZTE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2r6I1lb0aWVvaVVt6CzO7HknWh8GnueYLW5rypSM2C4z3
kvJanS7nsTn0Vio7rCBFO411HXLOUFxuzc/G+Y3lG3QHdPKQLuqjGkc2bt+1h9Cx
XP4sx8b+hO83ajZa0Lu/4BZ7SMIOu0gYWcKzfYeYveOe1T/605D9zTgjUCX/9e96
WywjfO/JNmvA72SwG94vULU5ZY0uU2GRyMM4WbCoGK/wGlrQOy201LcoPkNnh+am
VinXkyeVLdrxioqDMvEwvlMTKvtf0cRF05trv2q27Amt4eoqCZeIQHyYw9XL1tCd
IV+LGl22N00nMHgO2PRsGRN1danJmLjFz3/u8+n9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsRZ5O5u6Gw8yPuR/evVUEonRLCwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzljNzU2OTdlLWNkYmQtNDc2Yi04N2M0LTUzNzQzZDZkNTFhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQmzANBgkqhkiG9w0BAQsFAAOCAQEAo5ykENOdMWnklkHcSZ9rRUUTMnZ5
pswcE1phshnGYtJhJ5BAZ9638K0BR4pMWsgEbLHeeUL3YS9PPa9A5XBOH4Nabz45
c1ObFxqe0x+hFqqTgse+Kg2LnlGeCh5u7SzZPKJeQnSYbT9a4EfmQj9akO4cblKd
8/g7wqNnWSfEvZd77PGbWagn/1ei725jJLR94uPJiVobDqFV8aC/QXzsxcAE+IZJ
hXzy3uN86vz4SGFBjLx3u1NZOU5EZfNBP1w6qj/M+Z61GDdcRXR9jFXqtYxjI8vI
1rlL79AjxTualSDLXIAQhkFX/HzWuc+K2YXnVRhCQw1/MHYZ3ap7GUEUbA==
-----END CERTIFICATE-----