Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d406957-d266-4c64-b9a3-434a5c6169ea.roa
File:                     9d406957-d266-4c64-b9a3-434a5c6169ea.roa (raw, json)
Hash identifier:          Sp+GtuN1Sg0HHJHrXFtFxZND749t2ijy78IPW2qSQyk=
Subject key identifier:   B2:C0:A3:19:3B:17:CF:A4:E3:DF:0E:A9:83:61:FF:39:A8:58:62:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       292362C592C61EF3AA9E9118C7A13A8C4803733E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d406957-d266-4c64-b9a3-434a5c6169ea.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.142.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:23:62:c5:92:c6:1e:f3:aa:9e:91:18:c7:a1:3a:8c:48:03:73:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:6f:6d:44:a9:00:31:ab:05:70:14:d7:3b:5e:
                    0e:9b:f4:ca:d4:8e:b5:c6:c3:62:13:16:c3:9f:aa:
                    4a:b2:52:d9:80:e3:35:e2:71:bb:9a:b0:f0:b3:89:
                    c9:b1:66:10:5a:9b:e5:f6:be:b5:a8:2f:bc:1a:6f:
                    05:f9:81:7b:56:60:5d:73:4d:2e:31:40:90:13:37:
                    57:ec:0d:3f:f1:b0:7c:5c:c2:9f:52:b8:d4:9e:27:
                    28:86:e5:89:12:27:aa:ce:bc:cb:39:25:3e:6f:15:
                    7b:b0:29:10:1d:37:38:04:d5:75:3f:3b:25:cf:1f:
                    29:2b:bc:7a:2d:80:f7:d7:25:39:e8:47:c3:dc:5c:
                    05:ec:5f:57:dd:5a:b0:db:f3:b0:44:32:69:78:f5:
                    56:94:dd:0d:e2:90:c7:c1:fc:52:4f:38:7b:0f:19:
                    4f:8a:2d:74:38:48:7f:32:d3:6c:b7:c5:94:ec:74:
                    7a:77:a6:7f:7d:dc:6b:73:f1:fe:ef:bf:bd:40:ed:
                    83:ae:c8:56:40:ac:93:3f:01:e5:01:3e:95:42:d6:
                    8e:17:86:46:9a:f6:d9:a4:2a:03:85:91:a2:ad:db:
                    a1:5f:16:9f:2f:e5:d1:14:ac:60:a3:74:ec:93:b8:
                    22:59:bb:df:30:86:77:5d:81:0f:e3:b3:6c:05:7f:
                    3f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:C0:A3:19:3B:17:CF:A4:E3:DF:0E:A9:83:61:FF:39:A8:58:62:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9d406957-d266-4c64-b9a3-434a5c6169ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.142.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cd:4c:4c:82:8d:3f:f3:1c:86:28:0c:6f:9f:0f:1e:d7:13:49:
         30:c6:1e:46:54:58:2b:9c:0f:f2:a9:1a:d6:48:ca:a6:82:1e:
         65:1c:11:8f:f0:81:10:69:67:73:45:a5:8b:7f:a9:19:ce:b4:
         6d:c6:c1:e0:b0:67:9c:1c:26:de:50:3c:45:7d:85:f9:05:b9:
         1e:f1:d7:94:6b:64:97:b9:43:d4:fe:c8:4b:0e:bd:66:af:22:
         01:bf:75:37:be:ad:70:fc:e3:48:50:94:f1:b9:ea:9c:11:f1:
         fa:ba:de:e1:9b:3d:6b:73:d8:60:83:7b:d2:87:ee:fa:4d:4e:
         bd:88:b7:6f:a3:a0:cb:fc:a3:a4:ed:13:58:b5:fb:57:da:9b:
         64:dc:0e:94:4d:4a:86:82:14:4a:2e:b3:db:e5:8b:b1:80:8e:
         48:f8:b0:4a:5f:ad:83:6f:7e:46:e5:93:b3:6e:62:7e:42:a0:
         8b:71:6f:38:8b:61:cf:b8:fd:14:e9:f6:50:a1:b7:bb:cf:6c:
         fb:df:ce:2c:30:18:ee:ea:b5:0b:d6:81:e2:08:4a:35:aa:d1:
         53:24:84:cb:15:03:b1:07:ae:ee:95:3b:ca:79:79:ea:c3:3c:
         20:58:c0:c0:74:8d:6e:d6:50:da:9c:f4:27:f1:cf:99:9b:ed:
         c9:3b:22:35
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKSNixZLGHvOqnpEYx6E6jEgDcz4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwY2U4MmYzNGNlMGQ0OWE5NmIzNzZiMDg0MzJjYjE3MTZl
NTNiOTQwOTBjNTg0MTI4YzMzZjU5YjMwZDI2MzIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqb21EqQAxqwVwFNc7Xg6b9MrUjrXGw2ITFsOfqkqyUtmA
4zXicbuasPCzicmxZhBam+X2vrWoL7wabwX5gXtWYF1zTS4xQJATN1fsDT/xsHxc
wp9SuNSeJyiG5YkSJ6rOvMs5JT5vFXuwKRAdNzgE1XU/OyXPHykrvHotgPfXJTno
R8PcXAXsX1fdWrDb87BEMml49VaU3Q3ikMfB/FJPOHsPGU+KLXQ4SH8y02y3xZTs
dHp3pn993Gtz8f7vv71A7YOuyFZArJM/AeUBPpVC1o4Xhkaa9tmkKgOFkaKt26Ff
Fp8v5dEUrGCjdOyTuCJZu98whnddgQ/js2wFfz+ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUssCjGTsXz6Tj3w6pg2H/OahYYjEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkNDA2OTU3LWQyNjYtNGM2NC1iOWEzLTQzNGE1YzYxNjllYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQjjANBgkqhkiG9w0BAQsFAAOCAQEAzUxMgo0/8xyGKAxvnw8e1xNJMMYe
RlRYK5wP8qka1kjKpoIeZRwRj/CBEGlnc0Wli3+pGc60bcbB4LBnnBwm3lA8RX2F
+QW5HvHXlGtkl7lD1P7ISw69Zq8iAb91N76tcPzjSFCU8bnqnBHx+rre4Zs9a3PY
YIN70ofu+k1OvYi3b6Ogy/yjpO0TWLX7V9qbZNwOlE1KhoIUSi6z2+WLsYCOSPiw
Sl+tg29+RuWTs25ifkKgi3FvOIthz7j9FOn2UKG3u89s+9/OLDAY7uq1C9aB4ghK
NarRUySEyxUDsQeu7pU7ynl56sM8IFjAwHSNbtZQ2pz0J/HPmZvtyTsiNQ==
-----END CERTIFICATE-----