Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3612cb8-e230-409a-8185-edc9e3d38cfe.roa
File:                     a3612cb8-e230-409a-8185-edc9e3d38cfe.roa (raw, json)
Hash identifier:          K7E198N4/4sYQAu8ggGU26Y5GE+k3W//fCs1b9Lj8xc=
Subject key identifier:   68:37:2F:B2:A4:1D:00:2E:E8:B3:DC:35:38:72:D3:A6:4A:E4:B7:D9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5B3F37582189012D651082AD63E141578FABBAAD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3612cb8-e230-409a-8185-edc9e3d38cfe.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.186.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:3f:37:58:21:89:01:2d:65:10:82:ad:63:e1:41:57:8f:ab:ba:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=41abd7e0d55f628eb8653bd5ea25a8f6bf2cf7c338c85a9f9be3e615701e500f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b2:fa:41:f4:ec:6a:62:5b:6b:53:73:20:e8:
                    33:b3:9f:9e:36:b0:35:78:a2:f5:08:04:2e:50:ad:
                    ca:f2:71:e7:dd:9b:8e:af:d6:95:ef:cc:d0:58:e0:
                    82:02:98:aa:85:23:06:70:08:a9:db:94:05:20:c0:
                    f8:ac:e1:ea:a9:7e:80:db:0b:12:14:29:52:0f:22:
                    33:30:09:0b:3a:83:65:a7:c6:2b:ad:da:5c:37:d7:
                    28:19:90:28:29:49:a3:19:a2:2e:7c:14:58:1f:12:
                    c1:98:7b:61:76:36:aa:f4:55:24:f0:13:b9:68:a2:
                    53:06:12:62:0a:4f:28:0f:06:41:f8:54:31:e3:9d:
                    71:a6:6b:a9:60:b7:72:62:f5:79:1c:cf:c0:eb:36:
                    9b:d4:a5:94:37:c9:8b:f8:c9:d4:1d:36:e0:4c:0a:
                    b1:f4:3d:19:4d:7c:74:90:29:e0:8c:bc:ab:b7:ca:
                    1a:cb:f0:f0:29:73:55:03:fd:3b:17:94:c8:3d:92:
                    0a:84:ea:6c:15:ec:7a:3b:ea:49:14:38:b1:af:3d:
                    4c:7b:74:8c:88:d9:99:7d:d2:50:25:7c:e4:ba:8c:
                    f4:b1:29:32:6c:31:da:a6:86:e2:06:e6:ac:ef:23:
                    0f:0e:2e:ae:b3:ae:c6:93:e7:aa:7f:2d:fc:ba:53:
                    0c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:37:2F:B2:A4:1D:00:2E:E8:B3:DC:35:38:72:D3:A6:4A:E4:B7:D9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3612cb8-e230-409a-8185-edc9e3d38cfe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.186.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         72:34:ca:2b:94:5e:d5:cf:2a:c2:2a:66:05:d4:a1:e7:6e:b6:
         26:ec:93:5a:c7:ad:7c:b7:43:dd:06:7f:6d:e3:42:b1:e1:b1:
         0c:27:54:1a:96:bf:b5:44:ab:50:32:e4:88:c9:a7:bf:ce:6e:
         90:85:0e:db:2a:6f:76:e1:c9:9f:99:5e:5b:b3:99:11:71:e9:
         1f:43:1e:b8:35:e7:dc:8a:db:cc:11:03:b3:37:59:ff:63:d7:
         a4:da:ff:05:85:92:0e:cf:1e:af:c3:1b:7d:fa:a0:4b:7c:b8:
         5a:0e:fe:50:9d:d1:4b:3f:53:63:47:f3:5e:bc:cf:7c:4b:01:
         95:b5:7b:1b:f0:ce:d4:52:66:2f:d8:7a:fe:72:2e:34:e3:41:
         a1:02:2e:1b:2e:20:45:6c:57:7f:ff:35:48:2b:aa:89:3b:50:
         fa:8d:fa:a0:a6:ac:2e:69:36:5f:8b:04:9e:75:97:bf:62:48:
         1b:33:53:8b:fb:3c:7d:d7:87:9e:27:f2:d0:56:0c:cf:4e:f3:
         ea:cf:b8:8e:17:ce:72:38:12:c0:45:50:49:30:6a:4d:54:a5:
         be:16:ae:a7:0d:db:c1:1a:d5:a1:98:85:b8:62:26:06:41:2e:
         74:61:65:22:7a:e6:87:ec:7e:df:de:93:63:d8:99:7c:4d:c7:
         a6:42:fb:34
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWz83WCGJAS1lEIKtY+FBV4+ruq0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MWFiZDdlMGQ1NWY2MjhlYjg2NTNiZDVlYTI1YThmNmJm
MmNmN2MzMzhjODVhOWY5YmUzZTYxNTcwMWU1MDBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLsvpB9OxqYltrU3Mg6DOzn542sDV4ovUIBC5Qrcrycefd
m46v1pXvzNBY4IICmKqFIwZwCKnblAUgwPis4eqpfoDbCxIUKVIPIjMwCQs6g2Wn
xiut2lw31ygZkCgpSaMZoi58FFgfEsGYe2F2Nqr0VSTwE7loolMGEmIKTygPBkH4
VDHjnXGma6lgt3Ji9Xkcz8DrNpvUpZQ3yYv4ydQdNuBMCrH0PRlNfHSQKeCMvKu3
yhrL8PApc1UD/TsXlMg9kgqE6mwV7Ho76kkUOLGvPUx7dIyI2Zl90lAlfOS6jPSx
KTJsMdqmhuIG5qzvIw8OLq6zrsaT56p/Lfy6UwxdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUaDcvsqQdAC7os9w1OHLTpkrkt9kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzNjEyY2I4LWUyMzAtNDA5YS04MTg1LWVkYzllM2QzOGNmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQujANBgkqhkiG9w0BAQsFAAOCAQEAcjTKK5Re1c8qwipmBdSh5262JuyT
WsetfLdD3QZ/beNCseGxDCdUGpa/tUSrUDLkiMmnv85ukIUO2ypvduHJn5leW7OZ
EXHpH0MeuDXn3IrbzBEDszdZ/2PXpNr/BYWSDs8er8MbffqgS3y4Wg7+UJ3RSz9T
Y0fzXrzPfEsBlbV7G/DO1FJmL9h6/nIuNONBoQIuGy4gRWxXf/81SCuqiTtQ+o36
oKasLmk2X4sEnnWXv2JIGzNTi/s8fdeHnify0FYMz07z6s+4jhfOcjgSwEVQSTBq
TVSlvhaupw3bwRrVoZiFuGImBkEudGFlInrmh+x+396TY9iZfE3HpkL7NA==
-----END CERTIFICATE-----