Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a943f07c-803a-494b-ac3a-c1da0a65f0d4.roa
File:                     a943f07c-803a-494b-ac3a-c1da0a65f0d4.roa (raw, json)
Hash identifier:          0o6MVkt9wK9R5HET7jg9neMzzCzN+KwE4JRKf3mioHw=
Subject key identifier:   45:0E:62:F4:8A:33:34:00:C7:77:8F:D4:B8:AC:06:A8:23:5A:67:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       047ED8D8D54A82CC3D18A1E66706D8AFED4D9293
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a943f07c-803a-494b-ac3a-c1da0a65f0d4.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.12.71.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:7e:d8:d8:d5:4a:82:cc:3d:18:a1:e6:67:06:d8:af:ed:4d:92:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=39a13738f3df441dfefcf36a9639cce0655e12c0c14b83bd9b8864ad6a3afddb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:cd:a5:2b:d5:9f:76:9a:00:87:5d:d3:6b:dd:
                    a0:e6:03:ba:d1:dd:89:20:d7:67:c3:06:46:d9:1b:
                    5f:35:cb:b5:30:a7:97:c9:94:c2:11:b1:0c:90:09:
                    aa:d9:50:6e:60:b6:54:86:59:4e:e3:04:3a:e1:9d:
                    3f:df:24:29:20:2f:84:61:1b:b4:ab:bd:9c:de:dd:
                    cc:be:39:c2:6f:82:04:b5:fd:13:68:5d:eb:5a:01:
                    b4:5b:92:92:b0:71:ba:84:9c:83:b8:2b:a5:fd:0c:
                    63:15:8e:4c:f1:88:43:fc:84:d4:de:2a:d4:46:de:
                    b8:77:60:5a:51:6f:b9:90:ed:e3:2a:ef:df:a0:35:
                    be:1b:dd:1d:7b:0b:34:d1:57:ff:13:b8:fa:c1:28:
                    aa:47:8b:1b:70:91:27:c8:8b:02:14:d1:ec:c3:d9:
                    6e:89:7a:d8:1f:5e:49:c0:bd:79:8d:e3:c8:a1:53:
                    54:bf:17:f0:f2:de:b6:22:40:ad:b8:6f:17:57:04:
                    5c:70:56:3f:6a:7d:b3:4c:7a:67:fe:05:10:12:e3:
                    9f:ce:ec:5d:30:63:e6:9e:67:b4:7a:14:c6:80:54:
                    fd:a2:f4:80:12:f5:ac:53:33:ae:98:eb:50:05:b8:
                    a1:29:fa:ff:82:03:5b:13:82:70:a5:52:e9:ac:c6:
                    56:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0E:62:F4:8A:33:34:00:C7:77:8F:D4:B8:AC:06:A8:23:5A:67:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a943f07c-803a-494b-ac3a-c1da0a65f0d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.12.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:05:de:05:5d:db:6a:0f:2d:11:74:b0:f4:64:74:be:9d:3c:
         4f:dc:b9:38:8f:58:1c:5b:71:87:9e:57:67:e2:c5:d0:35:fe:
         06:a8:8d:21:c1:b7:30:62:15:97:e3:92:d4:83:60:2e:25:c8:
         b2:47:5f:b8:d7:d7:26:74:db:91:fa:52:bb:90:e4:74:ee:cd:
         c4:6c:7b:9a:56:5e:e0:bb:43:29:e6:40:91:b4:f3:2b:7a:ba:
         d6:7f:3f:57:59:4b:f4:aa:80:ec:45:eb:d8:8d:77:76:da:33:
         6f:14:82:b6:77:02:09:a1:fa:34:33:72:23:a4:1e:14:58:8d:
         3a:19:8c:7c:22:ff:82:70:95:d3:7a:9d:b3:ff:d2:73:eb:f9:
         b4:a3:da:d7:9e:99:de:f9:3a:77:4b:8c:09:4c:f0:00:90:58:
         74:08:f7:e4:4f:9f:8b:8b:ae:df:2f:0f:a9:44:f3:c9:57:5a:
         c5:fd:b9:96:76:37:bc:15:20:de:b3:ed:fb:8b:6f:af:09:ff:
         d6:fe:bb:31:47:93:47:02:ae:b2:dc:b5:6f:1d:ae:a3:30:66:
         27:5f:aa:68:34:63:d7:3a:fa:d9:c1:69:ba:a5:87:76:38:d9:
         59:48:20:62:ee:63:2a:32:a7:fc:85:9f:0e:f2:12:35:ed:e5:
         9f:81:7b:ae
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBH7Y2NVKgsw9GKHmZwbYr+1NkpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOWExMzczOGYzZGY0NDFkZmVmY2YzNmE5NjM5Y2NlMDY1
NWUxMmMwYzE0YjgzYmQ5Yjg4NjRhZDZhM2FmZGRiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDzaUr1Z92mgCHXdNr3aDmA7rR3Ykg12fDBkbZG181y7Uw
p5fJlMIRsQyQCarZUG5gtlSGWU7jBDrhnT/fJCkgL4RhG7SrvZze3cy+OcJvggS1
/RNoXetaAbRbkpKwcbqEnIO4K6X9DGMVjkzxiEP8hNTeKtRG3rh3YFpRb7mQ7eMq
79+gNb4b3R17CzTRV/8TuPrBKKpHixtwkSfIiwIU0ezD2W6JetgfXknAvXmN48ih
U1S/F/Dy3rYiQK24bxdXBFxwVj9qfbNMemf+BRAS45/O7F0wY+aeZ7R6FMaAVP2i
9IAS9axTM66Y61AFuKEp+v+CA1sTgnClUumsxlaTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURQ5i9IozNADHd4/UuKwGqCNaZ4gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E5NDNmMDdjLTgwM2EtNDk0Yi1hYzNhLWMxZGEwYTY1ZjBkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAQDEcwDQYJKoZIhvcNAQELBQADggEBAEIF3gVd22oPLRF0sPRkdL6dPE/c
uTiPWBxbcYeeV2fixdA1/gaojSHBtzBiFZfjktSDYC4lyLJHX7jX1yZ025H6UruQ
5HTuzcRse5pWXuC7QynmQJG08yt6utZ/P1dZS/SqgOxF69iNd3baM28UgrZ3Agmh
+jQzciOkHhRYjToZjHwi/4JwldN6nbP/0nPr+bSj2teemd75OndLjAlM8ACQWHQI
9+RPn4uLrt8vD6lE88lXWsX9uZZ2N7wVIN6z7fuLb68J/9b+uzFHk0cCrrLctW8d
rqMwZidfqmg0Y9c6+tnBabqlh3Y42VlIIGLuYyoyp/yFnw7yEjXt5Z+Be64=
-----END CERTIFICATE-----