Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8b1a1ae-3f57-49cf-8741-42fded1d3af3.roa
File:                     b8b1a1ae-3f57-49cf-8741-42fded1d3af3.roa (raw, json)
Hash identifier:          2t6eWdRyyKAlYuD1u+7LfOhxTGwbDC8PQKVBPl23kwQ=
Subject key identifier:   BB:F1:93:18:03:9F:5A:17:38:57:00:8B:0D:14:3F:8E:6F:5B:15:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5DA5C8B1BCCD931EC0F6EEC1BA9A30CCFC637510
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8b1a1ae-3f57-49cf-8741-42fded1d3af3.roa
Signing time:             Wed 27 Nov 2024 00:00:00 +0000
ROA not before:           Wed 27 Nov 2024 00:00:00 +0000
ROA not after:            Wed 01 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.78.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:a5:c8:b1:bc:cd:93:1e:c0:f6:ee:c1:ba:9a:30:cc:fc:63:75:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 27 00:00:00 2024 GMT
            Not After : Jan  1 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f7:7d:9c:10:3d:b4:71:83:0f:2d:e3:42:c6:
                    ad:7d:dc:4f:ec:9a:b1:f3:49:38:86:a8:90:f1:51:
                    75:5e:ef:a9:dc:2e:a2:d6:ae:83:09:76:b8:67:2c:
                    6c:a2:64:e5:0c:3b:20:83:d2:3f:56:e5:25:89:ec:
                    57:26:a6:ab:19:6c:d9:ef:bf:ee:aa:c0:73:aa:72:
                    59:97:a1:21:fe:96:15:8b:bf:f5:a2:1d:e9:19:58:
                    ab:08:3f:3a:c3:f1:35:68:e1:ad:18:84:0f:f6:2e:
                    54:29:dd:1b:b4:55:11:2d:5a:07:a4:b8:88:24:d2:
                    52:b5:6b:44:36:eb:8f:61:42:9e:c5:16:d1:77:69:
                    98:bd:24:96:ef:b1:e5:40:df:0f:9f:ab:18:3b:30:
                    e8:93:8d:9c:d3:f8:f8:73:d6:61:bb:08:ce:39:73:
                    05:5d:9e:8c:66:f6:55:7f:0a:3d:fe:27:13:92:3f:
                    07:b3:c3:e0:50:c2:a4:6e:23:32:28:82:81:2d:ef:
                    8a:95:05:e9:56:13:c5:c8:98:c5:82:ba:5f:ae:20:
                    9d:8a:36:c4:f9:47:6a:f2:54:72:d6:79:37:35:8e:
                    0b:16:da:ef:2e:b0:8c:06:09:ea:6f:20:40:23:de:
                    aa:33:b3:41:4d:7d:85:46:e2:b8:be:f3:51:55:7b:
                    7b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:F1:93:18:03:9F:5A:17:38:57:00:8B:0D:14:3F:8E:6F:5B:15:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b8b1a1ae-3f57-49cf-8741-42fded1d3af3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.78.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         43:98:99:5c:d3:c1:52:8d:63:db:6d:52:e5:68:33:07:67:5f:
         d4:01:b7:87:4a:fa:05:7a:cd:bd:15:89:95:65:2a:3d:1a:04:
         1b:a5:ab:24:2d:73:af:c9:2a:42:14:f2:b4:dc:8a:cd:a4:34:
         e3:7d:ed:7f:2a:e0:ea:ec:62:af:e4:40:2d:35:fb:64:c0:2a:
         d8:0b:36:0b:64:93:54:1d:ab:53:2d:88:75:9d:95:b9:94:2d:
         31:ce:b4:42:c5:95:86:4d:58:b4:0f:39:fd:59:58:e8:fc:d2:
         16:e9:71:2e:12:0c:7d:33:d9:d0:74:f9:ce:c1:8a:ad:be:64:
         1f:7b:c4:3f:dd:6c:3f:a0:93:0a:7c:46:8d:51:35:e7:16:0a:
         b4:f6:c7:4c:30:1b:d1:d4:7e:62:06:c8:80:ea:ed:e8:07:85:
         84:85:ab:5b:7c:8d:6f:18:14:c5:fe:65:f9:c5:12:25:9c:5f:
         86:b7:cc:3e:57:24:0f:b6:4c:cb:79:f8:78:a2:e3:cc:a4:42:
         e9:57:66:64:6d:9b:d8:0b:99:1d:b3:de:55:77:f0:75:12:75:
         01:71:1a:f7:80:b2:e7:66:a0:33:b0:56:e7:92:61:d4:5e:c9:
         09:56:48:f1:fe:d3:9e:ce:a7:74:a2:8b:ea:f1:31:02:43:50:
         f4:69:15:bf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXaXIsbzNkx7A9u7BupowzPxjdRAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI3MDAwMDAwWhcNMjUwMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTNlNDMxMTQ3OTg5Y2EyMTc3NTkyM2U0MDQzMmY4ZDZl
NTJlOTdiZTQ0MWU2OTRiMzg2YjA3M2VlZDI3NmM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu932cED20cYMPLeNCxq193E/smrHzSTiGqJDxUXVe76nc
LqLWroMJdrhnLGyiZOUMOyCD0j9W5SWJ7FcmpqsZbNnvv+6qwHOqclmXoSH+lhWL
v/WiHekZWKsIPzrD8TVo4a0YhA/2LlQp3Ru0VREtWgekuIgk0lK1a0Q2649hQp7F
FtF3aZi9JJbvseVA3w+fqxg7MOiTjZzT+Phz1mG7CM45cwVdnoxm9lV/Cj3+JxOS
Pwezw+BQwqRuIzIogoEt74qVBelWE8XImMWCul+uIJ2KNsT5R2ryVHLWeTc1jgsW
2u8usIwGCepvIEAj3qozs0FNfYVG4ri+81FVe3t7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUu/GTGAOfWhc4VwCLDRQ/jm9bFZUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I4YjFhMWFlLTNmNTctNDljZi04NzQxLTQyZmRlZDFkM2FmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQTjANBgkqhkiG9w0BAQsFAAOCAQEAQ5iZXNPBUo1j221S5WgzB2df1AG3
h0r6BXrNvRWJlWUqPRoEG6WrJC1zr8kqQhTytNyKzaQ0433tfyrg6uxir+RALTX7
ZMAq2As2C2STVB2rUy2IdZ2VuZQtMc60QsWVhk1YtA85/VlY6PzSFulxLhIMfTPZ
0HT5zsGKrb5kH3vEP91sP6CTCnxGjVE15xYKtPbHTDAb0dR+YgbIgOrt6AeFhIWr
W3yNbxgUxf5l+cUSJZxfhrfMPlckD7ZMy3n4eKLjzKRC6VdmZG2b2AuZHbPeVXfw
dRJ1AXEa94Cy52agM7BW55Jh1F7JCVZI8f7Tns6ndKKL6vExAkNQ9GkVvw==
-----END CERTIFICATE-----