Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba290236-d1e6-4073-8da8-3da5d0b9314a.roa
File:                     ba290236-d1e6-4073-8da8-3da5d0b9314a.roa (raw, json)
Hash identifier:          Zd2alORSNRorDjWpb5A+Tb1SIuTAeO/a5Q0otL40N24=
Subject key identifier:   55:37:C3:41:AD:1E:E0:B8:BD:D0:3F:30:3D:F4:68:91:5C:14:5A:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       06CC12D71EBB88F956EECD6080A3FB12EBB1907F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba290236-d1e6-4073-8da8-3da5d0b9314a.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.126.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:cc:12:d7:1e:bb:88:f9:56:ee:cd:60:80:a3:fb:12:eb:b1:90:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=5c8e9bfabaa02462cae1de775e5cbd0f30b2e6c06c10cda3ca82b6bfdd822e11, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:a1:fe:9e:1f:ef:09:b7:94:d2:a0:4b:f4:02:
                    34:a6:26:a6:9a:98:fe:10:fe:0c:52:27:02:76:c4:
                    d3:e0:1f:72:76:df:ea:9f:94:bb:00:e7:11:5c:cb:
                    4a:5e:79:59:b5:5d:1a:94:21:45:3c:2e:4c:17:2f:
                    1f:2c:00:f3:7b:5d:3a:d4:ab:6d:8d:92:0a:64:fb:
                    76:9c:07:78:2b:db:d3:51:1b:e8:86:76:56:21:80:
                    a7:1b:ab:55:27:20:39:94:6c:50:64:60:28:7b:f7:
                    e8:52:38:81:07:25:e0:1f:cd:e5:ec:86:ff:bb:a6:
                    ea:6c:3a:05:d4:62:ae:96:fe:1a:30:ce:9c:ff:59:
                    d0:06:e5:58:b9:98:dc:43:2b:4a:89:91:d5:74:59:
                    e9:0a:61:ef:5f:82:e1:e0:a7:c6:1c:75:bc:f4:fb:
                    79:26:ea:59:9f:fc:8f:24:45:aa:89:0c:81:b4:5a:
                    4c:aa:4b:78:d7:34:b1:eb:34:ef:45:11:cd:7d:c4:
                    41:36:be:65:29:a8:71:92:69:f1:34:82:d3:c5:88:
                    cc:4e:2f:3a:47:e6:07:01:ca:ae:fd:d3:46:5a:35:
                    82:a0:a4:0b:e8:84:ca:65:cf:eb:20:db:38:64:18:
                    b5:51:30:b2:d2:85:eb:36:16:81:d9:21:b8:c5:a1:
                    6c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:37:C3:41:AD:1E:E0:B8:BD:D0:3F:30:3D:F4:68:91:5C:14:5A:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ba290236-d1e6-4073-8da8-3da5d0b9314a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.126.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         c4:e0:ef:3e:cd:35:b3:bc:27:38:cb:2c:b5:30:6b:28:8b:47:
         c5:41:ea:b3:06:e2:74:8a:7b:fa:13:a6:3d:57:66:7d:73:3d:
         30:21:b9:18:79:85:b1:3a:a3:63:e4:21:1d:10:0b:72:df:2a:
         c9:55:32:72:27:04:89:60:a6:77:cd:ec:8a:4f:a1:14:b6:ed:
         cc:25:e0:b5:b4:db:38:b9:a0:aa:ee:f1:50:78:73:ef:ea:63:
         80:04:91:15:41:6f:b4:fd:03:b1:1e:0a:46:88:cb:7b:1a:e5:
         1c:b0:e4:c5:fe:5a:ae:80:a7:7a:d5:cf:fc:11:f1:af:c3:1c:
         a6:f1:51:fd:12:4c:0a:90:c3:fd:18:35:8b:cb:41:ce:e1:b3:
         c7:e9:31:ba:62:af:15:06:15:20:13:5c:0e:d0:2c:44:d9:8e:
         33:bf:12:46:07:2c:d7:29:46:8e:b4:ef:1b:0c:4f:34:90:74:
         08:ce:17:ac:1f:81:94:0d:5f:3c:2c:4f:e6:09:c5:e0:68:48:
         a7:ee:d4:d9:8f:b0:56:3f:8c:83:fb:39:64:51:db:66:ef:06:
         00:4c:cd:38:48:d7:c6:50:32:bc:f6:fb:48:3b:a8:66:ac:6f:
         71:41:7e:30:6e:d1:5c:1c:25:25:08:c1:e5:72:d4:89:32:d7:
         02:df:59:35
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBswS1x67iPlW7s1ggKP7EuuxkH8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzhlOWJmYWJhYTAyNDYyY2FlMWRlNzc1ZTVjYmQwZjMw
YjJlNmMwNmMxMGNkYTNjYTgyYjZiZmRkODIyZTExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbof6eH+8Jt5TSoEv0AjSmJqaamP4Q/gxSJwJ2xNPgH3J2
3+qflLsA5xFcy0peeVm1XRqUIUU8LkwXLx8sAPN7XTrUq22Nkgpk+3acB3gr29NR
G+iGdlYhgKcbq1UnIDmUbFBkYCh79+hSOIEHJeAfzeXshv+7pupsOgXUYq6W/how
zpz/WdAG5Vi5mNxDK0qJkdV0WekKYe9fguHgp8Ycdbz0+3km6lmf/I8kRaqJDIG0
WkyqS3jXNLHrNO9FEc19xEE2vmUpqHGSafE0gtPFiMxOLzpH5gcByq7900ZaNYKg
pAvohMplz+sg2zhkGLVRMLLShes2FoHZIbjFoWzRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVTfDQa0e4Li90D8wPfRokVwUWsMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JhMjkwMjM2LWQxZTYtNDA3My04ZGE4LTNkYTVkMGI5MzE0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQfjANBgkqhkiG9w0BAQsFAAOCAQEAxODvPs01s7wnOMsstTBrKItHxUHq
swbidIp7+hOmPVdmfXM9MCG5GHmFsTqjY+QhHRALct8qyVUycicEiWCmd83sik+h
FLbtzCXgtbTbOLmgqu7xUHhz7+pjgASRFUFvtP0DsR4KRojLexrlHLDkxf5aroCn
etXP/BHxr8McpvFR/RJMCpDD/Rg1i8tBzuGzx+kxumKvFQYVIBNcDtAsRNmOM78S
Rgcs1ylGjrTvGwxPNJB0CM4XrB+BlA1fPCxP5gnF4GhIp+7U2Y+wVj+Mg/s5ZFHb
Zu8GAEzNOEjXxlAyvPb7SDuoZqxvcUF+MG7RXBwlJQjB5XLUiTLXAt9ZNQ==
-----END CERTIFICATE-----