Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0c742ce-2db0-459d-a69a-69a3b9610399.roa
File:                     c0c742ce-2db0-459d-a69a-69a3b9610399.roa (raw, json)
Hash identifier:          cEEz8yBYcrnUvQr/l9C8nRE7mrwQKaB8kCZpRlm3T6c=
Subject key identifier:   E2:02:06:3E:76:01:61:FE:9E:36:72:2B:04:33:22:40:5C:4A:FA:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17572B722752FE76F3BE714AB98B2EDBA305F224
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0c742ce-2db0-459d-a69a-69a3b9610399.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.180.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:57:2b:72:27:52:fe:76:f3:be:71:4a:b9:8b:2e:db:a3:05:f2:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=2a3e5d3f7d5551e0895758951ddb10e8efdb723ed7c213ce8c93a9b1ca8784e0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:fd:a9:00:30:e9:40:dd:22:46:19:4d:8f:56:
                    ab:ae:a4:71:a1:02:6d:97:52:4b:25:6c:33:d3:77:
                    12:71:27:0a:30:2e:a6:5e:4b:1c:f5:bc:8d:5f:2d:
                    c0:4c:d4:73:ba:6c:96:e4:dc:18:fb:fe:4d:55:f3:
                    4c:2a:a6:07:b1:44:ba:65:56:fc:0d:bb:b1:df:7a:
                    e8:5a:6d:fe:55:5f:00:9a:21:80:70:5c:d0:3f:f2:
                    b2:bc:b8:b3:1a:0c:ae:46:a1:dd:0f:3c:70:ff:d1:
                    b0:bd:de:83:4d:f4:90:d1:86:78:3e:ed:d5:78:e4:
                    f0:98:1e:31:1d:61:56:90:44:81:dc:48:12:29:0b:
                    a7:8d:20:42:4a:72:48:78:9c:cc:a3:ca:0d:fb:0f:
                    c7:c9:b9:dd:c8:d6:1a:f7:ec:85:aa:e9:fb:56:f0:
                    cc:52:7b:a9:0f:d8:e4:bc:ee:25:ae:69:ec:60:c0:
                    6b:1b:67:09:0f:e2:3d:c1:9b:76:f9:7e:b0:3a:8b:
                    60:8f:de:5b:cd:e6:a4:0d:6c:52:4c:97:2e:72:b0:
                    8d:53:ec:19:cf:ca:c5:7b:95:73:eb:d3:0a:32:45:
                    59:b0:8c:93:7e:36:57:fe:11:2f:c1:d8:b8:d4:84:
                    d0:51:d5:0a:7d:09:b4:68:58:e9:13:cc:3d:69:62:
                    58:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:02:06:3E:76:01:61:FE:9E:36:72:2B:04:33:22:40:5C:4A:FA:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c0c742ce-2db0-459d-a69a-69a3b9610399.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.180.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b8:64:3f:f0:10:79:60:c1:02:0a:a4:09:c6:b3:52:4c:b4:d2:
         24:a1:aa:b3:bd:1b:b3:1a:8e:7e:d4:6e:e1:14:f3:76:f9:c7:
         59:2a:0e:be:10:4c:f8:ea:46:95:db:49:e2:7f:e5:db:c1:ab:
         37:f6:f4:e1:5b:7c:b3:9b:79:70:bf:7a:67:7e:aa:b9:d3:c0:
         26:41:05:a5:16:a4:b9:6c:8d:25:ad:11:e5:ae:97:11:ac:f9:
         43:2a:11:86:ea:2f:c8:1e:fb:43:e3:7c:df:7e:7d:ad:e2:60:
         0c:94:9c:8a:47:4c:d7:43:c0:1c:62:c6:09:1d:83:3c:90:69:
         d8:e9:bf:8d:af:8a:f6:bc:59:5b:1f:12:ac:76:1d:ea:76:d1:
         dd:97:b7:8a:49:2b:04:c4:22:6d:36:0e:cd:5d:a3:b0:0a:60:
         25:85:54:49:e5:b0:ed:aa:9b:e4:57:69:cf:ae:0e:8f:c8:08:
         37:08:82:04:0a:aa:48:a3:cd:c4:b2:df:75:62:8c:1d:58:e4:
         6a:64:78:53:18:6d:9a:fb:55:68:ce:37:07:96:96:80:b8:be:
         90:c3:d1:89:41:ba:b3:25:fc:ae:bc:23:58:f8:ee:76:fc:55:
         d3:45:70:d0:f3:65:94:6a:36:79:0b:39:6b:cf:9c:78:5b:f2:
         86:dc:08:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF1crcidS/nbzvnFKuYsu26MF8iQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyYTNlNWQzZjdkNTU1MWUwODk1NzU4OTUxZGRiMTBlOGVm
ZGI3MjNlZDdjMjEzY2U4YzkzYTliMWNhODc4NGUwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDn/akAMOlA3SJGGU2PVquupHGhAm2XUkslbDPTdxJxJwow
LqZeSxz1vI1fLcBM1HO6bJbk3Bj7/k1V80wqpgexRLplVvwNu7Hfeuhabf5VXwCa
IYBwXNA/8rK8uLMaDK5God0PPHD/0bC93oNN9JDRhng+7dV45PCYHjEdYVaQRIHc
SBIpC6eNIEJKckh4nMyjyg37D8fJud3I1hr37IWq6ftW8MxSe6kP2OS87iWuaexg
wGsbZwkP4j3Bm3b5frA6i2CP3lvN5qQNbFJMly5ysI1T7BnPysV7lXPr0woyRVmw
jJN+Nlf+ES/B2LjUhNBR1Qp9CbRoWOkTzD1pYlifAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4gIGPnYBYf6eNnIrBDMiQFxK+t8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwYzc0MmNlLTJkYjAtNDU5ZC1hNjlhLTY5YTNiOTYxMDM5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQtDANBgkqhkiG9w0BAQsFAAOCAQEAuGQ/8BB5YMECCqQJxrNSTLTSJKGq
s70bsxqOftRu4RTzdvnHWSoOvhBM+OpGldtJ4n/l28GrN/b04Vt8s5t5cL96Z36q
udPAJkEFpRakuWyNJa0R5a6XEaz5QyoRhuovyB77Q+N83359reJgDJScikdM10PA
HGLGCR2DPJBp2Om/ja+K9rxZWx8SrHYd6nbR3Ze3ikkrBMQibTYOzV2jsApgJYVU
SeWw7aqb5Fdpz64Oj8gINwiCBAqqSKPNxLLfdWKMHVjkamR4UxhtmvtVaM43B5aW
gLi+kMPRiUG6syX8rrwjWPjudvxV00Vw0PNllGo2eQs5a8+ceFvyhtwI+w==
-----END CERTIFICATE-----