Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2bcc353-c9d4-47a1-a718-b7c54478b1bd.roa
File:                     c2bcc353-c9d4-47a1-a718-b7c54478b1bd.roa (raw, json)
Hash identifier:          pkSk9uduhq7DrrX+e3b3vS5A+M/2gA+kod10VpDcNUs=
Subject key identifier:   A4:E2:F6:01:9A:AF:6F:DE:92:A7:8F:F6:F1:79:22:9B:C8:D5:16:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       170570EDA6B59479B5CD95F5ABC1E44E873B1307
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2bcc353-c9d4-47a1-a718-b7c54478b1bd.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.138.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:05:70:ed:a6:b5:94:79:b5:cd:95:f5:ab:c1:e4:4e:87:3b:13:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=886192aac7bcc94340cd55359e2f8c2402aa4cb5b12718338e8d697b42e4bc2b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:4c:09:30:39:11:cb:4e:1a:39:2a:f3:70:e7:
                    88:af:2b:83:65:34:c5:84:d3:1f:03:a1:ae:60:e9:
                    24:30:f8:d1:03:85:90:75:1f:8c:04:0d:0b:ff:70:
                    c6:4c:53:d9:57:63:67:8b:03:79:8a:8b:c6:2f:ed:
                    84:4c:06:38:93:8e:2f:1f:93:b3:89:cc:26:ad:f2:
                    8e:c6:7c:0b:fd:02:3e:6b:a2:f9:51:d0:3d:89:c2:
                    c0:53:69:e1:1e:96:e4:a7:c4:6a:e1:23:7a:61:1a:
                    bf:84:01:47:a9:4a:9c:c5:19:8a:b4:63:42:ef:49:
                    86:66:db:d6:1e:1a:96:b5:79:24:d1:ad:69:c7:31:
                    1d:bc:84:50:48:00:93:77:cc:6c:f1:f3:46:7a:ca:
                    ed:de:34:9a:66:c6:5c:a4:56:45:e6:66:3f:e0:4e:
                    a6:91:e9:60:bd:a4:3d:91:af:aa:d6:6b:6f:67:b5:
                    d9:87:9c:f3:be:ce:75:72:ab:7e:9d:95:36:67:f1:
                    b7:d6:8d:18:16:4c:6e:e8:0e:5f:de:b6:b3:b9:2c:
                    7b:55:4d:98:c3:a5:5f:81:53:08:bc:c0:59:85:ef:
                    84:47:11:a2:ae:5f:9a:31:45:97:66:4e:f1:a7:77:
                    29:29:e7:be:2f:dc:c1:8c:4d:46:93:c2:79:70:65:
                    17:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E2:F6:01:9A:AF:6F:DE:92:A7:8F:F6:F1:79:22:9B:C8:D5:16:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2bcc353-c9d4-47a1-a718-b7c54478b1bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.138.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         28:3b:7c:61:d4:87:7a:4e:b7:d8:39:d9:16:7d:c1:5f:91:0d:
         6e:fd:38:b9:c2:f6:3b:66:67:0d:ea:40:f3:7f:44:69:2d:50:
         cb:54:92:8e:bd:1b:9c:26:e5:57:4a:d2:e0:f8:ae:52:2e:52:
         bf:e9:03:d9:2f:a8:c3:37:85:9c:bc:2e:08:0f:32:67:86:f1:
         52:99:6f:da:4d:a8:bd:19:67:b9:af:35:f9:92:de:1a:3f:9b:
         17:13:74:4a:54:de:52:79:d6:9a:a6:36:00:c2:20:31:23:ea:
         bb:c9:02:cb:ab:3c:d6:82:93:a4:91:2e:7f:e8:9a:9c:d1:38:
         4a:a9:19:04:0d:6e:9f:57:9e:fb:64:20:d2:9b:8b:fe:60:d9:
         42:3e:7e:3b:bc:01:41:c0:d3:e0:ca:83:a4:0b:87:a0:1b:f6:
         64:7b:97:7d:79:9f:32:63:8d:2e:67:21:55:03:88:aa:81:8c:
         34:4c:e7:f6:b6:b1:1a:0a:2f:f0:fe:f2:cb:83:d0:fc:4f:c5:
         7f:66:ea:03:5a:ca:45:71:df:c3:4c:31:f8:55:7a:74:2e:0e:
         6d:81:46:c5:74:c3:dd:1d:5c:4f:48:48:e3:5e:20:e5:79:5c:
         5b:b4:ea:22:5b:3b:5e:39:60:6a:34:34:bc:93:8e:ad:d9:a8:
         1d:96:cf:76
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFwVw7aa1lHm1zZX1q8HkToc7EwcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODYxOTJhYWM3YmNjOTQzNDBjZDU1MzU5ZTJmOGMyNDAy
YWE0Y2I1YjEyNzE4MzM4ZThkNjk3YjQyZTRiYzJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvTAkwORHLTho5KvNw54ivK4NlNMWE0x8Doa5g6SQw+NED
hZB1H4wEDQv/cMZMU9lXY2eLA3mKi8Yv7YRMBjiTji8fk7OJzCat8o7GfAv9Aj5r
ovlR0D2JwsBTaeEeluSnxGrhI3phGr+EAUepSpzFGYq0Y0LvSYZm29YeGpa1eSTR
rWnHMR28hFBIAJN3zGzx80Z6yu3eNJpmxlykVkXmZj/gTqaR6WC9pD2Rr6rWa29n
tdmHnPO+znVyq36dlTZn8bfWjRgWTG7oDl/etrO5LHtVTZjDpV+BUwi8wFmF74RH
EaKuX5oxRZdmTvGndykp574v3MGMTUaTwnlwZRdbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpOL2AZqvb96Sp4/28Xkim8jVFsEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyYmNjMzUzLWM5ZDQtNDdhMS1hNzE4LWI3YzU0NDc4YjFiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQijANBgkqhkiG9w0BAQsFAAOCAQEAKDt8YdSHek632DnZFn3BX5ENbv04
ucL2O2ZnDepA839EaS1Qy1SSjr0bnCblV0rS4PiuUi5Sv+kD2S+owzeFnLwuCA8y
Z4bxUplv2k2ovRlnua81+ZLeGj+bFxN0SlTeUnnWmqY2AMIgMSPqu8kCy6s81oKT
pJEuf+ianNE4SqkZBA1un1ee+2Qg0puL/mDZQj5+O7wBQcDT4MqDpAuHoBv2ZHuX
fXmfMmONLmchVQOIqoGMNEzn9raxGgov8P7yy4PQ/E/Ff2bqA1rKRXHfw0wx+FV6
dC4ObYFGxXTD3R1cT0hI414g5XlcW7TqIls7XjlgajQ0vJOOrdmoHZbPdg==
-----END CERTIFICATE-----