Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7bbbf18-033a-445d-9051-77efbf72751b.roa
File:                     c7bbbf18-033a-445d-9051-77efbf72751b.roa (raw, json)
Hash identifier:          aLD99UaxlhT0sZakM2WYplW18XYw1matVOZncsrQocw=
Subject key identifier:   70:AD:A4:DF:84:0B:1C:D0:8E:E5:D8:28:73:6F:54:56:12:31:87:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13BEDDEEA94897B07496C2F3CF17A200EBAC650D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7bbbf18-033a-445d-9051-77efbf72751b.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.158.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:be:dd:ee:a9:48:97:b0:74:96:c2:f3:cf:17:a2:00:eb:ac:65:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=ffb6ed4ef3da92f7bbcd16ac35714309f678333c57d52cd265ec27e26175a8d1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b9:7d:ec:86:ba:4b:a5:3b:f2:93:cb:f5:35:
                    5c:b0:60:1a:5b:19:62:ea:14:49:3f:5f:6f:34:41:
                    04:ac:8f:08:f5:09:fe:db:17:ca:cc:b5:95:62:bc:
                    a2:8d:f4:1a:25:32:6a:b8:f4:61:95:ba:21:16:26:
                    b6:24:e4:ac:f9:f0:10:5f:1a:3a:6c:cd:2e:95:62:
                    e9:11:e6:1d:43:6b:8a:d4:e7:d8:49:c1:bf:3b:f1:
                    9c:c6:63:5e:4e:ad:eb:30:68:90:b5:48:b5:1b:9e:
                    f7:bb:a0:e1:fb:32:ef:69:e3:c5:02:fe:be:71:dd:
                    ce:47:4a:03:32:35:2e:80:33:58:ec:ef:48:50:2e:
                    84:13:72:68:05:2b:6b:47:8b:e0:f3:78:ec:3d:c1:
                    5d:f6:10:e7:89:f3:cf:9f:5b:6c:41:74:cc:7f:c5:
                    41:aa:8d:8d:5f:0f:6c:91:a2:62:df:c0:19:cb:78:
                    7c:ea:cf:b7:48:eb:6d:60:b4:8d:33:8d:1b:3c:18:
                    bb:32:4b:47:6d:ee:f9:13:3d:80:56:f1:6f:28:63:
                    b7:c0:b4:d5:a5:61:0d:b8:c0:2e:23:ef:1c:b1:a5:
                    5d:aa:3f:fc:a9:f5:c9:42:ad:80:fe:12:2d:c6:92:
                    a9:88:3e:fb:e1:23:fa:83:2d:d6:3a:38:3d:68:a8:
                    0e:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:AD:A4:DF:84:0B:1C:D0:8E:E5:D8:28:73:6F:54:56:12:31:87:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c7bbbf18-033a-445d-9051-77efbf72751b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.158.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5d:3d:03:04:37:a3:a1:f9:88:a2:b2:76:50:32:eb:ce:73:dd:
         eb:87:a6:f1:6f:91:c9:09:04:b4:a9:41:69:e0:74:97:da:0a:
         b0:e6:e8:7e:5c:50:d4:42:fe:a7:b4:d8:d1:64:6d:96:14:ef:
         7a:0a:66:47:75:d5:2f:55:61:76:f7:38:c2:61:61:06:9d:29:
         85:f8:6c:6c:0c:f6:23:4d:52:65:55:81:db:dd:e7:54:7e:be:
         fb:6c:15:2e:2d:9a:53:5f:d4:0a:24:94:04:25:16:a2:cc:a8:
         3f:c6:85:b9:c0:67:1f:66:aa:fe:42:30:f7:fb:a9:6f:7f:4e:
         98:9a:6b:1b:04:86:2b:b4:e9:5a:6c:31:b8:0a:25:94:b2:43:
         58:61:31:33:13:48:c1:0b:a6:e8:2a:e0:96:65:fb:7c:4d:16:
         c5:15:92:1d:4b:5d:e9:ad:d6:08:06:e9:92:40:64:26:b1:75:
         d4:4e:73:f9:1a:f8:e9:fb:aa:44:10:93:4f:f9:74:fd:a6:80:
         a3:c0:bb:34:87:59:d3:f4:ed:25:e4:c4:17:f7:a1:c9:15:88:
         1e:7e:52:5e:68:18:74:a6:87:1f:a4:0f:bb:bc:c6:82:35:98:
         c0:0d:d3:9d:82:63:b5:07:ce:89:bb:af:ec:a2:1e:b2:0d:44:
         cd:4d:93:17
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUE77d7qlIl7B0lsLzzxeiAOusZQ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmI2ZWQ0ZWYzZGE5MmY3YmJjZDE2YWMzNTcxNDMwOWY2
NzgzMzNjNTdkNTJjZDI2NWVjMjdlMjYxNzVhOGQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuuX3shrpLpTvyk8v1NVywYBpbGWLqFEk/X280QQSsjwj1
Cf7bF8rMtZVivKKN9BolMmq49GGVuiEWJrYk5Kz58BBfGjpszS6VYukR5h1Da4rU
59hJwb878ZzGY15OreswaJC1SLUbnve7oOH7Mu9p48UC/r5x3c5HSgMyNS6AM1js
70hQLoQTcmgFK2tHi+DzeOw9wV32EOeJ88+fW2xBdMx/xUGqjY1fD2yRomLfwBnL
eHzqz7dI621gtI0zjRs8GLsyS0dt7vkTPYBW8W8oY7fAtNWlYQ24wC4j7xyxpV2q
P/yp9clCrYD+Ei3GkqmIPvvhI/qDLdY6OD1oqA7/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcK2k34QLHNCO5dgoc29UVhIxh3swHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3YmJiZjE4LTAzM2EtNDQ1ZC05MDUxLTc3ZWZiZjcyNzUxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQnjANBgkqhkiG9w0BAQsFAAOCAQEAXT0DBDejofmIorJ2UDLrznPd64em
8W+RyQkEtKlBaeB0l9oKsOboflxQ1EL+p7TY0WRtlhTvegpmR3XVL1Vhdvc4wmFh
Bp0phfhsbAz2I01SZVWB293nVH6++2wVLi2aU1/UCiSUBCUWosyoP8aFucBnH2aq
/kIw9/upb39OmJprGwSGK7TpWmwxuAollLJDWGExMxNIwQum6CrglmX7fE0WxRWS
HUtd6a3WCAbpkkBkJrF11E5z+Rr46fuqRBCTT/l0/aaAo8C7NIdZ0/TtJeTEF/eh
yRWIHn5SXmgYdKaHH6QPu7zGgjWYwA3TnYJjtQfOibuv7KIesg1EzU2TFw==
-----END CERTIFICATE-----