Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6400270-eac3-4460-9a68-74d60d530637.roa
File:                     d6400270-eac3-4460-9a68-74d60d530637.roa (raw, json)
Hash identifier:          oNPOuB6yfqVXieOMLngqY60s7HToCVWTvc6rj3/Lum0=
Subject key identifier:   11:2E:1C:C1:9D:30:BE:D3:C7:9A:9F:45:82:BB:E9:FC:0A:24:30:AD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       189E986FD908E15981BED4A283411C3E50EEE9B3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6400270-eac3-4460-9a68-74d60d530637.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.107.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:9e:98:6f:d9:08:e1:59:81:be:d4:a2:83:41:1c:3e:50:ee:e9:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=6902297b87c7a29482b66528f0899a83916e1a719ffa72251c6cf04c91a63ca1, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1d:e4:c3:de:c7:af:be:2f:0b:16:27:e8:d1:
                    4d:11:7e:f5:b7:27:a1:d6:20:1f:d7:22:b6:2c:50:
                    7a:31:04:78:0a:b1:96:03:14:0b:4d:fc:df:55:e1:
                    f8:0d:43:1a:b3:0f:6b:57:2f:9a:4d:3c:6a:a7:22:
                    a6:d3:6c:99:d0:d2:c4:b8:85:42:db:a9:df:4e:22:
                    fa:34:f1:77:44:0f:31:5a:35:ba:f0:7c:0c:f9:86:
                    fb:cb:15:dd:ab:23:6a:46:a3:59:c1:97:89:f5:c9:
                    c0:4b:92:c0:a8:e9:b0:57:2f:83:14:d5:a0:33:4a:
                    99:1e:80:d4:6e:1b:44:d3:c5:d4:25:67:03:13:3f:
                    6c:d9:ac:4a:2b:f5:fb:cf:d6:c5:4e:b3:2b:72:7f:
                    92:6a:10:83:4e:d6:f7:2f:0f:49:3e:78:f6:de:36:
                    96:a1:71:2a:f9:63:71:80:f8:00:d6:f8:f5:1f:96:
                    38:06:ee:b1:d9:68:d4:0a:48:a5:ec:70:05:25:a6:
                    bd:32:3a:df:24:fd:3e:e5:20:69:ed:a2:34:1f:2e:
                    f4:c1:cb:0d:d8:38:16:82:91:f7:7c:65:bc:d9:c8:
                    a9:58:e6:54:09:6f:4a:f7:28:34:ed:d5:f1:d4:51:
                    e8:3a:9c:7f:85:94:91:26:af:7e:e7:b3:8f:53:fe:
                    cc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:2E:1C:C1:9D:30:BE:D3:C7:9A:9F:45:82:BB:E9:FC:0A:24:30:AD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d6400270-eac3-4460-9a68-74d60d530637.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.107.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         67:0a:bd:22:0a:25:c1:5d:14:07:3c:47:89:ae:3d:6a:0c:82:
         5f:ee:11:43:ef:9b:fe:44:b7:3a:6f:1e:20:dc:bf:52:20:92:
         33:da:d7:c1:59:50:eb:ef:b8:c8:0d:26:59:99:84:e5:93:4b:
         5e:44:37:75:84:c2:4e:44:ac:47:ae:65:ba:a3:33:3c:61:78:
         94:73:e9:35:3a:00:c2:36:ef:4f:3c:4c:42:cd:8b:67:cc:34:
         8b:fc:0c:dc:70:c3:22:23:eb:5f:25:22:32:85:97:c4:0b:bb:
         06:50:87:02:91:63:06:ac:7e:29:81:92:13:1d:88:26:d9:fb:
         0d:29:1c:b0:a4:f1:6b:09:fc:05:8f:2f:14:98:e5:2e:3e:db:
         9f:9f:3a:fc:25:94:b2:35:b9:d8:8e:b4:2c:2f:bd:b6:10:fe:
         81:ff:5e:90:02:b3:f7:ec:52:a9:e9:e9:c4:36:b6:07:a0:ec:
         88:40:3e:68:81:1c:52:18:f9:03:4a:fc:a5:3b:d6:0a:d2:ce:
         b0:30:b5:e0:8e:9e:a8:17:3a:1a:09:e1:10:95:7d:de:0e:86:
         27:79:fb:a5:78:af:d6:2b:d2:a1:62:1c:43:77:72:de:4c:00:
         98:a0:65:32:ba:7b:68:a3:8c:75:57:9d:61:46:c2:f4:bf:94:
         fa:45:26:c9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGJ6Yb9kI4VmBvtSig0EcPlDu6bMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTAyMjk3Yjg3YzdhMjk0ODJiNjY1MjhmMDg5OWE4Mzkx
NmUxYTcxOWZmYTcyMjUxYzZjZjA0YzkxYTYzY2ExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmHeTD3sevvi8LFifo0U0RfvW3J6HWIB/XIrYsUHoxBHgK
sZYDFAtN/N9V4fgNQxqzD2tXL5pNPGqnIqbTbJnQ0sS4hULbqd9OIvo08XdEDzFa
NbrwfAz5hvvLFd2rI2pGo1nBl4n1ycBLksCo6bBXL4MU1aAzSpkegNRuG0TTxdQl
ZwMTP2zZrEor9fvP1sVOsytyf5JqEINO1vcvD0k+ePbeNpahcSr5Y3GA+ADW+PUf
ljgG7rHZaNQKSKXscAUlpr0yOt8k/T7lIGntojQfLvTByw3YOBaCkfd8ZbzZyKlY
5lQJb0r3KDTt1fHUUeg6nH+FlJEmr37ns49T/sx3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUES4cwZ0wvtPHmp9Fgrvp/AokMK0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q2NDAwMjcwLWVhYzMtNDQ2MC05YTY4LTc0ZDYwZDUzMDYzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQazANBgkqhkiG9w0BAQsFAAOCAQEAZwq9IgolwV0UBzxHia49agyCX+4R
Q++b/kS3Om8eINy/UiCSM9rXwVlQ6++4yA0mWZmE5ZNLXkQ3dYTCTkSsR65luqMz
PGF4lHPpNToAwjbvTzxMQs2LZ8w0i/wM3HDDIiPrXyUiMoWXxAu7BlCHApFjBqx+
KYGSEx2IJtn7DSkcsKTxawn8BY8vFJjlLj7bn586/CWUsjW52I60LC+9thD+gf9e
kAKz9+xSqenpxDa2B6DsiEA+aIEcUhj5A0r8pTvWCtLOsDC14I6eqBc6GgnhEJV9
3g6GJ3n7pXiv1ivSoWIcQ3dy3kwAmKBlMrp7aKOMdVedYUbC9L+U+kUmyQ==
-----END CERTIFICATE-----