Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e45e77e4-4fe9-45a3-b13a-834c69187037.roa
File:                     e45e77e4-4fe9-45a3-b13a-834c69187037.roa (raw, json)
Hash identifier:          cl1dhhSJQYD3V0weuIxxS5H8+e30KB72VssMdNRM9jY=
Subject key identifier:   D7:CC:1F:D3:1D:FC:4D:D3:7C:79:55:3B:78:88:09:BD:0D:B1:EA:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A3996929AD193DA086AB1F0FD5E40EC9FA72FAB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e45e77e4-4fe9-45a3-b13a-834c69187037.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.78.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:39:96:92:9a:d1:93:da:08:6a:b1:f0:fd:5e:40:ec:9f:a7:2f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ad:af:5c:78:0c:4e:6c:b6:32:d0:a8:1f:60:
                    af:06:91:90:96:46:36:ec:f2:b7:92:f5:96:ee:fe:
                    21:32:48:e2:6f:0c:27:dc:70:70:bd:a7:af:ea:61:
                    62:6b:d2:66:a6:4e:b7:84:ba:f2:9a:94:08:03:5c:
                    c3:61:66:cd:79:1a:99:08:08:bb:94:5f:62:be:1d:
                    81:32:db:bb:b4:51:3d:ac:0f:e9:ab:f6:50:64:a4:
                    db:d8:e7:fb:86:96:4a:f6:e7:35:f7:e2:c4:be:ba:
                    ce:85:ee:35:b3:23:09:6a:30:6b:e1:46:4e:7e:38:
                    1c:ae:e5:5e:3f:6f:39:61:46:7c:7b:a9:59:e9:64:
                    50:ab:d8:86:07:d6:7a:86:8e:57:e7:01:b8:a4:cd:
                    a7:1d:7e:a1:05:d8:e2:db:50:9d:56:e6:02:63:4e:
                    36:3b:a0:13:d9:9d:48:d8:01:26:59:9b:6d:b1:89:
                    01:c0:89:9d:7a:cc:f1:5d:ff:91:90:5b:5f:d8:2c:
                    38:57:b3:1b:62:14:fc:7e:ec:a6:7b:c5:8a:6f:6e:
                    18:a2:70:a7:24:25:ba:28:ea:c4:65:a2:d5:82:a9:
                    73:1c:00:0f:52:ad:6c:ae:1c:39:c3:1c:dc:1a:6c:
                    32:0b:dd:4f:78:be:24:76:37:c2:8a:98:78:fe:a1:
                    f3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CC:1F:D3:1D:FC:4D:D3:7C:79:55:3B:78:88:09:BD:0D:B1:EA:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e45e77e4-4fe9-45a3-b13a-834c69187037.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.78.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         05:3c:2d:70:35:fc:ab:c4:72:19:67:1d:74:e1:b9:95:51:f0:
         b7:c9:78:23:f2:ac:96:91:7b:59:04:79:40:7c:c2:2d:b0:49:
         2a:1a:1e:20:67:5f:c3:dc:7a:42:41:3c:2c:57:2f:4c:08:3c:
         a9:c3:a9:e3:ff:74:41:0e:9d:b8:d3:e8:f5:3c:e2:97:39:e8:
         1f:6e:61:b8:86:b7:1c:89:29:0e:26:64:f4:54:18:a7:5e:a3:
         c0:f7:e9:2f:44:b1:bd:b7:8b:6d:6f:6f:7b:be:93:42:f0:ff:
         7e:92:74:ef:7d:79:df:de:87:1d:4d:75:6a:86:d7:7a:8c:a6:
         67:1d:47:65:2f:54:89:25:47:d2:b9:09:17:00:26:6b:c0:21:
         6b:8d:90:73:51:18:b2:12:e1:8a:7e:72:8f:07:0f:05:cb:d9:
         a2:40:d9:04:46:54:72:90:36:f9:de:e5:58:f4:7c:12:fe:57:
         8b:eb:ce:95:01:72:49:95:89:43:60:6c:d1:2c:04:10:b9:e8:
         54:3e:73:81:68:da:2a:52:35:7c:d4:16:e4:c3:4e:5c:e1:9a:
         01:78:db:94:7c:16:07:93:4c:ef:8f:74:48:89:83:9b:78:dd:
         03:15:e2:06:c4:17:75:c6:fa:8c:93:15:42:7e:0c:28:d3:a5:
         98:7c:a8:93
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKjmWkprRk9oIarHw/V5A7J+nL6swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjIxZWFlY2UxODg1ZGQ1MTU4ZmRiMDQ0YzQ0ODk2NjQ4
NDU4NzRmOWE2ZGZiZjhiNGIzMWJlZTBkNDIyZmJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfra9ceAxObLYy0KgfYK8GkZCWRjbs8reS9Zbu/iEySOJv
DCfccHC9p6/qYWJr0mamTreEuvKalAgDXMNhZs15GpkICLuUX2K+HYEy27u0UT2s
D+mr9lBkpNvY5/uGlkr25zX34sS+us6F7jWzIwlqMGvhRk5+OByu5V4/bzlhRnx7
qVnpZFCr2IYH1nqGjlfnAbikzacdfqEF2OLbUJ1W5gJjTjY7oBPZnUjYASZZm22x
iQHAiZ16zPFd/5GQW1/YLDhXsxtiFPx+7KZ7xYpvbhiicKckJboo6sRlotWCqXMc
AA9SrWyuHDnDHNwabDIL3U94viR2N8KKmHj+ofOpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU18wf0x38TdN8eVU7eIgJvQ2x6hAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U0NWU3N2U0LTRmZTktNDVhMy1iMTNhLTgzNGM2OTE4NzAzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQTjANBgkqhkiG9w0BAQsFAAOCAQEABTwtcDX8q8RyGWcddOG5lVHwt8l4
I/KslpF7WQR5QHzCLbBJKhoeIGdfw9x6QkE8LFcvTAg8qcOp4/90QQ6duNPo9Tzi
lznoH25huIa3HIkpDiZk9FQYp16jwPfpL0SxvbeLbW9ve76TQvD/fpJ07315396H
HU11aobXeoymZx1HZS9UiSVH0rkJFwAma8Aha42Qc1EYshLhin5yjwcPBcvZokDZ
BEZUcpA2+d7lWPR8Ev5Xi+vOlQFySZWJQ2Bs0SwEELnoVD5zgWjaKlI1fNQW5MNO
XOGaAXjblHwWB5NM7490SImDm3jdAxXiBsQXdcb6jJMVQn4MKNOlmHyokw==
-----END CERTIFICATE-----