Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebe846d5-0631-4df6-8c5b-e0c6ebcb7d31.roa
File:                     ebe846d5-0631-4df6-8c5b-e0c6ebcb7d31.roa (raw, json)
Hash identifier:          GIbUcP3wg28DcVujbbVClO+GZS2Qf59gIH+Cq3qADv0=
Subject key identifier:   41:7C:45:FD:93:FE:E8:BF:D7:45:5B:ED:4F:49:AD:AD:93:B2:D8:9A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1175DB8BEF484D51DC36F1CD9C4E6AB75DD60ED1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebe846d5-0631-4df6-8c5b-e0c6ebcb7d31.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.132.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:75:db:8b:ef:48:4d:51:dc:36:f1:cd:9c:4e:6a:b7:5d:d6:0e:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:46:7f:64:72:c8:69:66:42:76:1e:37:e3:7f:
                    d5:61:70:1a:2e:21:6b:39:e9:9a:43:33:bc:8d:c6:
                    b2:4a:dd:a7:4e:29:63:d6:03:c3:bf:22:b9:47:c1:
                    08:71:29:f8:fd:5a:f7:6b:fe:97:d4:26:39:58:bb:
                    20:18:4d:b1:0b:2f:34:dc:97:e6:ec:64:80:0b:77:
                    e1:23:73:d2:b6:90:2b:ba:a0:e6:40:a7:c4:6b:55:
                    5f:bb:4a:31:96:f1:80:0d:5d:d2:9d:fa:94:9b:79:
                    18:ae:3d:6a:f5:5a:23:89:b1:28:c2:a7:ea:52:7f:
                    b3:af:c3:9e:2b:84:66:0d:10:e2:87:40:7d:f1:83:
                    90:1b:c7:d2:e4:fd:6d:ac:8c:39:be:37:cb:7c:59:
                    b5:c3:42:9a:e3:87:c2:9c:82:dd:28:7b:0a:37:2e:
                    fb:c8:81:c4:0c:43:d9:36:30:40:79:ab:ac:d2:72:
                    dd:bb:f7:c2:67:e8:3f:9f:41:4e:71:ca:b7:91:59:
                    42:11:5d:60:61:a6:d7:22:3e:c2:1f:26:cf:50:eb:
                    61:af:68:12:6f:aa:d8:0d:8c:05:43:63:f2:9b:55:
                    14:c6:88:72:18:e6:61:b7:1a:9c:03:a1:27:d9:24:
                    97:28:14:5f:a2:2b:63:d4:33:59:28:47:bc:ee:eb:
                    ef:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:7C:45:FD:93:FE:E8:BF:D7:45:5B:ED:4F:49:AD:AD:93:B2:D8:9A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ebe846d5-0631-4df6-8c5b-e0c6ebcb7d31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.132.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         66:97:1d:32:27:47:8d:1a:b9:89:bf:41:26:96:47:6c:fe:30:
         9e:1f:70:6e:38:14:a1:cc:18:46:3e:19:b3:96:33:de:12:90:
         90:69:36:dc:4a:c5:62:60:e6:9c:3a:ca:76:a3:7e:33:65:5d:
         3c:24:55:b2:3f:ce:b5:cf:6f:6a:ef:1c:ae:32:e7:42:5d:91:
         0b:b3:93:41:af:34:33:25:e6:3c:9b:bf:f1:cc:35:38:dc:9f:
         6e:fd:51:27:2b:17:c8:13:0c:48:42:a4:78:18:56:3a:fa:9c:
         a8:72:2f:e5:d6:ca:ce:fa:30:31:8e:e6:8a:96:41:d1:96:4e:
         47:1d:3a:f4:b3:4a:35:0e:e9:ae:07:87:af:19:95:0d:f4:f6:
         e7:af:b4:93:ad:72:c3:a3:2b:8d:f2:a6:46:dc:ea:af:fa:a2:
         87:45:ca:2a:c2:13:cf:6c:c9:f8:d0:7a:a7:bd:bd:bf:fa:d4:
         20:77:d0:b5:a2:d7:40:76:4b:c6:87:c3:99:cc:70:df:70:5d:
         bd:56:17:cb:52:94:8d:4f:10:6b:61:88:f0:99:da:cf:0d:78:
         18:5f:49:77:5f:2a:91:3a:c4:4d:a4:88:c9:21:4d:c8:7a:e4:
         e1:5e:4a:03:53:f6:54:af:f4:a3:d6:66:ab:7d:be:43:fe:5b:
         92:8b:19:53
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEXXbi+9ITVHcNvHNnE5qt13WDtEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjk3OTRjNTZiZWUzZjA2MmU4MGZkZDViMjI2ZTYyZGFh
MGVhOTU4NTI1NTVjYjQzZWI2Mzc3NTNjZTE5MjQxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmRn9kcshpZkJ2Hjfjf9VhcBouIWs56ZpDM7yNxrJK3adO
KWPWA8O/IrlHwQhxKfj9Wvdr/pfUJjlYuyAYTbELLzTcl+bsZIALd+Ejc9K2kCu6
oOZAp8RrVV+7SjGW8YANXdKd+pSbeRiuPWr1WiOJsSjCp+pSf7Ovw54rhGYNEOKH
QH3xg5Abx9Lk/W2sjDm+N8t8WbXDQprjh8Kcgt0oewo3LvvIgcQMQ9k2MEB5q6zS
ct2798Jn6D+fQU5xyreRWUIRXWBhptciPsIfJs9Q62GvaBJvqtgNjAVDY/KbVRTG
iHIY5mG3GpwDoSfZJJcoFF+iK2PUM1koR7zu6++lAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQXxF/ZP+6L/XRVvtT0mtrZOy2JowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ViZTg0NmQ1LTA2MzEtNGRmNi04YzViLWUwYzZlYmNiN2QzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQhDANBgkqhkiG9w0BAQsFAAOCAQEAZpcdMidHjRq5ib9BJpZHbP4wnh9w
bjgUocwYRj4Zs5Yz3hKQkGk23ErFYmDmnDrKdqN+M2VdPCRVsj/Otc9vau8crjLn
Ql2RC7OTQa80MyXmPJu/8cw1ONyfbv1RJysXyBMMSEKkeBhWOvqcqHIv5dbKzvow
MY7mipZB0ZZORx069LNKNQ7prgeHrxmVDfT256+0k61yw6MrjfKmRtzqr/qih0XK
KsITz2zJ+NB6p729v/rUIHfQtaLXQHZLxofDmcxw33BdvVYXy1KUjU8Qa2GI8Jna
zw14GF9Jd18qkTrETaSIySFNyHrk4V5KA1P2VK/0o9Zmq32+Q/5bkosZUw==
-----END CERTIFICATE-----