Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6453538-3bfb-4e84-b949-6080acec0f49.roa
File:                     f6453538-3bfb-4e84-b949-6080acec0f49.roa (raw, json)
Hash identifier:          AIS8YGqd5zDnLscFhjEukeOgOddL08l4zrSudAf25gY=
Subject key identifier:   73:6D:FC:C6:56:32:DF:91:CB:58:92:8B:0A:3E:A0:72:A0:32:A8:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C0D7E57BCC0126C7D9F9EF36DB2A7CEB266B047
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6453538-3bfb-4e84-b949-6080acec0f49.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.128.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:0d:7e:57:bc:c0:12:6c:7d:9f:9e:f3:6d:b2:a7:ce:b2:66:b0:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=1613caddda3e7fffa65f60132b7982c0814952f41512f0642de345acf59f5c93, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e7:b4:ff:65:fe:d9:ba:da:46:89:30:80:d1:
                    74:ed:82:5a:0e:ac:9c:49:5d:12:9a:54:ca:72:3e:
                    5e:7f:e6:3c:74:de:6a:b4:dd:62:0e:26:02:bf:21:
                    c2:8c:ab:37:14:8a:9e:d3:40:ec:f7:e7:7a:b7:88:
                    50:b4:e8:86:3c:91:dc:2b:4d:21:c2:2c:37:59:de:
                    f0:88:52:eb:ce:42:c2:3d:5d:07:e7:49:d7:fb:ba:
                    c8:a1:a2:bb:4f:21:6f:43:cb:5e:01:b8:de:3a:3a:
                    e6:a4:ea:6a:9e:7d:aa:9f:e5:0b:bf:4c:4f:e2:95:
                    25:61:bd:fb:5d:ab:1f:69:01:10:ba:ae:2f:fa:14:
                    0a:d8:ba:6e:78:c3:4a:76:2a:cf:c6:81:cc:12:03:
                    0c:6d:f5:50:a0:83:d8:63:0f:69:ac:12:88:a0:57:
                    83:cd:10:3d:66:fe:45:06:e7:bc:56:bb:e8:87:69:
                    c0:a3:55:62:e7:cc:00:05:15:5e:b7:9e:59:32:ef:
                    d0:63:0d:18:d2:04:f2:76:ad:3d:43:5e:ff:cf:8e:
                    bc:0b:e0:a2:19:4a:2b:41:45:4e:ce:b0:8a:b5:74:
                    ba:8e:f4:f3:6e:c4:11:cb:c7:85:c4:48:65:64:4d:
                    e1:f2:12:fa:b5:67:bd:a4:4e:a2:b5:12:a1:7c:8c:
                    f6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:6D:FC:C6:56:32:DF:91:CB:58:92:8B:0A:3E:A0:72:A0:32:A8:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f6453538-3bfb-4e84-b949-6080acec0f49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.128.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         26:5b:e6:d2:32:f9:43:ba:bc:c1:56:0d:16:62:48:6b:8f:93:
         99:db:57:f7:9b:ac:50:17:ed:c3:d7:2f:22:42:81:3c:50:34:
         ff:61:0e:48:21:76:3a:06:12:3b:99:1a:8e:66:67:b9:4a:ae:
         15:c1:78:05:a3:46:be:b6:a6:ba:0c:76:f2:4c:9c:c0:ba:e7:
         9d:c3:48:85:07:c9:f5:24:86:73:69:bc:97:e0:9b:ff:34:72:
         bb:a9:7b:2b:42:c2:5a:18:a1:6f:21:21:44:d8:ab:81:2b:75:
         86:93:c5:9a:6c:a8:86:76:79:a6:26:dc:69:f2:82:4e:49:b2:
         1d:e5:19:a7:f6:a0:56:08:6f:7c:d6:ad:f0:a2:4f:06:2a:31:
         f1:8d:fe:8d:5d:8b:2a:f8:b1:04:a1:bc:ce:28:06:38:08:f8:
         cd:85:2a:0f:72:0d:fc:28:82:72:e3:d1:d5:19:77:95:d1:d5:
         fe:d2:a2:12:2e:32:ee:8b:cd:1a:dd:05:78:40:99:ef:97:71:
         ba:d0:32:ab:73:0c:d2:34:34:95:48:b6:46:b5:61:c1:fe:68:
         8b:5b:d7:be:27:a5:5f:9f:9f:50:df:f4:42:c2:e7:1d:66:34:
         3e:2a:40:91:ed:5f:b8:51:4a:9b:85:a3:5c:f3:07:27:21:22:
         b3:77:39:cc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXA1+V7zAEmx9n57zbbKnzrJmsEcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjEzY2FkZGRhM2U3ZmZmYTY1ZjYwMTMyYjc5ODJjMDgx
NDk1MmY0MTUxMmYwNjQyZGUzNDVhY2Y1OWY1YzkzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD57T/Zf7ZutpGiTCA0XTtgloOrJxJXRKaVMpyPl5/5jx0
3mq03WIOJgK/IcKMqzcUip7TQOz353q3iFC06IY8kdwrTSHCLDdZ3vCIUuvOQsI9
XQfnSdf7usihortPIW9Dy14BuN46Ouak6mqefaqf5Qu/TE/ilSVhvftdqx9pARC6
ri/6FArYum54w0p2Ks/GgcwSAwxt9VCgg9hjD2msEoigV4PNED1m/kUG57xWu+iH
acCjVWLnzAAFFV63nlky79BjDRjSBPJ2rT1DXv/PjrwL4KIZSitBRU7OsIq1dLqO
9PNuxBHLx4XESGVkTeHyEvq1Z72kTqK1EqF8jPaxAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUc238xlYy35HLWJKLCj6gcqAyqO0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2NDUzNTM4LTNiZmItNGU4NC1iOTQ5LTYwODBhY2VjMGY0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQgDANBgkqhkiG9w0BAQsFAAOCAQEAJlvm0jL5Q7q8wVYNFmJIa4+TmdtX
95usUBftw9cvIkKBPFA0/2EOSCF2OgYSO5kajmZnuUquFcF4BaNGvramugx28kyc
wLrnncNIhQfJ9SSGc2m8l+Cb/zRyu6l7K0LCWhihbyEhRNirgSt1hpPFmmyohnZ5
pibcafKCTkmyHeUZp/agVghvfNat8KJPBiox8Y3+jV2LKvixBKG8zigGOAj4zYUq
D3IN/CiCcuPR1Rl3ldHV/tKiEi4y7ovNGt0FeECZ75dxutAyq3MM0jQ0lUi2RrVh
wf5oi1vXvielX5+fUN/0QsLnHWY0PipAke1fuFFKm4WjXPMHJyEis3c5zA==
-----END CERTIFICATE-----