Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbe4097c-a793-4ea5-87de-52b9cd06d8b3.roa
File:                     fbe4097c-a793-4ea5-87de-52b9cd06d8b3.roa (raw, json)
Hash identifier:          FTWMWSb+D4A3UrTvbtsm9OXUS6k3NrgvH/ccSpAsIjE=
Subject key identifier:   D4:F8:15:9E:79:02:DB:D2:CC:27:5A:B1:5A:9D:E2:AA:1C:FE:40:72
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       553D7DBE038168EEC8ECDFC6F3AC1D6D3332D8E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbe4097c-a793-4ea5-87de-52b9cd06d8b3.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.67.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:3d:7d:be:03:81:68:ee:c8:ec:df:c6:f3:ac:1d:6d:33:32:d8:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=fd8ed7d7c474d87f6a4061caa8ea44ace052f6eca5d63374c8f8db47d4309d62, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e4:32:09:c6:c2:31:90:58:ba:c9:5b:44:b2:
                    af:3a:17:f0:e2:24:dc:17:98:5f:72:cd:cc:77:42:
                    69:b9:b8:45:06:ce:6b:2c:e3:26:f4:68:5d:9a:b1:
                    7d:a0:28:ef:c6:1d:37:6a:52:14:4a:6a:07:02:50:
                    30:5b:3e:97:1c:af:07:ec:4d:06:8f:13:79:82:9e:
                    6c:a1:fa:3b:3f:bb:6c:f1:49:ee:ac:4e:25:72:09:
                    18:00:d6:ca:fd:42:e8:fa:9f:04:1a:03:45:c9:94:
                    2d:6b:3b:0c:7a:57:ec:b6:51:a9:20:7e:c3:86:3a:
                    4d:da:d1:89:07:59:be:46:b7:3c:2d:9a:f9:58:a6:
                    58:4d:b9:c0:70:18:2f:bb:e7:34:a5:9b:ca:ff:fb:
                    33:76:20:e9:65:06:4a:c1:f5:ef:12:f2:dd:35:14:
                    3e:a8:b2:95:e1:16:28:c1:74:5c:f1:a6:2b:0d:ce:
                    39:75:c2:5f:70:f5:de:bc:80:04:04:9d:45:99:95:
                    12:74:68:02:5f:b3:c7:0f:5f:ca:60:6e:4f:9e:bd:
                    4c:19:dc:84:4e:e8:da:7c:53:34:ab:df:10:0d:69:
                    ec:d8:f4:b1:0d:a1:d1:9d:60:48:32:d2:8b:c0:c0:
                    95:de:79:58:2b:27:ba:2d:4a:a1:7e:00:b5:11:f7:
                    58:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F8:15:9E:79:02:DB:D2:CC:27:5A:B1:5A:9D:E2:AA:1C:FE:40:72
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/fbe4097c-a793-4ea5-87de-52b9cd06d8b3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.67.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         20:92:6c:8e:38:42:66:ce:24:af:1e:13:9c:d5:9d:8d:89:53:
         15:60:a7:0b:67:f8:9c:da:31:44:6f:cc:ab:b9:f5:fc:85:61:
         bc:5a:56:ee:7b:b2:3b:07:22:0c:b1:98:92:4c:9f:cf:ab:24:
         0b:04:84:6f:33:15:90:df:0c:60:59:d8:12:bb:29:fd:d4:07:
         07:10:b6:0b:28:66:fc:86:8e:d4:28:29:a9:c9:50:43:9f:4c:
         c5:50:3c:07:1b:30:64:75:8c:e3:39:ac:01:cb:ab:4d:39:03:
         b4:06:5c:d4:f6:ad:2e:42:db:09:10:c9:5a:02:6e:f3:18:bc:
         f3:06:b5:a3:04:c3:92:79:e7:f5:f2:2e:65:70:36:8c:13:a9:
         51:5c:ed:b8:06:55:39:71:aa:5e:65:6d:36:da:9a:9c:67:b3:
         70:a5:8d:24:30:6d:29:6f:1a:70:94:70:5e:80:08:30:cd:20:
         f3:b8:b8:fd:35:14:b3:4a:63:9b:4b:b0:71:25:87:fa:73:23:
         c3:ef:93:6c:fd:0c:58:da:3a:0c:9b:72:fc:c5:4c:0d:22:0a:
         1c:d4:11:1b:ec:ff:27:35:07:e6:6b:9f:e7:3b:d5:b0:eb:ab:
         e6:2e:8c:ec:56:30:0f:2b:a6:e8:b5:4f:e4:93:7f:5d:8a:fd:
         23:61:5d:b2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVT19vgOBaO7I7N/G86wdbTMy2OIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDhlZDdkN2M0NzRkODdmNmE0MDYxY2FhOGVhNDRhY2Uw
NTJmNmVjYTVkNjMzNzRjOGY4ZGI0N2Q0MzA5ZDYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJ5DIJxsIxkFi6yVtEsq86F/DiJNwXmF9yzcx3Qmm5uEUG
zmss4yb0aF2asX2gKO/GHTdqUhRKagcCUDBbPpccrwfsTQaPE3mCnmyh+js/u2zx
Se6sTiVyCRgA1sr9Quj6nwQaA0XJlC1rOwx6V+y2UakgfsOGOk3a0YkHWb5Gtzwt
mvlYplhNucBwGC+75zSlm8r/+zN2IOllBkrB9e8S8t01FD6ospXhFijBdFzxpisN
zjl1wl9w9d68gAQEnUWZlRJ0aAJfs8cPX8pgbk+evUwZ3IRO6Np8UzSr3xANaezY
9LENodGdYEgy0ovAwJXeeVgrJ7otSqF+ALUR91j5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1PgVnnkC29LMJ1qxWp3iqhz+QHIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZiZTQwOTdjLWE3OTMtNGVhNS04N2RlLTUyYjljZDA2ZDhiMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQQzANBgkqhkiG9w0BAQsFAAOCAQEAIJJsjjhCZs4krx4TnNWdjYlTFWCn
C2f4nNoxRG/Mq7n1/IVhvFpW7nuyOwciDLGYkkyfz6skCwSEbzMVkN8MYFnYErsp
/dQHBxC2Cyhm/IaO1CgpqclQQ59MxVA8BxswZHWM4zmsAcurTTkDtAZc1PatLkLb
CRDJWgJu8xi88wa1owTDknnn9fIuZXA2jBOpUVztuAZVOXGqXmVtNtqanGezcKWN
JDBtKW8acJRwXoAIMM0g87i4/TUUs0pjm0uwcSWH+nMjw++TbP0MWNo6DJty/MVM
DSIKHNQRG+z/JzUH5muf5zvVsOur5i6M7FYwDyum6LVP5JN/XYr9I2Fdsg==
-----END CERTIFICATE-----