Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01344873-debd-40da-afaa-b554c304d42d.roa
File:                     01344873-debd-40da-afaa-b554c304d42d.roa (raw, json)
Hash identifier:          QKAQacZQQEi76ADXXcyVTnztdMDa47UJJfQb7ocS8Y8=
Subject key identifier:   23:7B:01:4B:65:14:2F:70:2E:C0:6E:C8:39:9C:39:DA:E5:35:D1:FD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F711F4C4E0498DC3D263AF9F96ABC3BE1E551A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01344873-debd-40da-afaa-b554c304d42d.roa
Signing time:             Wed 15 Jan 2025 00:00:00 +0000
ROA not before:           Wed 15 Jan 2025 00:00:00 +0000
ROA not after:            Wed 19 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.49.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:71:1f:4c:4e:04:98:dc:3d:26:3a:f9:f9:6a:bc:3b:e1:e5:51:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 15 00:00:00 2025 GMT
            Not After : Feb 19 23:59:59 2025 GMT
        Subject: serialNumber=5798ef5e4469a38b33c76a8d569d492bfd9df314c978edd9c1f1431de86a4281, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ba:94:43:68:40:e9:f1:1a:9d:73:d6:38:b3:
                    23:08:f3:da:ff:7c:49:de:bd:e5:39:35:af:f8:4f:
                    f3:9e:4e:b3:bb:13:8d:bc:5e:de:65:ac:c9:4d:ac:
                    6e:b9:3a:d7:bc:6a:a9:aa:c6:77:07:46:16:ed:f7:
                    2c:71:6f:59:e2:97:6a:bb:d5:80:93:39:8f:a7:a1:
                    62:3f:c2:eb:35:87:01:9a:19:a7:7c:6e:89:ab:de:
                    b0:9c:48:70:be:56:0f:14:0f:02:86:66:55:a3:d2:
                    d2:5e:63:63:2b:db:88:d5:77:d2:16:3e:5f:92:3a:
                    51:f3:9b:b9:12:8b:75:2d:d0:b7:14:ea:af:90:33:
                    93:43:04:af:ee:d9:ed:2a:87:37:05:22:8c:dd:a3:
                    dc:2b:f5:1e:c1:84:9d:45:0d:c1:da:7c:8c:77:6b:
                    01:a8:c3:d4:f2:23:fd:39:60:4b:a1:9a:25:fc:58:
                    53:cd:aa:b9:ac:5c:e2:eb:4a:b4:52:9f:3e:1c:56:
                    ff:4f:08:b8:5a:77:9d:59:18:f6:92:15:86:f0:ec:
                    8e:b1:26:84:08:15:46:1e:ac:f1:c6:3d:1c:9f:ea:
                    71:b4:9c:a4:96:1b:c7:02:f0:ac:e5:58:39:af:25:
                    78:5d:9d:03:fe:28:b0:9c:24:65:39:e7:87:bf:b4:
                    41:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:7B:01:4B:65:14:2F:70:2E:C0:6E:C8:39:9C:39:DA:E5:35:D1:FD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/01344873-debd-40da-afaa-b554c304d42d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.49.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:93:5f:91:95:ed:d7:ec:22:cf:18:4a:39:ba:8a:07:35:34:
         20:86:18:82:93:0f:82:ea:db:b1:82:d0:15:c0:fa:d3:40:50:
         2a:e5:f7:5a:59:4f:95:44:05:cd:39:2a:fd:39:ca:45:97:59:
         02:6d:23:7a:09:0e:66:04:cc:76:eb:ea:c1:87:f2:fb:3b:f0:
         42:57:3b:56:04:cc:d3:fb:64:61:cc:d6:f3:7c:4b:42:ee:ee:
         97:1a:0c:b1:fe:f6:86:92:27:48:9d:41:8f:47:54:18:6a:b2:
         d7:ed:29:8e:88:58:91:f0:e5:98:81:e7:e0:28:c9:8d:ea:4c:
         d4:0e:d8:1e:17:77:24:6b:d6:cf:a1:13:94:16:f5:ea:a9:72:
         bf:90:74:60:ce:d7:7a:b6:ba:76:9b:57:63:57:cb:8f:33:4f:
         90:67:63:3c:4e:85:d8:0c:78:16:a3:bf:9b:63:c4:c6:c6:79:
         e0:4f:c7:31:0b:59:a6:4e:93:e1:23:d4:2b:cb:94:b9:d7:32:
         c9:05:fc:09:a7:66:f5:45:7b:53:a3:fb:67:d7:67:5e:3e:ec:
         30:eb:86:45:b0:7f:7e:65:e9:7d:25:f0:fd:1f:ff:58:a9:f8:
         9c:30:a0:4a:99:5f:a6:80:dd:3c:c4:10:9f:55:d6:2c:f6:76:
         70:78:c0:e5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUb3EfTE4EmNw9Jjr5+Wq8O+HlUakwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE1MDAwMDAwWhcNMjUwMjE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Nzk4ZWY1ZTQ0NjlhMzhiMzNjNzZhOGQ1NjlkNDkyYmZk
OWRmMzE0Yzk3OGVkZDljMWYxNDMxZGU4NmE0MjgxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRupRDaEDp8Rqdc9Y4syMI89r/fEneveU5Na/4T/OeTrO7
E428Xt5lrMlNrG65Ote8aqmqxncHRhbt9yxxb1nil2q71YCTOY+noWI/wus1hwGa
Gad8bomr3rCcSHC+Vg8UDwKGZlWj0tJeY2Mr24jVd9IWPl+SOlHzm7kSi3Ut0LcU
6q+QM5NDBK/u2e0qhzcFIozdo9wr9R7BhJ1FDcHafIx3awGow9TyI/05YEuhmiX8
WFPNqrmsXOLrSrRSnz4cVv9PCLhad51ZGPaSFYbw7I6xJoQIFUYerPHGPRyf6nG0
nKSWG8cC8KzlWDmvJXhdnQP+KLCcJGU554e/tEFJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUI3sBS2UUL3AuwG7IOZw52uU10f0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAxMzQ0ODczLWRlYmQtNDBkYS1hZmFhLWI1NTRjMzA0ZDQyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQMTANBgkqhkiG9w0BAQsFAAOCAQEAm5NfkZXt1+wizxhKObqKBzU0IIYY
gpMPgurbsYLQFcD600BQKuX3WllPlUQFzTkq/TnKRZdZAm0jegkOZgTMduvqwYfy
+zvwQlc7VgTM0/tkYczW83xLQu7ulxoMsf72hpInSJ1Bj0dUGGqy1+0pjohYkfDl
mIHn4CjJjepM1A7YHhd3JGvWz6ETlBb16qlyv5B0YM7Xera6dptXY1fLjzNPkGdj
PE6F2Ax4FqO/m2PExsZ54E/HMQtZpk6T4SPUK8uUudcyyQX8Cadm9UV7U6P7Z9dn
Xj7sMOuGRbB/fmXpfSXw/R//WKn4nDCgSplfpoDdPMQQn1XWLPZ2cHjA5Q==
-----END CERTIFICATE-----