Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04979269-9b51-404c-b32b-63103774217c.roa
File:                     04979269-9b51-404c-b32b-63103774217c.roa (raw, json)
Hash identifier:          Yw5LEdgIdEK7OBNIy1CIrpGH4uxqRZY2B8lKyZhHYF4=
Subject key identifier:   A0:90:61:1A:C1:7F:54:CE:09:3B:BA:4C:1C:E7:ED:AC:EC:8C:D9:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       408AF307349692559D4CA611E89E6E0BC6224BF2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04979269-9b51-404c-b32b-63103774217c.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.149.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:8a:f3:07:34:96:92:55:9d:4c:a6:11:e8:9e:6e:0b:c6:22:4b:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=6cc61642d89cb6210c779de8e1f69297cb45141323699b6d1fb3b9aaaa9ca007, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:25:4b:86:f1:e9:46:46:b8:25:88:94:fe:87:
                    b3:93:8e:8a:0c:8e:46:0c:f8:7d:3a:42:5a:eb:79:
                    af:d7:e6:7b:02:bf:5e:9f:fc:fc:4e:3d:36:8c:14:
                    a0:f6:58:d6:2b:73:1a:0a:50:59:b7:f3:18:11:6f:
                    74:99:15:8a:49:d8:97:1a:ae:39:7a:4a:8d:46:ee:
                    e3:42:bf:c2:00:d8:98:20:97:b2:8f:db:c3:9c:85:
                    24:fb:42:58:12:f0:74:05:7d:ca:14:c9:c4:62:f5:
                    62:02:b5:5d:2e:34:27:f9:8f:19:8b:f8:cf:fc:13:
                    e8:c4:b8:da:18:ac:2b:2c:ee:6d:44:74:69:c9:05:
                    ce:b6:f7:ee:bc:85:0c:fd:eb:2c:41:2d:15:df:a2:
                    4d:7e:ce:89:db:07:13:af:b2:47:6f:bc:a0:01:81:
                    e6:c7:cf:8e:b6:3d:17:74:7f:21:1e:13:2d:5a:bf:
                    b8:05:ed:5c:f2:5e:a6:23:42:94:87:62:b0:10:8a:
                    b0:bc:a7:64:17:fa:2e:de:47:4e:a2:5f:ab:dd:4d:
                    1b:bc:1b:75:17:51:db:21:31:31:f7:38:2b:52:18:
                    8a:ba:46:b1:fb:3b:ef:67:21:97:3a:0b:20:55:75:
                    b7:2b:03:55:02:30:47:a9:7b:60:b5:af:df:37:a0:
                    7d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:90:61:1A:C1:7F:54:CE:09:3B:BA:4C:1C:E7:ED:AC:EC:8C:D9:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/04979269-9b51-404c-b32b-63103774217c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.149.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5d:54:7a:d1:d0:ab:c0:fc:65:11:f5:1e:1e:6e:18:eb:5b:f9:
         23:16:70:75:48:7e:44:85:bd:92:18:72:c7:11:c9:92:bd:7f:
         9b:85:8d:2c:ce:6a:d2:2c:40:c5:e1:6c:59:b9:b3:c1:fa:0b:
         c0:98:9b:8b:ea:e3:63:c4:d7:45:ca:aa:8e:cd:0c:94:43:6f:
         fb:b9:f5:33:1b:24:d9:80:91:ed:5d:80:66:c2:e1:ff:98:83:
         c1:89:57:a0:8e:92:3f:38:b1:84:ff:00:ee:70:be:2c:97:63:
         70:50:04:cc:a8:5d:6d:5d:8f:81:55:b1:fb:c1:1a:c3:5c:b8:
         52:9a:02:48:14:d3:e8:b1:90:51:75:7f:4c:fb:13:4d:ad:48:
         9b:0f:26:2d:08:71:74:e7:e0:14:d4:6e:db:6d:a5:a9:70:5e:
         ed:f1:e7:a7:7d:5a:df:dd:02:0a:2b:a4:78:90:71:86:37:b8:
         b0:da:44:e4:d2:d3:e5:6d:a2:c0:7a:d4:da:46:63:b4:95:03:
         5c:4f:36:c1:e1:1c:65:96:e5:73:11:57:97:45:ad:51:7a:35:
         3b:bf:b4:5a:6a:e0:58:73:27:8b:14:c5:02:34:a4:e7:5d:93:
         15:06:29:2f:82:23:13:84:ca:c2:a1:e6:4d:09:7e:db:cd:a5:
         df:19:ed:22
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQIrzBzSWklWdTKYR6J5uC8YiS/IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2Y2M2MTY0MmQ4OWNiNjIxMGM3NzlkZThlMWY2OTI5N2Ni
NDUxNDEzMjM2OTliNmQxZmIzYjlhYWFhOWNhMDA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXJUuG8elGRrgliJT+h7OTjooMjkYM+H06Qlrrea/X5nsC
v16f/PxOPTaMFKD2WNYrcxoKUFm38xgRb3SZFYpJ2Jcarjl6So1G7uNCv8IA2Jgg
l7KP28OchST7QlgS8HQFfcoUycRi9WICtV0uNCf5jxmL+M/8E+jEuNoYrCss7m1E
dGnJBc629+68hQz96yxBLRXfok1+zonbBxOvskdvvKABgebHz462PRd0fyEeEy1a
v7gF7VzyXqYjQpSHYrAQirC8p2QX+i7eR06iX6vdTRu8G3UXUdshMTH3OCtSGIq6
RrH7O+9nIZc6CyBVdbcrA1UCMEepe2C1r983oH15AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoJBhGsF/VM4JO7pMHOftrOyM2eYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0OTc5MjY5LTliNTEtNDA0Yy1iMzJiLTYzMTAzNzc0MjE3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQlTANBgkqhkiG9w0BAQsFAAOCAQEAXVR60dCrwPxlEfUeHm4Y61v5IxZw
dUh+RIW9khhyxxHJkr1/m4WNLM5q0ixAxeFsWbmzwfoLwJibi+rjY8TXRcqqjs0M
lENv+7n1Mxsk2YCR7V2AZsLh/5iDwYlXoI6SPzixhP8A7nC+LJdjcFAEzKhdbV2P
gVWx+8Eaw1y4UpoCSBTT6LGQUXV/TPsTTa1Imw8mLQhxdOfgFNRu222lqXBe7fHn
p31a390CCiukeJBxhje4sNpE5NLT5W2iwHrU2kZjtJUDXE82weEcZZblcxFXl0Wt
UXo1O7+0WmrgWHMnixTFAjSk512TFQYpL4IjE4TKwqHmTQl+282l3xntIg==
-----END CERTIFICATE-----