Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e02a595-7697-4c66-b83b-c7ec1f66968d.roa
File:                     1e02a595-7697-4c66-b83b-c7ec1f66968d.roa (raw, json)
Hash identifier:          yuzI/3dk+IZ1V6BInaUcjRG9rmy1IM/b07H8p/g3an8=
Subject key identifier:   C0:5D:CE:13:58:7C:02:7B:22:91:D0:DF:D9:17:BC:C4:0C:F8:85:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E125098BB8B059D0647ABFBF7F664EB607AE841
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e02a595-7697-4c66-b83b-c7ec1f66968d.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.23.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:12:50:98:bb:8b:05:9d:06:47:ab:fb:f7:f6:64:eb:60:7a:e8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=28cb54689fdcca0bae02aa331b83ad2e2e12a0d0cc20597b43bb8264d52cd465, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c9:22:5d:af:11:3f:06:49:3c:64:c2:ee:ae:
                    b8:4a:da:18:9b:1f:4b:5a:fd:45:ec:87:af:8a:76:
                    d4:b9:47:9c:f4:7a:03:bd:a3:f9:21:20:d9:e8:8d:
                    81:5e:1d:44:d9:25:4c:75:ee:3f:23:f8:4a:b6:b9:
                    28:d1:58:62:26:35:06:3d:88:54:3e:4d:29:f7:23:
                    fe:b6:40:7f:da:88:84:7e:dd:af:b3:e9:55:79:8d:
                    26:c2:c7:a9:c1:bf:f9:43:4f:98:dd:90:31:1b:e6:
                    5e:2b:5b:8b:43:1a:6b:2e:da:c4:94:c9:6c:b8:19:
                    8c:f7:39:45:f9:45:56:1f:b6:fb:0a:1f:ed:fb:5d:
                    c0:46:e3:78:23:a3:ba:aa:0b:33:fb:ce:e7:1e:10:
                    2a:2b:ae:b4:7f:ed:dc:aa:90:50:c6:a7:53:af:48:
                    91:90:dd:02:cd:40:02:d1:97:50:60:48:3e:fc:9e:
                    07:67:29:9f:09:e8:38:88:30:39:71:57:31:70:35:
                    3a:01:ba:db:06:77:41:43:85:34:7d:54:32:e4:ec:
                    e0:39:ab:9d:c2:11:fd:8a:09:87:a4:8b:6d:3b:34:
                    c5:35:dc:28:53:7f:fb:8e:be:0d:a4:43:4a:6a:35:
                    dc:f4:f9:e9:4c:e4:4f:f7:e3:e5:79:bb:53:cd:08:
                    3c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5D:CE:13:58:7C:02:7B:22:91:D0:DF:D9:17:BC:C4:0C:F8:85:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e02a595-7697-4c66-b83b-c7ec1f66968d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.23.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a7:ec:db:c8:e0:f3:a5:fa:f9:61:68:a2:9b:ac:61:ed:82:58:
         61:a3:7d:bd:e6:cc:0e:1b:47:db:21:6a:24:be:fd:43:c9:38:
         fb:29:0e:62:44:cf:a7:6b:06:44:8e:a7:92:19:90:00:69:0f:
         64:c6:6d:99:c6:4e:1c:72:91:30:e7:83:21:4a:82:16:4f:b9:
         a8:9c:4a:2d:c1:c3:41:42:3a:cf:de:e8:81:aa:aa:39:6e:07:
         c6:34:d7:30:c6:5a:03:e2:97:7d:4e:29:f1:f3:e3:79:6d:1a:
         f1:23:a4:3e:7a:ad:85:d1:1f:8e:ea:9c:37:60:a2:14:2a:21:
         ad:47:c5:c3:d6:33:51:7f:db:94:2d:6a:e7:d0:98:53:17:11:
         04:16:7f:c7:9f:ed:af:b9:27:85:39:8c:25:b2:ec:b1:9f:65:
         81:9c:1d:58:da:1d:5d:8b:d2:e5:3d:94:cc:e3:0b:b7:9a:15:
         00:b3:ef:6b:33:fc:62:f8:e9:bd:d8:7b:3a:fb:dd:d5:95:ec:
         42:d8:42:d6:ad:dc:eb:46:0c:b0:f7:1c:ab:11:b1:cf:1b:e5:
         95:f0:4b:ec:54:2f:9b:0b:1f:de:48:1e:54:ce:94:4a:4b:91:
         c0:dd:0b:b3:f0:0c:69:bc:69:0e:ed:b2:c5:09:ca:64:f0:d1:
         05:3d:2c:d7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbhJQmLuLBZ0GR6v79/Zk62B66EEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOGNiNTQ2ODlmZGNjYTBiYWUwMmFhMzMxYjgzYWQyZTJl
MTJhMGQwY2MyMDU5N2I0M2JiODI2NGQ1MmNkNDY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrySJdrxE/Bkk8ZMLurrhK2hibH0ta/UXsh6+KdtS5R5z0
egO9o/khINnojYFeHUTZJUx17j8j+Eq2uSjRWGImNQY9iFQ+TSn3I/62QH/aiIR+
3a+z6VV5jSbCx6nBv/lDT5jdkDEb5l4rW4tDGmsu2sSUyWy4GYz3OUX5RVYftvsK
H+37XcBG43gjo7qqCzP7zuceECorrrR/7dyqkFDGp1OvSJGQ3QLNQALRl1BgSD78
ngdnKZ8J6DiIMDlxVzFwNToButsGd0FDhTR9VDLk7OA5q53CEf2KCYeki207NMU1
3ChTf/uOvg2kQ0pqNdz0+elM5E/34+V5u1PNCDyFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwF3OE1h8AnsikdDf2Re8xAz4hQMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFlMDJhNTk1LTc2OTctNGM2Ni1iODNiLWM3ZWMxZjY2OTY4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFzANBgkqhkiG9w0BAQsFAAOCAQEAp+zbyODzpfr5YWiim6xh7YJYYaN9
vebMDhtH2yFqJL79Q8k4+ykOYkTPp2sGRI6nkhmQAGkPZMZtmcZOHHKRMOeDIUqC
Fk+5qJxKLcHDQUI6z97ogaqqOW4HxjTXMMZaA+KXfU4p8fPjeW0a8SOkPnqthdEf
juqcN2CiFCohrUfFw9YzUX/blC1q59CYUxcRBBZ/x5/tr7knhTmMJbLssZ9lgZwd
WNodXYvS5T2UzOMLt5oVALPvazP8Yvjpvdh7Ovvd1ZXsQthC1q3c60YMsPccqxGx
zxvllfBL7FQvmwsf3kgeVM6USkuRwN0Ls/AMabxpDu2yxQnKZPDRBT0s1w==
-----END CERTIFICATE-----