Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3bf46862-8b35-4326-a9d1-8bf2403c6c96.roa
File:                     3bf46862-8b35-4326-a9d1-8bf2403c6c96.roa (raw, json)
Hash identifier:          6hKRP5Uo18g2WLK9Rf6zoX0Zg9C2awcQzlYKFAcmhfk=
Subject key identifier:   BF:7C:78:45:C9:96:0E:B4:8B:CD:3F:33:6F:CF:CF:97:32:E1:7D:11
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       084FE2972C2BDB88A0BC3E75C49BC33521C1CBBF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3bf46862-8b35-4326-a9d1-8bf2403c6c96.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.20.216.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:4f:e2:97:2c:2b:db:88:a0:bc:3e:75:c4:9b:c3:35:21:c1:cb:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=f35c3984dcb070da657beacde6bc8a9357d9d5b1dafdfde4eaafbac653b7cc25, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2e:a8:5f:d4:cb:04:73:1f:c5:aa:ab:eb:b7:
                    ed:51:cb:59:fa:a3:d6:22:3a:80:72:8b:5b:86:0d:
                    b1:67:04:36:2b:b9:ef:28:60:fd:3f:ac:11:8a:6e:
                    85:77:30:88:c0:91:1e:ab:85:24:86:d8:9f:f6:71:
                    f3:8a:b2:75:cd:e8:b9:51:59:ba:a8:1f:22:59:99:
                    f1:2c:30:0c:e1:15:9b:a7:53:ed:3e:10:68:e2:0c:
                    45:ca:58:18:7d:17:3a:a9:92:df:d7:5d:ac:8c:85:
                    db:22:23:de:0a:c4:08:92:7c:e0:af:5a:0f:25:36:
                    4d:7e:e4:58:9b:aa:99:91:29:01:52:80:73:fc:d3:
                    7f:01:03:6f:a2:79:a2:3a:41:71:1e:cd:46:3c:df:
                    4b:b1:d6:e4:e5:1e:2e:9e:af:60:70:9a:45:94:29:
                    4b:80:b5:c7:75:7c:51:09:18:51:a4:07:c4:85:01:
                    50:01:16:ff:62:71:ec:eb:50:10:70:0b:0a:21:ee:
                    87:97:67:86:5f:8f:90:98:e6:86:fc:59:8c:7b:b1:
                    a5:4b:75:79:02:61:00:50:99:0a:b6:f9:27:2d:28:
                    e1:33:3e:6a:32:1e:99:3e:26:47:ad:20:4f:e9:a6:
                    5a:1c:82:d6:1b:6f:a3:5f:9e:db:ad:f1:74:45:48:
                    9f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:7C:78:45:C9:96:0E:B4:8B:CD:3F:33:6F:CF:CF:97:32:E1:7D:11
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3bf46862-8b35-4326-a9d1-8bf2403c6c96.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.20.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5b:b1:2c:ee:60:44:fd:6d:61:89:a8:a3:0d:23:e4:3e:1a:70:
         6b:0f:fa:ba:f1:99:03:9b:70:3a:72:39:8b:9a:77:0b:8e:f0:
         c4:4b:cd:6b:7f:22:40:cc:79:0a:4b:75:f9:08:af:b0:a2:20:
         63:5d:4f:f5:4b:67:1c:20:12:be:6c:f7:39:0b:ab:f4:85:b8:
         03:2c:ac:10:70:4c:fe:fa:c0:29:6e:cc:89:5b:cc:2d:b5:c4:
         17:90:9d:00:72:f3:81:f0:7c:e7:84:66:80:8a:34:78:d8:4b:
         8c:c6:47:8f:d3:c5:9c:ac:0b:9f:d9:1e:53:fe:0b:d7:a1:50:
         26:08:78:d7:ba:1f:5a:ca:ac:b4:5f:97:49:c2:5d:a0:28:73:
         26:32:b5:c3:94:42:f4:b9:a0:43:a1:c4:b0:76:3e:d8:ed:29:
         e4:1e:8a:e7:d1:e8:d9:6e:03:47:c8:24:6e:6e:d2:ca:7c:dd:
         ce:eb:a4:13:a9:f8:28:e5:b7:c9:dd:27:7f:7c:84:15:0b:7c:
         4e:eb:b3:14:af:ab:5b:5a:e1:7b:fa:d6:4d:3d:b7:4c:ef:c5:
         eb:c0:0f:ed:8a:6e:59:7d:e3:c4:96:bc:6d:9c:cc:5d:16:48:
         05:7c:2f:c6:ce:f9:48:dc:a8:c9:36:fa:8b:94:f4:04:55:97:
         f3:26:71:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCE/ilywr24igvD51xJvDNSHBy78wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzVjMzk4NGRjYjA3MGRhNjU3YmVhY2RlNmJjOGE5MzU3
ZDlkNWIxZGFmZGZkZTRlYWFmYmFjNjUzYjdjYzI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDELqhf1MsEcx/Fqqvrt+1Ry1n6o9YiOoByi1uGDbFnBDYr
ue8oYP0/rBGKboV3MIjAkR6rhSSG2J/2cfOKsnXN6LlRWbqoHyJZmfEsMAzhFZun
U+0+EGjiDEXKWBh9Fzqpkt/XXayMhdsiI94KxAiSfOCvWg8lNk1+5FibqpmRKQFS
gHP8038BA2+ieaI6QXEezUY830ux1uTlHi6er2BwmkWUKUuAtcd1fFEJGFGkB8SF
AVABFv9icezrUBBwCwoh7oeXZ4Zfj5CY5ob8WYx7saVLdXkCYQBQmQq2+SctKOEz
PmoyHpk+JketIE/pplocgtYbb6Nfntut8XRFSJ//AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv3x4RcmWDrSLzT8zb8/PlzLhfREwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiZjQ2ODYyLThiMzUtNDMyNi1hOWQxLThiZjI0MDNjNmM5Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIQFNgwDQYJKoZIhvcNAQELBQADggEBAFuxLO5gRP1tYYmoow0j5D4acGsP
+rrxmQObcDpyOYuadwuO8MRLzWt/IkDMeQpLdfkIr7CiIGNdT/VLZxwgEr5s9zkL
q/SFuAMsrBBwTP76wCluzIlbzC21xBeQnQBy84HwfOeEZoCKNHjYS4zGR4/TxZys
C5/ZHlP+C9ehUCYIeNe6H1rKrLRfl0nCXaAocyYytcOUQvS5oEOhxLB2PtjtKeQe
iufR6NluA0fIJG5u0sp83c7rpBOp+Cjlt8ndJ398hBULfE7rsxSvq1ta4Xv61k09
t0zvxevAD+2Kbll948SWvG2czF0WSAV8L8bO+UjcqMk2+ouU9ARVl/MmcY8=
-----END CERTIFICATE-----