Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4674224c-cf76-4fcc-a64e-aa13c1a29d3a.roa
File:                     4674224c-cf76-4fcc-a64e-aa13c1a29d3a.roa (raw, json)
Hash identifier:          AOj3g4MmvXBfj9pTFrx05mVE/qHteGf7/1aw5jUsC80=
Subject key identifier:   82:BE:0E:FE:A6:F6:1A:43:09:A9:8A:6C:76:C1:B4:63:AF:57:6C:61
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6605D6069DC472101FB924607663649176D6C03F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4674224c-cf76-4fcc-a64e-aa13c1a29d3a.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.30.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:05:d6:06:9d:c4:72:10:1f:b9:24:60:76:63:64:91:76:d6:c0:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=c70ddb0f7f08342446ff42f442a91d81a11c6853619e1c0954afc60f218b0e99, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:cd:1a:ba:09:65:31:50:15:52:08:e9:c1:ee:
                    60:95:9a:a1:f9:eb:a4:54:a8:92:02:c2:79:5a:10:
                    a4:a8:7f:b0:6a:a8:2e:ba:95:03:09:cf:ad:58:d1:
                    7d:4c:cc:52:72:f8:85:0a:44:13:3a:18:1d:63:e3:
                    3d:18:a0:05:d4:37:63:36:21:b0:18:12:6a:de:3b:
                    94:e1:ad:bd:8d:8a:80:1e:91:99:66:2b:a5:41:5b:
                    d4:ab:d2:ee:d2:b1:2c:0f:31:f0:b1:ed:45:2e:46:
                    91:94:48:1a:92:8a:6a:2d:8c:83:6d:93:ae:68:cd:
                    31:7d:81:b3:a8:15:3f:c0:c9:75:8a:5b:52:e3:a7:
                    e9:dc:5b:a0:25:a7:c2:00:a6:5c:56:72:eb:ff:90:
                    6f:6e:ed:2b:a3:34:44:e3:20:10:82:27:61:4f:29:
                    96:03:63:95:d8:0b:e0:2e:11:17:3a:17:33:da:49:
                    d2:ab:df:c1:15:86:dc:46:d9:69:4e:04:02:80:fd:
                    30:89:14:bd:91:8f:8a:7e:b8:b2:cc:e1:52:71:a5:
                    ba:2b:91:4c:25:41:53:fa:f3:3f:c3:2c:eb:3b:94:
                    50:7e:5f:ad:ba:58:1d:31:2a:14:da:bd:11:f5:31:
                    f8:3c:cf:1e:a2:a5:9e:4b:78:05:e0:91:94:3b:e6:
                    47:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:BE:0E:FE:A6:F6:1A:43:09:A9:8A:6C:76:C1:B4:63:AF:57:6C:61
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4674224c-cf76-4fcc-a64e-aa13c1a29d3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.30.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:70:6b:aa:54:af:75:23:62:bd:77:74:7d:7e:50:3c:d1:99:
         46:bd:00:ae:4d:c4:fb:93:ee:13:c8:99:29:14:f2:68:77:7d:
         3d:e4:36:fe:5b:4a:db:0f:56:ec:a1:05:92:d8:96:b7:2f:db:
         1e:8d:f6:fa:bc:34:7a:ee:8b:a6:b2:f5:a0:4c:7d:c3:d8:2f:
         7c:17:cf:32:e5:0a:be:35:64:2e:73:02:b3:a5:e9:60:1f:34:
         f7:70:c8:33:9a:38:93:d4:06:39:73:08:ba:68:86:a5:bf:4e:
         fc:eb:ce:18:23:2c:03:07:96:e4:81:33:e1:e6:2f:71:a4:7f:
         b5:9b:de:60:92:90:c9:9e:5d:a8:12:52:db:00:af:a3:84:2a:
         7c:4a:6e:30:3e:6b:cb:af:d0:dd:4b:5d:0c:2e:51:d1:a4:18:
         65:a7:f2:cf:0e:73:c4:2b:f0:f4:38:d4:76:85:fb:56:86:47:
         81:06:89:df:81:34:e3:24:e4:11:74:5c:42:e6:55:09:7e:96:
         83:bb:69:3f:58:5a:f9:c4:57:5d:98:be:51:42:fd:42:49:90:
         1d:a0:07:ef:1e:67:35:ed:02:16:ba:ef:1f:89:93:54:f3:ef:
         ee:14:ac:c0:bf:e4:e3:d8:10:7a:0f:ea:dc:71:5c:5f:5e:63:
         30:ba:0e:6e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZgXWBp3EchAfuSRgdmNkkXbWwD8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzBkZGIwZjdmMDgzNDI0NDZmZjQyZjQ0MmE5MWQ4MWEx
MWM2ODUzNjE5ZTFjMDk1NGFmYzYwZjIxOGIwZTk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTzRq6CWUxUBVSCOnB7mCVmqH566RUqJICwnlaEKSof7Bq
qC66lQMJz61Y0X1MzFJy+IUKRBM6GB1j4z0YoAXUN2M2IbAYEmreO5Thrb2NioAe
kZlmK6VBW9Sr0u7SsSwPMfCx7UUuRpGUSBqSimotjINtk65ozTF9gbOoFT/AyXWK
W1Ljp+ncW6Alp8IAplxWcuv/kG9u7SujNETjIBCCJ2FPKZYDY5XYC+AuERc6FzPa
SdKr38EVhtxG2WlOBAKA/TCJFL2Rj4p+uLLM4VJxpborkUwlQVP68z/DLOs7lFB+
X626WB0xKhTavRH1Mfg8zx6ipZ5LeAXgkZQ75kfRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgr4O/qb2GkMJqYpsdsG0Y69XbGEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2NzQyMjRjLWNmNzYtNGZjYy1hNjRlLWFhMTNjMWEyOWQzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQHjANBgkqhkiG9w0BAQsFAAOCAQEAWnBrqlSvdSNivXd0fX5QPNGZRr0A
rk3E+5PuE8iZKRTyaHd9PeQ2/ltK2w9W7KEFktiWty/bHo32+rw0eu6LprL1oEx9
w9gvfBfPMuUKvjVkLnMCs6XpYB8093DIM5o4k9QGOXMIumiGpb9O/OvOGCMsAweW
5IEz4eYvcaR/tZveYJKQyZ5dqBJS2wCvo4QqfEpuMD5ry6/Q3UtdDC5R0aQYZafy
zw5zxCvw9DjUdoX7VoZHgQaJ34E04yTkEXRcQuZVCX6Wg7tpP1ha+cRXXZi+UUL9
QkmQHaAH7x5nNe0CFrrvH4mTVPPv7hSswL/k49gQeg/q3HFcX15jMLoObg==
-----END CERTIFICATE-----