Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e09fc4d-71e0-45e1-aefe-40316c549c61.roa
File:                     4e09fc4d-71e0-45e1-aefe-40316c549c61.roa (raw, json)
Hash identifier:          tI/cYwTP+VKvWxCiGbA1+5Kuh3Ce78lC1SOzgwVhPxw=
Subject key identifier:   D3:B6:64:71:F8:93:D9:97:8D:A1:1D:10:4F:6A:75:C8:BA:CC:42:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       24779BE5143BFADEC485BA9142BE83C651A84DDA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e09fc4d-71e0-45e1-aefe-40316c549c61.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.16.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:77:9b:e5:14:3b:fa:de:c4:85:ba:91:42:be:83:c6:51:a8:4d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=0a9075de25882c39cb98802eab7217256a9b699822c79f64d82d019659e8dc34, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7f:96:c7:41:25:15:a4:48:2a:5e:86:f0:b8:
                    4d:f4:84:6d:97:2d:b7:e2:83:bd:fa:0b:89:a1:bc:
                    22:66:58:e1:14:78:1c:fb:ed:f6:ee:e7:bb:fe:00:
                    3e:0b:7a:72:1a:f8:a1:8f:b6:70:0f:b6:23:26:b8:
                    c5:c0:7a:64:fd:42:8c:da:27:3b:fb:fb:8f:fb:22:
                    a8:b5:3c:21:ee:96:e3:08:8c:36:95:29:67:91:1f:
                    bb:dc:ea:76:ad:a8:9f:33:16:b5:09:1b:8e:26:13:
                    cf:db:df:22:1f:8e:df:ec:c2:1d:fa:0c:28:f8:16:
                    74:34:41:e8:27:45:ab:24:d2:3a:9b:4c:4f:05:3a:
                    ee:fb:c3:0d:48:97:69:51:70:3f:60:09:69:28:49:
                    3e:ec:3e:54:95:c7:05:ca:6b:a3:85:a8:49:ae:bc:
                    bc:d5:08:12:72:65:0a:33:a0:e5:cd:9b:f5:a6:4f:
                    23:b3:b4:b3:53:1c:09:23:e7:cd:3f:c9:00:34:90:
                    7b:94:78:b7:f9:66:9f:81:d2:43:ab:7a:16:38:07:
                    ac:30:e1:9f:25:a7:76:f8:6d:e2:19:73:e4:b3:78:
                    3e:96:bc:d3:91:60:a7:15:6f:77:0a:51:ff:d0:f5:
                    51:cd:cf:a8:cd:59:f6:8b:9a:df:26:08:eb:06:3d:
                    1f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:B6:64:71:F8:93:D9:97:8D:A1:1D:10:4F:6A:75:C8:BA:CC:42:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e09fc4d-71e0-45e1-aefe-40316c549c61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.16.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:59:3f:4d:02:cb:8b:8a:c6:0a:e9:23:f6:76:0e:d3:d6:dd:
         7b:8e:8e:45:da:4d:ba:5d:2b:37:6b:8d:e3:30:19:5f:19:e3:
         68:25:1d:f9:b1:60:9b:bd:1b:99:d8:b8:b3:5a:e6:29:fa:a6:
         67:59:e1:7a:8d:ff:88:c6:04:51:39:5e:1f:aa:dc:2e:37:1d:
         3c:bc:79:8c:c8:d3:88:6c:4d:12:0f:f8:94:2b:9d:ef:a6:1f:
         1d:8e:ec:78:85:08:f0:43:44:64:9c:7d:22:4c:41:0c:2f:b9:
         a2:2d:0c:fd:8b:cd:a7:1a:fb:8e:10:7f:4e:80:96:3b:6b:8e:
         61:a1:14:d5:70:e0:cf:5b:53:e6:24:94:39:0a:d3:a7:1f:94:
         15:8b:3a:8f:ca:89:e8:4c:b0:b0:9b:aa:da:06:25:a1:e8:23:
         9d:33:97:32:df:e0:13:60:5e:ea:fe:57:10:42:d9:dd:b9:6f:
         cb:16:f0:0a:46:f4:0b:41:e9:d3:67:8a:77:24:86:34:93:b8:
         03:dd:13:10:72:b8:13:7c:3c:0f:a0:73:20:f7:0c:54:e4:a3:
         ee:0a:13:68:b6:4e:98:58:22:c2:fe:00:75:c8:72:5b:fe:3c:
         9b:46:ef:06:55:6a:96:dd:0f:fb:ac:6c:e5:e5:0d:eb:b4:da:
         3e:7d:9c:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJHeb5RQ7+t7EhbqRQr6DxlGoTdowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTkwNzVkZTI1ODgyYzM5Y2I5ODgwMmVhYjcyMTcyNTZh
OWI2OTk4MjJjNzlmNjRkODJkMDE5NjU5ZThkYzM0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9f5bHQSUVpEgqXobwuE30hG2XLbfig736C4mhvCJmWOEU
eBz77fbu57v+AD4LenIa+KGPtnAPtiMmuMXAemT9QozaJzv7+4/7Iqi1PCHuluMI
jDaVKWeRH7vc6natqJ8zFrUJG44mE8/b3yIfjt/swh36DCj4FnQ0QegnRask0jqb
TE8FOu77ww1Il2lRcD9gCWkoST7sPlSVxwXKa6OFqEmuvLzVCBJyZQozoOXNm/Wm
TyOztLNTHAkj580/yQA0kHuUeLf5Zp+B0kOrehY4B6ww4Z8lp3b4beIZc+SzeD6W
vNORYKcVb3cKUf/Q9VHNz6jNWfaLmt8mCOsGPR91AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU07ZkcfiT2ZeNoR0QT2p1yLrMQl8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRlMDlmYzRkLTcxZTAtNDVlMS1hZWZlLTQwMzE2YzU0OWM2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQEDANBgkqhkiG9w0BAQsFAAOCAQEAeVk/TQLLi4rGCukj9nYO09bde46O
RdpNul0rN2uN4zAZXxnjaCUd+bFgm70bmdi4s1rmKfqmZ1nheo3/iMYEUTleH6rc
LjcdPLx5jMjTiGxNEg/4lCud76YfHY7seIUI8ENEZJx9IkxBDC+5oi0M/YvNpxr7
jhB/ToCWO2uOYaEU1XDgz1tT5iSUOQrTpx+UFYs6j8qJ6EywsJuq2gYloegjnTOX
Mt/gE2Be6v5XEELZ3blvyxbwCkb0C0Hp02eKdySGNJO4A90TEHK4E3w8D6BzIPcM
VOSj7goTaLZOmFgiwv4AdchyW/48m0bvBlVqlt0P+6xs5eUN67TaPn2cgg==
-----END CERTIFICATE-----