Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a577e49-2663-4f75-8a4f-8e3a12046599.roa
File:                     5a577e49-2663-4f75-8a4f-8e3a12046599.roa (raw, json)
Hash identifier:          EpEHNMiIL8AzOlNp2sLx+tx9nimuLwQwVYhvOSYmAnw=
Subject key identifier:   8D:78:1E:4C:7E:1D:15:F3:DA:D6:3E:8E:FC:A3:3A:3F:63:12:80:2F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7588869B5F1C8B70957B3E3AB0E420BA7324A4BB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a577e49-2663-4f75-8a4f-8e3a12046599.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.177.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:88:86:9b:5f:1c:8b:70:95:7b:3e:3a:b0:e4:20:ba:73:24:a4:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=a17214e5a2b5dd60dc81ffef66f11c9f770faa4d85328236c7b92b39cae8a1f7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8d:4c:56:ca:9d:9b:7c:7a:5d:0b:a9:a3:1e:
                    a9:46:ef:02:27:a6:df:ec:03:9a:af:15:cb:9a:5a:
                    79:07:93:2e:ce:27:dc:cb:54:e5:88:fe:71:4c:23:
                    b7:f3:4c:ce:9b:e9:a1:7e:e4:f0:56:20:85:02:85:
                    c6:d0:50:3d:31:2c:dd:d7:58:df:3c:59:1e:49:e6:
                    a0:8c:66:b3:2c:47:fe:48:5c:cf:ed:23:e0:6c:bb:
                    3f:e4:ad:49:1e:a7:f7:e4:32:5a:33:8c:2c:1e:e2:
                    f9:8d:d8:40:ba:11:7a:df:c5:7d:77:6a:3d:02:5b:
                    eb:45:90:d0:e8:cf:b8:df:d5:62:c5:4f:ba:de:fc:
                    b7:94:27:03:8d:fc:65:9a:16:21:62:f5:2f:2d:14:
                    50:62:1d:87:96:d7:80:9d:4d:29:f0:93:0c:2e:2d:
                    1e:77:6c:39:ef:00:34:12:a0:9e:fd:70:65:49:ad:
                    9a:cd:eb:23:cc:88:4a:9b:6d:61:eb:52:a7:bb:f5:
                    58:d7:38:b8:3a:c8:db:4e:53:7b:70:aa:34:60:89:
                    b9:1d:d9:8e:8c:38:79:ea:82:03:21:b9:50:b9:6d:
                    73:ff:fb:a9:76:9d:2c:16:c2:7a:f9:25:54:17:83:
                    6a:a8:a4:90:76:04:64:cf:ea:e2:be:8f:82:26:ac:
                    5d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:78:1E:4C:7E:1D:15:F3:DA:D6:3E:8E:FC:A3:3A:3F:63:12:80:2F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5a577e49-2663-4f75-8a4f-8e3a12046599.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.177.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bd:42:3c:a9:0f:b6:4f:1f:c7:80:f0:9c:04:14:5a:c4:1f:b7:
         e3:43:db:91:1d:e3:74:58:77:ba:c0:4e:c9:83:71:82:2d:38:
         fe:ae:be:39:04:db:99:d3:9f:dc:77:33:65:64:49:58:39:0d:
         98:9c:63:65:b6:38:97:51:53:6f:0b:8b:fa:86:b6:8e:16:10:
         7f:5a:79:f4:cb:01:2e:d8:4c:77:b9:04:50:e2:3f:fa:f0:42:
         a1:06:0e:1e:84:d9:6c:7c:24:84:bc:9f:3b:7b:fe:3b:d3:84:
         d7:b2:55:5d:7f:c8:f4:0e:36:cd:2d:c6:b8:eb:26:17:05:69:
         87:0e:bc:b9:4e:07:65:a1:95:8e:9d:af:bb:dc:07:bb:f2:be:
         8b:d5:94:7c:43:fa:7f:2f:1d:43:d0:af:e7:1e:ec:9e:1e:75:
         19:bb:03:d2:35:0d:c8:22:09:c5:2c:b1:b0:fc:75:a7:fb:01:
         ee:82:89:b8:4e:01:03:00:e7:eb:32:8c:e9:c0:0a:58:02:f2:
         52:94:b9:f2:fb:ee:23:e6:6f:74:4f:b8:99:52:58:a5:3a:b2:
         87:c0:40:bd:be:94:2f:a7:cb:2e:a4:38:f4:cb:24:0c:aa:5c:
         46:f1:64:7f:9c:74:37:29:e9:eb:d0:27:6f:72:8f:ee:26:8e:
         06:48:c2:ba
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdYiGm18ci3CVez46sOQgunMkpLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMTcyMTRlNWEyYjVkZDYwZGM4MWZmZWY2NmYxMWM5Zjc3
MGZhYTRkODUzMjgyMzZjN2I5MmIzOWNhZThhMWY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVjUxWyp2bfHpdC6mjHqlG7wInpt/sA5qvFcuaWnkHky7O
J9zLVOWI/nFMI7fzTM6b6aF+5PBWIIUChcbQUD0xLN3XWN88WR5J5qCMZrMsR/5I
XM/tI+Bsuz/krUkep/fkMlozjCwe4vmN2EC6EXrfxX13aj0CW+tFkNDoz7jf1WLF
T7re/LeUJwON/GWaFiFi9S8tFFBiHYeW14CdTSnwkwwuLR53bDnvADQSoJ79cGVJ
rZrN6yPMiEqbbWHrUqe79VjXOLg6yNtOU3twqjRgibkd2Y6MOHnqggMhuVC5bXP/
+6l2nSwWwnr5JVQXg2qopJB2BGTP6uK+j4ImrF1ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjXgeTH4dFfPa1j6O/KM6P2MSgC8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzVhNTc3ZTQ5LTI2NjMtNGY3NS04YTRmLThlM2ExMjA0NjU5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQsTANBgkqhkiG9w0BAQsFAAOCAQEAvUI8qQ+2Tx/HgPCcBBRaxB+340Pb
kR3jdFh3usBOyYNxgi04/q6+OQTbmdOf3HczZWRJWDkNmJxjZbY4l1FTbwuL+oa2
jhYQf1p59MsBLthMd7kEUOI/+vBCoQYOHoTZbHwkhLyfO3v+O9OE17JVXX/I9A42
zS3GuOsmFwVphw68uU4HZaGVjp2vu9wHu/K+i9WUfEP6fy8dQ9Cv5x7snh51GbsD
0jUNyCIJxSyxsPx1p/sB7oKJuE4BAwDn6zKM6cAKWALyUpS58vvuI+ZvdE+4mVJY
pTqyh8BAvb6UL6fLLqQ49MskDKpcRvFkf5x0Nynp69Anb3KP7iaOBkjCug==
-----END CERTIFICATE-----