Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75265645-c36d-4ced-ba03-54398c227c9d.roa
File:                     75265645-c36d-4ced-ba03-54398c227c9d.roa (raw, json)
Hash identifier:          j9hlsoIWqriM8+L6y8cte3em3Z4DFFLp8Ad81WtnO3c=
Subject key identifier:   65:65:D5:84:B1:72:8A:43:53:76:8B:54:78:0F:8F:62:BC:A2:ED:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7C080AB160767513909F55731F3448571320A30F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75265645-c36d-4ced-ba03-54398c227c9d.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.207.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:08:0a:b1:60:76:75:13:90:9f:55:73:1f:34:48:57:13:20:a3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=64355445613d09e0fce860f10dbe6e5c83c1cb6c3f317b0d9014709c13604b56, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:40:07:88:06:0f:4a:9a:c8:e6:59:a5:3d:2b:
                    07:9b:99:40:72:b8:65:54:fb:e1:b5:e2:55:f0:b1:
                    dc:f2:2b:5d:61:d6:9f:a4:c2:1d:b9:5e:c7:e0:ff:
                    57:41:71:61:94:82:ff:19:90:15:30:0a:12:36:2d:
                    20:f2:a0:9f:96:d5:e8:ae:3d:0f:25:89:6e:1e:ba:
                    17:00:d1:07:f7:05:b7:5e:eb:f5:d1:d4:8f:d2:24:
                    00:28:35:96:49:9d:97:fe:ad:e3:aa:b2:c4:cf:fc:
                    db:08:2d:ba:6d:61:bb:05:0a:8f:88:f9:dc:76:06:
                    3d:d0:1f:0f:66:42:e3:82:ae:0f:43:86:26:53:f7:
                    2e:29:13:ea:8e:63:b4:b4:fe:35:f0:c4:e5:c0:5e:
                    87:fa:c0:1c:36:81:8b:f6:32:b7:cf:b7:d0:b8:25:
                    72:29:f3:cb:cd:cd:e8:29:f1:14:3c:f8:c0:0b:35:
                    7e:fe:aa:1d:44:92:7d:e9:de:22:16:64:b6:f6:6b:
                    5d:d5:33:31:88:f3:26:60:ad:18:46:a7:61:1b:90:
                    d6:dd:21:5c:91:ec:c6:12:28:9d:41:b7:ec:92:ca:
                    ad:59:df:3e:7e:2f:12:26:88:7b:e6:db:ea:88:91:
                    70:44:72:c4:2a:a6:56:8a:d8:39:50:ce:99:c0:3e:
                    33:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:65:D5:84:B1:72:8A:43:53:76:8B:54:78:0F:8F:62:BC:A2:ED:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/75265645-c36d-4ced-ba03-54398c227c9d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.207.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ca:92:5d:6c:4d:e2:7e:10:06:15:10:7c:df:37:4c:d7:69:e3:
         57:34:f5:87:d6:18:4a:59:f9:e6:2f:dc:61:83:d2:4a:4c:2e:
         7e:37:ad:4b:cb:d4:24:cc:d4:52:02:50:e1:bd:dc:07:60:5f:
         4f:2c:81:a6:d0:33:1b:f4:d2:63:cf:c0:2a:ce:65:62:4f:a3:
         a0:0f:f8:2f:bc:0c:a8:3b:84:36:e3:d5:ee:86:a7:26:0d:5d:
         eb:d9:9d:4b:46:76:8a:5d:21:6f:58:3b:91:52:2d:e0:aa:2b:
         c7:8d:d2:d1:e6:98:47:6e:66:02:b5:df:3c:af:67:bf:16:ff:
         02:bd:7a:a7:db:cc:59:5b:6e:18:d9:1d:56:43:ac:3d:c2:44:
         7c:81:c6:4d:12:26:c1:98:30:35:63:51:3e:68:24:80:c6:e7:
         20:6e:37:13:42:5c:aa:04:25:dd:ce:b9:f0:d0:c2:b1:95:93:
         d3:e3:dd:b0:86:82:53:a5:ac:1e:3c:b7:17:55:cc:e3:9d:0d:
         89:f7:36:cf:39:9d:1b:22:9a:80:87:7c:19:43:fe:0f:23:03:
         72:86:8f:33:d6:6b:1e:b7:b7:e9:2d:8f:8c:1b:f9:4e:6d:58:
         08:b9:2a:05:ed:35:a9:36:fb:0b:ec:e6:86:f2:7b:42:01:f3:
         94:5e:dc:6c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUfAgKsWB2dROQn1VzHzRIVxMgow8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDM1NTQ0NTYxM2QwOWUwZmNlODYwZjEwZGJlNmU1Yzgz
YzFjYjZjM2YzMTdiMGQ5MDE0NzA5YzEzNjA0YjU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8QAeIBg9KmsjmWaU9KwebmUByuGVU++G14lXwsdzyK11h
1p+kwh25Xsfg/1dBcWGUgv8ZkBUwChI2LSDyoJ+W1eiuPQ8liW4euhcA0Qf3Bbde
6/XR1I/SJAAoNZZJnZf+reOqssTP/NsILbptYbsFCo+I+dx2Bj3QHw9mQuOCrg9D
hiZT9y4pE+qOY7S0/jXwxOXAXof6wBw2gYv2MrfPt9C4JXIp88vNzegp8RQ8+MAL
NX7+qh1Ekn3p3iIWZLb2a13VMzGI8yZgrRhGp2EbkNbdIVyR7MYSKJ1Bt+ySyq1Z
3z5+LxImiHvm2+qIkXBEcsQqplaK2DlQzpnAPjP1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUZWXVhLFyikNTdotUeA+PYryi7dQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc1MjY1NjQ1LWMzNmQtNGNlZC1iYTAzLTU0Mzk4YzIyN2M5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQzzANBgkqhkiG9w0BAQsFAAOCAQEAypJdbE3ifhAGFRB83zdM12njVzT1
h9YYSln55i/cYYPSSkwufjetS8vUJMzUUgJQ4b3cB2BfTyyBptAzG/TSY8/AKs5l
Yk+joA/4L7wMqDuENuPV7oanJg1d69mdS0Z2il0hb1g7kVIt4Korx43S0eaYR25m
ArXfPK9nvxb/Ar16p9vMWVtuGNkdVkOsPcJEfIHGTRImwZgwNWNRPmgkgMbnIG43
E0JcqgQl3c658NDCsZWT0+PdsIaCU6WsHjy3F1XM450Nifc2zzmdGyKagId8GUP+
DyMDcoaPM9ZrHre36S2PjBv5Tm1YCLkqBe01qTb7C+zmhvJ7QgHzlF7cbA==
-----END CERTIFICATE-----