Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/818085e6-bf62-48d9-a76d-5399fbddcfb9.roa
File:                     818085e6-bf62-48d9-a76d-5399fbddcfb9.roa (raw, json)
Hash identifier:          6NThSEAiJVZFxNJSmOJrwV5vBbSRjvWOPQ9sr/nUnUo=
Subject key identifier:   42:4C:F1:0A:90:EE:5A:31:E4:4B:C6:C5:F4:71:A6:09:76:A5:8E:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       50908C3A1AAC4548F77442E4E783A317E9EF6BFD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/818085e6-bf62-48d9-a76d-5399fbddcfb9.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.206.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:90:8c:3a:1a:ac:45:48:f7:74:42:e4:e7:83:a3:17:e9:ef:6b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=90293e83e95024bf7c94fcc4e42229a5f923b3544663fccc67b2ed96ed3eeed6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:59:23:47:50:5c:c2:88:81:a0:5b:66:77:5a:
                    2b:e0:be:f9:31:e3:7d:e8:e7:b9:8d:0e:26:50:dc:
                    b6:e8:34:4f:10:ab:9c:bd:3f:f5:20:5d:90:9f:cd:
                    92:92:5b:5c:56:94:a3:df:ad:b8:e3:b1:ef:30:d9:
                    8e:54:d9:10:31:33:c9:12:0f:35:0e:ce:41:07:61:
                    82:5c:c9:28:f2:95:91:94:a5:1a:48:ef:1c:52:76:
                    4e:e8:f7:9c:4a:29:0e:46:cb:a1:19:84:35:aa:a5:
                    b4:21:5d:66:09:35:15:96:76:3d:76:9b:44:17:6d:
                    32:62:d3:a6:16:f1:a8:79:28:50:c7:e9:9a:0c:c2:
                    da:4b:5a:9b:0d:5e:ba:04:d8:cc:45:09:d2:be:70:
                    d6:da:4a:e4:c9:a3:2f:51:46:aa:25:02:1d:b9:78:
                    33:b6:ee:24:af:90:fb:05:8d:5e:a9:b9:f1:08:e7:
                    1f:d5:c5:ac:48:25:e7:c9:4e:2c:7b:af:b8:83:06:
                    81:75:d6:f1:de:cf:57:8c:3e:fa:32:fd:fe:03:26:
                    e7:00:95:9c:83:be:61:ad:44:71:21:25:7b:3c:b8:
                    2d:65:b0:84:3c:74:50:7e:7b:3b:c8:07:ab:ef:f6:
                    d6:95:1f:db:7b:8a:98:a9:e0:d8:74:75:a0:d1:f8:
                    c0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:4C:F1:0A:90:EE:5A:31:E4:4B:C6:C5:F4:71:A6:09:76:A5:8E:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/818085e6-bf62-48d9-a76d-5399fbddcfb9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.206.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         39:77:55:a7:1d:3b:c0:0a:78:50:fd:07:95:e7:1b:a5:35:f8:
         11:7c:2b:f3:e3:77:f6:97:ed:58:6b:72:0e:7d:60:a1:c0:78:
         b2:63:0c:b5:37:4d:40:ca:6b:c7:c0:7c:98:ad:69:16:41:33:
         ea:ff:2f:52:f6:ca:50:7b:df:85:a2:1b:dd:5e:64:6f:e6:1b:
         d0:9f:7e:ec:30:f8:87:bf:9e:f7:06:a6:0f:db:4d:3b:9e:8a:
         85:76:cd:03:91:09:c1:75:77:ea:ed:95:5d:bf:13:1d:97:75:
         cc:c2:34:44:ee:a5:85:1b:f0:ed:5e:1b:51:93:63:5a:de:85:
         db:d8:36:78:d3:d0:b4:94:4d:70:f2:e5:6c:3f:72:45:25:bd:
         c5:6a:09:43:fb:6e:dd:2a:28:c0:99:4f:cc:5e:e1:1a:53:c0:
         31:74:d7:bd:14:76:69:a8:ef:0b:82:98:dc:36:9f:06:01:94:
         66:09:dc:31:77:be:66:6a:b7:f5:f7:3f:d6:cc:15:e6:3e:2b:
         9d:85:d8:44:3f:2e:54:76:ea:3e:fc:3f:c2:0d:d7:c4:8a:29:
         ec:30:db:7b:95:a6:dd:f5:52:11:88:c2:68:3e:d3:ed:f9:fb:
         ea:f5:58:f7:aa:db:7f:26:a6:4e:7a:a3:9a:34:e7:4a:ab:54:
         57:5c:53:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUJCMOhqsRUj3dELk54OjF+nva/0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDI5M2U4M2U5NTAyNGJmN2M5NGZjYzRlNDIyMjlhNWY5
MjNiMzU0NDY2M2ZjY2M2N2IyZWQ5NmVkM2VlZWQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCQWSNHUFzCiIGgW2Z3Wivgvvkx433o57mNDiZQ3LboNE8Q
q5y9P/UgXZCfzZKSW1xWlKPfrbjjse8w2Y5U2RAxM8kSDzUOzkEHYYJcySjylZGU
pRpI7xxSdk7o95xKKQ5Gy6EZhDWqpbQhXWYJNRWWdj12m0QXbTJi06YW8ah5KFDH
6ZoMwtpLWpsNXroE2MxFCdK+cNbaSuTJoy9RRqolAh25eDO27iSvkPsFjV6pufEI
5x/VxaxIJefJTix7r7iDBoF11vHez1eMPvoy/f4DJucAlZyDvmGtRHEhJXs8uC1l
sIQ8dFB+ezvIB6vv9taVH9t7ipip4Nh0daDR+MArAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQkzxCpDuWjHkS8bF9HGmCXaljsEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxODA4NWU2LWJmNjItNDhkOS1hNzZkLTUzOTlmYmRkY2ZiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQzjANBgkqhkiG9w0BAQsFAAOCAQEAOXdVpx07wAp4UP0HlecbpTX4EXwr
8+N39pftWGtyDn1gocB4smMMtTdNQMprx8B8mK1pFkEz6v8vUvbKUHvfhaIb3V5k
b+Yb0J9+7DD4h7+e9wamD9tNO56KhXbNA5EJwXV36u2VXb8THZd1zMI0RO6lhRvw
7V4bUZNjWt6F29g2eNPQtJRNcPLlbD9yRSW9xWoJQ/tu3SoowJlPzF7hGlPAMXTX
vRR2aajvC4KY3DafBgGUZgncMXe+Zmq39fc/1swV5j4rnYXYRD8uVHbqPvw/wg3X
xIop7DDbe5Wm3fVSEYjCaD7T7fn76vVY96rbfyamTnqjmjTnSqtUV1xTgg==
-----END CERTIFICATE-----