Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/84faf747-831c-4780-ae98-aaac69fb6976.roa
File:                     84faf747-831c-4780-ae98-aaac69fb6976.roa (raw, json)
Hash identifier:          NvlehGQd2O+glwMp1sGpJHZ7xpUTIv3vKqtnorcv6fM=
Subject key identifier:   59:C4:96:9B:A9:01:5B:AA:DA:FA:EE:21:36:C7:D8:2A:B9:0C:AF:14
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       598766FD53F9DE60F124BBDF43FD0A33F4596361
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/84faf747-831c-4780-ae98-aaac69fb6976.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.210.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:87:66:fd:53:f9:de:60:f1:24:bb:df:43:fd:0a:33:f4:59:63:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=4d3b179daae3b337343ad3ef6bb281c086444156dd3d4f8a7759f9077da1827c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:fd:46:01:8e:87:83:9c:b3:66:71:e7:63:5a:
                    46:62:f7:cf:1d:a7:ab:73:e9:ab:17:86:01:2f:ef:
                    42:87:fe:69:be:f2:51:dd:6e:f9:ed:b9:86:be:72:
                    07:11:f6:cc:32:f8:c1:c6:1b:9d:76:9f:24:9e:60:
                    a2:8a:55:0f:0b:9c:31:cb:48:04:8e:20:00:98:dd:
                    7b:35:15:21:5c:0a:27:35:bf:fb:2b:4b:2e:48:29:
                    44:cf:7e:18:47:09:7d:b8:a6:f3:64:7c:3e:15:e9:
                    6b:67:86:12:3a:4c:e8:0f:60:2d:b2:38:57:f8:38:
                    86:cb:e1:d5:40:7e:f2:2d:5a:7a:be:62:fa:28:ba:
                    42:1a:4a:9f:4a:84:f8:04:b4:2a:b8:95:4f:6b:f1:
                    63:50:a9:45:95:65:a5:22:6e:1e:fb:14:c7:f6:5a:
                    7f:47:80:66:f3:e0:e3:8a:69:e8:19:00:62:4f:43:
                    a6:85:20:43:4e:3c:f0:f3:05:d8:b7:22:1b:2c:27:
                    f1:ae:9a:39:0b:75:0b:52:67:d2:b3:d6:66:a8:e0:
                    41:f8:3a:59:08:9b:ef:30:d6:43:d7:c6:a2:0d:a6:
                    c3:94:25:f9:aa:b6:a9:03:ba:be:26:f8:a0:7c:6c:
                    31:40:5b:00:28:d6:af:81:9e:78:a4:1b:6b:71:27:
                    77:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C4:96:9B:A9:01:5B:AA:DA:FA:EE:21:36:C7:D8:2A:B9:0C:AF:14
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/84faf747-831c-4780-ae98-aaac69fb6976.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         78:a4:a6:9b:21:93:0f:76:2f:52:30:bf:d3:ea:15:8d:44:2d:
         f2:46:5e:47:e4:72:6d:2a:06:da:06:d6:66:cd:24:19:e1:c6:
         7b:cf:37:7b:5c:7a:5f:1f:81:e2:fa:05:ca:dd:80:96:7e:1d:
         35:e7:36:ec:a3:88:56:dd:fe:50:7b:e7:69:29:a4:98:62:e3:
         40:00:91:d4:6a:4f:3a:e0:46:c6:55:f6:ce:04:90:36:5b:37:
         b7:da:e5:33:1e:0d:14:33:b0:41:ec:97:f2:95:d1:b8:7c:f7:
         64:87:3d:a3:e3:8f:bb:44:3b:59:88:8a:a3:20:33:fe:b9:5e:
         62:32:0c:32:db:b2:56:f5:b7:9f:89:06:fd:83:ec:64:9a:d7:
         9f:22:aa:2d:9d:18:b7:2d:81:16:7a:9b:e7:34:a7:9b:25:9b:
         d3:21:8a:91:3f:bf:39:44:95:a7:20:11:7c:ef:23:66:62:34:
         9d:e4:9d:91:86:31:68:b5:4b:57:67:23:ee:59:a3:42:ee:43:
         f2:cc:9a:cb:17:1f:fd:44:e4:2d:35:f9:8c:96:15:13:f0:a1:
         cc:75:dd:fd:21:57:46:19:09:bf:3c:e6:d6:24:c0:06:f7:5d:
         39:82:cf:83:8b:60:91:ed:95:1c:33:4c:c0:ec:61:16:7e:20:
         8c:1c:e6:39
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWYdm/VP53mDxJLvfQ/0KM/RZY2EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZDNiMTc5ZGFhZTNiMzM3MzQzYWQzZWY2YmIyODFjMDg2
NDQ0MTU2ZGQzZDRmOGE3NzU5ZjkwNzdkYTE4MjdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa/UYBjoeDnLNmcedjWkZi988dp6tz6asXhgEv70KH/mm+
8lHdbvntuYa+cgcR9swy+MHGG512nySeYKKKVQ8LnDHLSASOIACY3Xs1FSFcCic1
v/srSy5IKUTPfhhHCX24pvNkfD4V6WtnhhI6TOgPYC2yOFf4OIbL4dVAfvItWnq+
YvooukIaSp9KhPgEtCq4lU9r8WNQqUWVZaUibh77FMf2Wn9HgGbz4OOKaegZAGJP
Q6aFIENOPPDzBdi3IhssJ/GumjkLdQtSZ9Kz1mao4EH4OlkIm+8w1kPXxqINpsOU
JfmqtqkDur4m+KB8bDFAWwAo1q+BnnikG2txJ3cNAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWcSWm6kBW6ra+u4hNsfYKrkMrxQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg0ZmFmNzQ3LTgzMWMtNDc4MC1hZTk4LWFhYWM2OWZiNjk3Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQ0jANBgkqhkiG9w0BAQsFAAOCAQEAeKSmmyGTD3YvUjC/0+oVjUQt8kZe
R+RybSoG2gbWZs0kGeHGe883e1x6Xx+B4voFyt2Aln4dNec27KOIVt3+UHvnaSmk
mGLjQACR1GpPOuBGxlX2zgSQNls3t9rlMx4NFDOwQeyX8pXRuHz3ZIc9o+OPu0Q7
WYiKoyAz/rleYjIMMtuyVvW3n4kG/YPsZJrXnyKqLZ0Yty2BFnqb5zSnmyWb0yGK
kT+/OUSVpyARfO8jZmI0neSdkYYxaLVLV2cj7lmjQu5D8syayxcf/UTkLTX5jJYV
E/ChzHXd/SFXRhkJvzzm1iTABvddOYLPg4tgke2VHDNMwOxhFn4gjBzmOQ==
-----END CERTIFICATE-----