Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bbdb4be-b335-4a42-a543-d822f841bb95.roa
File:                     8bbdb4be-b335-4a42-a543-d822f841bb95.roa (raw, json)
Hash identifier:          q+3xcdE+g97mWAfHpYzDvzSeT4dE1UOxpPnMQaveSyQ=
Subject key identifier:   1F:87:46:FE:A9:6F:CA:AD:46:2D:16:A6:DD:69:BC:D3:F0:D9:2D:2C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F6436DAF348960DDD0BA26F41A3AB7D974456A9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bbdb4be-b335-4a42-a543-d822f841bb95.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.117.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:64:36:da:f3:48:96:0d:dd:0b:a2:6f:41:a3:ab:7d:97:44:56:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=6e681b76803e6a563f5d5f4ef898354b9b2f5f304aeede97ff06dfc44173e46f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2d:b0:b1:88:b8:87:a3:9a:22:d5:73:18:50:
                    b5:6b:45:b7:8d:71:50:2e:82:c5:9b:37:88:02:45:
                    0b:02:b0:dc:d6:fd:4e:16:bf:f6:8a:20:1b:60:db:
                    2b:a0:a0:45:21:2e:e0:6e:27:49:2a:41:dc:00:cc:
                    da:81:e7:67:d4:c4:97:94:de:40:f3:37:88:d6:14:
                    89:fa:57:46:a2:73:4a:57:aa:d7:4f:ea:de:ae:1a:
                    72:87:97:35:d5:d6:42:a9:2a:f9:cb:22:dc:71:9d:
                    39:b4:76:52:be:4a:ca:69:c3:fa:c6:f3:93:b8:0f:
                    2b:98:26:09:65:98:b4:3f:5f:db:80:00:cf:56:49:
                    af:c4:91:f3:ca:21:36:ba:c9:4b:f2:27:6f:c2:3b:
                    5e:fa:ab:9d:3b:eb:70:1e:c0:05:10:a8:e0:13:1b:
                    7a:88:b4:6f:cd:4b:ed:28:6b:3f:aa:75:95:9c:6b:
                    f4:49:18:ad:4f:e0:75:bf:dd:99:7c:c3:81:c0:2b:
                    63:2a:eb:5e:08:67:cd:a2:15:6a:9f:4c:45:e2:72:
                    f2:9e:02:6d:d1:3d:47:3d:c2:0b:a4:06:40:10:7f:
                    9a:19:48:ae:3c:d3:ef:1b:ee:fd:46:09:e3:89:e8:
                    e7:e0:39:40:db:54:bc:47:ba:87:23:d4:e9:c6:b2:
                    a4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:87:46:FE:A9:6F:CA:AD:46:2D:16:A6:DD:69:BC:D3:F0:D9:2D:2C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8bbdb4be-b335-4a42-a543-d822f841bb95.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.117.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         60:77:57:fd:4c:dd:30:cc:12:c2:40:42:c5:6c:bf:3f:c4:bc:
         da:72:66:27:7e:4f:b7:b5:65:d8:4c:ec:b9:70:e9:f4:42:41:
         92:38:06:96:8c:6d:15:a1:ff:28:f1:6c:c0:70:b1:15:d6:e3:
         30:19:d9:3b:9f:2e:2c:81:57:b7:b5:f9:04:66:ba:99:de:a1:
         56:d9:ec:df:57:41:27:2a:7a:43:0f:85:42:c0:39:6d:14:1a:
         6a:e9:a3:da:90:b7:ec:7e:a0:68:72:82:8d:8a:a4:5c:e2:fb:
         60:11:4a:67:2e:46:e4:6a:66:b9:d0:b7:c9:1b:d8:61:72:bb:
         3b:ec:6c:20:3f:fc:9c:88:45:12:1f:41:9d:01:85:c2:f0:41:
         0a:b1:01:71:91:3d:fd:17:0a:c7:dd:dc:b5:63:d4:c2:49:c3:
         b3:60:3b:90:d5:76:5d:34:f9:50:25:31:43:8b:05:d3:cc:6d:
         1c:0c:82:3f:34:b0:c3:ff:e1:01:48:97:54:b4:4f:67:fd:3f:
         3f:30:cc:21:6d:b9:e3:4d:72:8c:56:4c:cf:e9:76:99:2e:15:
         18:6b:d0:37:06:89:5c:3f:1a:d5:40:db:b5:73:c4:86:54:23:
         c1:0b:7f:ee:9b:a9:3c:8c:00:eb:46:4b:b9:2b:18:75:46:d4:
         5d:ef:e3:82
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUX2Q22vNIlg3dC6JvQaOrfZdEVqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZTY4MWI3NjgwM2U2YTU2M2Y1ZDVmNGVmODk4MzU0Yjli
MmY1ZjMwNGFlZWRlOTdmZjA2ZGZjNDQxNzNlNDZmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMLbCxiLiHo5oi1XMYULVrRbeNcVAugsWbN4gCRQsCsNzW
/U4Wv/aKIBtg2yugoEUhLuBuJ0kqQdwAzNqB52fUxJeU3kDzN4jWFIn6V0aic0pX
qtdP6t6uGnKHlzXV1kKpKvnLItxxnTm0dlK+Ssppw/rG85O4DyuYJgllmLQ/X9uA
AM9WSa/EkfPKITa6yUvyJ2/CO176q50763AewAUQqOATG3qItG/NS+0oaz+qdZWc
a/RJGK1P4HW/3Zl8w4HAK2Mq614IZ82iFWqfTEXicvKeAm3RPUc9wgukBkAQf5oZ
SK480+8b7v1GCeOJ6OfgOUDbVLxHuocj1OnGsqRpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUH4dG/qlvyq1GLRam3Wm80/DZLSwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhiYmRiNGJlLWIzMzUtNGE0Mi1hNTQzLWQ4MjJmODQxYmI5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQdTANBgkqhkiG9w0BAQsFAAOCAQEAYHdX/UzdMMwSwkBCxWy/P8S82nJm
J35Pt7Vl2EzsuXDp9EJBkjgGloxtFaH/KPFswHCxFdbjMBnZO58uLIFXt7X5BGa6
md6hVtns31dBJyp6Qw+FQsA5bRQaaumj2pC37H6gaHKCjYqkXOL7YBFKZy5G5Gpm
udC3yRvYYXK7O+xsID/8nIhFEh9BnQGFwvBBCrEBcZE9/RcKx93ctWPUwknDs2A7
kNV2XTT5UCUxQ4sF08xtHAyCPzSww//hAUiXVLRPZ/0/PzDMIW25401yjFZMz+l2
mS4VGGvQNwaJXD8a1UDbtXPEhlQjwQt/7pupPIwA60ZLuSsYdUbUXe/jgg==
-----END CERTIFICATE-----