Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a438b97-e9f3-4196-a733-68b2f96aa637.roa
File:                     9a438b97-e9f3-4196-a733-68b2f96aa637.roa (raw, json)
Hash identifier:          Tt+g+a6vIMX1auVv9UTvPDc9nkEQMAhK7+D7Ha2xIIU=
Subject key identifier:   2B:2A:72:99:F1:B1:00:D8:A1:AD:4E:3C:BF:40:08:41:A5:CC:DF:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32BDCDE502F88031B2CDF8C39890A291819A878D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a438b97-e9f3-4196-a733-68b2f96aa637.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.26.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:bd:cd:e5:02:f8:80:31:b2:cd:f8:c3:98:90:a2:91:81:9a:87:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=85102e77c2d7ddfb65d67adf67dbf38c7520c74a1ed6a5b15fc24c1f39f0ea98, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:82:9d:23:b8:39:42:14:41:73:29:11:9b:11:
                    7b:a5:53:49:48:2c:57:21:4b:75:17:62:4d:b0:06:
                    4a:0a:d1:a7:19:8a:b3:e4:8f:5e:3c:1f:9a:11:ef:
                    e3:da:fa:7e:64:ca:c8:0e:b1:9c:73:20:b3:8e:75:
                    67:e6:8b:41:62:cc:d4:ef:04:ce:a8:7f:a9:4a:fc:
                    70:cc:03:e5:1a:c1:2b:ef:3d:d5:d9:2e:7b:7a:92:
                    fc:6b:9e:b8:0f:9c:0b:77:70:83:0f:2e:44:b8:e1:
                    12:6f:11:2f:8e:67:90:83:44:94:5b:29:89:f6:3e:
                    b1:6a:cb:5f:ce:15:a1:1a:c8:40:d6:0a:14:49:a0:
                    cc:3b:a5:99:01:40:80:ae:25:3e:e7:6c:09:0b:6a:
                    52:66:f5:66:f9:86:de:49:a9:69:fe:8b:4a:5b:56:
                    2b:26:fe:02:97:bf:c9:09:55:68:d0:df:67:28:73:
                    88:d4:58:34:9a:3f:89:d4:49:4b:7a:ed:ad:a3:eb:
                    91:1e:11:d5:15:72:64:df:ff:e9:87:33:ff:5e:14:
                    f2:d1:aa:1e:3d:61:1f:23:46:ed:ba:72:2f:21:ef:
                    75:68:ef:95:6a:35:27:94:02:85:02:76:64:4a:15:
                    99:c6:67:fa:35:21:db:6f:d2:5f:8c:fa:0f:1f:61:
                    e8:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:2A:72:99:F1:B1:00:D8:A1:AD:4E:3C:BF:40:08:41:A5:CC:DF:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a438b97-e9f3-4196-a733-68b2f96aa637.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.26.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0a:63:9b:01:4d:5d:61:70:eb:96:e8:82:ef:4c:1a:5f:0d:f9:
         11:5c:17:36:37:40:c7:78:b9:5d:9f:25:3d:a8:ac:7b:bc:57:
         49:23:3e:ea:53:be:c7:f1:08:03:66:2a:b9:87:4d:12:51:5c:
         35:1f:0d:94:a3:ac:1e:85:38:a7:ab:6e:c3:41:8e:c8:3d:33:
         a7:9b:d2:83:b2:3f:a2:6f:fb:49:c0:63:dd:25:22:cf:0a:52:
         ac:70:1d:5e:49:a4:db:78:f0:c2:df:3c:a3:31:f6:00:9d:e3:
         ea:09:74:96:d6:e9:ae:97:f0:bb:fd:55:d8:1e:34:2d:bf:ed:
         62:6e:ca:3f:17:95:e5:d7:2e:47:58:a7:d9:71:77:7d:b7:4a:
         b1:dd:2b:9d:9b:dd:98:2b:76:3c:b5:6e:15:7e:07:db:6e:43:
         12:5d:84:42:8d:d9:b5:99:a5:e4:c8:a0:38:2f:21:ee:7c:ce:
         3e:73:b0:e0:8a:49:70:23:ce:72:6b:45:d5:1c:09:25:1c:fa:
         06:2c:73:c1:03:e5:d0:a4:99:20:7d:6f:d5:dc:76:03:e1:0c:
         32:66:54:07:49:ee:bd:43:ac:4b:d0:69:67:2c:f2:37:9f:a0:
         01:4f:58:f9:07:14:fc:f0:7d:35:18:90:03:47:65:66:1d:52:
         74:2e:aa:d4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMr3N5QL4gDGyzfjDmJCikYGah40wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NTEwMmU3N2MyZDdkZGZiNjVkNjdhZGY2N2RiZjM4Yzc1
MjBjNzRhMWVkNmE1YjE1ZmMyNGMxZjM5ZjBlYTk4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwgp0juDlCFEFzKRGbEXulU0lILFchS3UXYk2wBkoK0acZ
irPkj148H5oR7+Pa+n5kysgOsZxzILOOdWfmi0FizNTvBM6of6lK/HDMA+UawSvv
PdXZLnt6kvxrnrgPnAt3cIMPLkS44RJvES+OZ5CDRJRbKYn2PrFqy1/OFaEayEDW
ChRJoMw7pZkBQICuJT7nbAkLalJm9Wb5ht5JqWn+i0pbVism/gKXv8kJVWjQ32co
c4jUWDSaP4nUSUt67a2j65EeEdUVcmTf/+mHM/9eFPLRqh49YR8jRu26ci8h73Vo
75VqNSeUAoUCdmRKFZnGZ/o1Idtv0l+M+g8fYei7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKypymfGxANihrU48v0AIQaXM3zwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhNDM4Yjk3LWU5ZjMtNDE5Ni1hNzMzLTY4YjJmOTZhYTYzNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQGjANBgkqhkiG9w0BAQsFAAOCAQEACmObAU1dYXDrluiC70waXw35EVwX
NjdAx3i5XZ8lPaise7xXSSM+6lO+x/EIA2YquYdNElFcNR8NlKOsHoU4p6tuw0GO
yD0zp5vSg7I/om/7ScBj3SUizwpSrHAdXkmk23jwwt88ozH2AJ3j6gl0ltbprpfw
u/1V2B40Lb/tYm7KPxeV5dcuR1in2XF3fbdKsd0rnZvdmCt2PLVuFX4H225DEl2E
Qo3ZtZml5MigOC8h7nzOPnOw4IpJcCPOcmtF1RwJJRz6BixzwQPl0KSZIH1v1dx2
A+EMMmZUB0nuvUOsS9BpZyzyN5+gAU9Y+QcU/PB9NRiQA0dlZh1SdC6q1A==
-----END CERTIFICATE-----