Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b00bc71c-3be6-4518-afcf-bc7faa0b4931.roa
File:                     b00bc71c-3be6-4518-afcf-bc7faa0b4931.roa (raw, json)
Hash identifier:          zjseg/1BDHmxFCXqB2upBc9ApauhINuDybDoQcngMUw=
Subject key identifier:   CD:30:0A:C4:B1:21:43:02:9B:3F:EE:8D:15:38:98:4C:09:24:5E:E6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       722069C5B4A6CCBFCDC9747BCAC9B2CE7AD8A504
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b00bc71c-3be6-4518-afcf-bc7faa0b4931.roa
Signing time:             Sat 11 Jan 2025 00:00:00 +0000
ROA not before:           Sat 11 Jan 2025 00:00:00 +0000
ROA not after:            Sat 15 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.199.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:20:69:c5:b4:a6:cc:bf:cd:c9:74:7b:ca:c9:b2:ce:7a:d8:a5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 11 00:00:00 2025 GMT
            Not After : Feb 15 23:59:59 2025 GMT
        Subject: serialNumber=ff79a4be50e51de93517cd5813a08fbfc811b2b6f0aa31853c900e7db59112e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:22:bd:3c:51:93:c4:58:0f:8a:87:33:73:66:
                    0e:76:04:62:f2:e8:a9:a7:3d:5b:3d:bc:3f:36:e6:
                    cc:6f:f3:78:40:92:0e:a6:29:53:f2:e4:6a:be:67:
                    70:a5:5a:44:1d:66:59:52:62:be:e3:b1:4e:9f:a7:
                    b1:61:c6:9a:4a:70:58:a7:6a:bb:0f:67:cf:83:a0:
                    2f:e0:7e:a4:7e:10:54:8b:3e:63:ca:67:14:e7:7c:
                    04:6a:85:01:b5:dd:7e:24:2e:64:b9:1a:80:ab:80:
                    f8:16:ac:a6:25:73:76:b5:a4:cc:c2:9d:c7:90:f2:
                    65:63:e7:0c:28:e2:02:2c:16:97:17:be:19:16:cb:
                    41:10:b3:68:b2:ff:31:c5:bc:cd:93:40:67:a2:4f:
                    86:ff:dc:47:33:f2:48:d6:31:e7:5c:fa:9c:e0:bc:
                    29:d9:cf:a2:05:39:b2:e8:b5:8d:36:14:57:64:93:
                    40:ae:90:3a:0c:d0:5a:7a:00:89:18:63:03:07:6a:
                    e5:55:77:b8:d2:53:db:39:f4:e3:b6:ba:c2:b8:78:
                    37:5d:97:5f:d4:50:a6:70:eb:88:f1:fe:72:1c:78:
                    b3:a7:24:09:18:3d:f6:56:0b:33:6f:7a:d7:55:c3:
                    50:35:d3:13:44:83:9b:aa:10:41:c3:0b:d8:0c:5f:
                    6a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:30:0A:C4:B1:21:43:02:9B:3F:EE:8D:15:38:98:4C:09:24:5E:E6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b00bc71c-3be6-4518-afcf-bc7faa0b4931.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.199.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7f:cd:1a:5a:99:af:fc:2d:51:f1:e8:48:a2:22:42:40:42:8b:
         7d:5c:68:a0:e8:63:40:b4:c4:78:25:1c:64:af:bf:00:a8:ff:
         ac:72:41:57:8f:d5:21:f2:82:ff:df:13:51:2e:31:af:c8:86:
         af:a9:cd:cd:fe:ef:61:16:64:17:e1:00:78:fb:40:a0:60:ae:
         51:bb:5e:0f:22:3d:51:57:f0:c7:b1:c6:8b:40:0d:87:9d:cf:
         83:cc:27:6a:89:cb:dd:c1:7d:98:29:4e:3d:e1:37:4e:02:e8:
         ed:af:23:c9:e1:24:80:dc:11:48:79:ed:90:26:65:a6:59:3b:
         19:55:f1:b0:05:fe:65:b4:b7:ab:62:5d:22:49:cc:c7:d1:fd:
         0c:f3:12:92:86:77:97:6b:2c:18:f1:c9:10:eb:53:99:51:27:
         b2:eb:34:8c:97:41:b1:c8:9c:40:b2:6f:29:79:b6:f5:cf:1b:
         88:9e:a9:64:aa:cc:f1:32:ca:01:78:44:4f:31:5f:0f:76:28:
         46:e3:a3:c9:d9:cc:b6:2c:da:de:c5:19:aa:59:fc:7c:c5:33:
         3b:37:6d:89:87:9d:5d:b3:94:60:4c:5c:df:97:af:f9:a7:0b:
         03:d1:d0:d8:ae:c4:a1:aa:da:db:3e:3f:ff:ff:55:a8:a7:15:
         d0:1c:26:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUciBpxbSmzL/NyXR7ysmyznrYpQQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTExMDAwMDAwWhcNMjUwMjE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjc5YTRiZTUwZTUxZGU5MzUxN2NkNTgxM2EwOGZiZmM4
MTFiMmI2ZjBhYTMxODUzYzkwMGU3ZGI1OTExMmUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgIr08UZPEWA+KhzNzZg52BGLy6KmnPVs9vD825sxv83hA
kg6mKVPy5Gq+Z3ClWkQdZllSYr7jsU6fp7FhxppKcFinarsPZ8+DoC/gfqR+EFSL
PmPKZxTnfARqhQG13X4kLmS5GoCrgPgWrKYlc3a1pMzCnceQ8mVj5wwo4gIsFpcX
vhkWy0EQs2iy/zHFvM2TQGeiT4b/3Ecz8kjWMedc+pzgvCnZz6IFObLotY02FFdk
k0CukDoM0Fp6AIkYYwMHauVVd7jSU9s59OO2usK4eDddl1/UUKZw64jx/nIceLOn
JAkYPfZWCzNvetdVw1A10xNEg5uqEEHDC9gMX2p1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzTAKxLEhQwKbP+6NFTiYTAkkXuYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IwMGJjNzFjLTNiZTYtNDUxOC1hZmNmLWJjN2ZhYTBiNDkzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQxzANBgkqhkiG9w0BAQsFAAOCAQEAf80aWpmv/C1R8ehIoiJCQEKLfVxo
oOhjQLTEeCUcZK+/AKj/rHJBV4/VIfKC/98TUS4xr8iGr6nNzf7vYRZkF+EAePtA
oGCuUbteDyI9UVfwx7HGi0ANh53Pg8wnaonL3cF9mClOPeE3TgLo7a8jyeEkgNwR
SHntkCZlplk7GVXxsAX+ZbS3q2JdIknMx9H9DPMSkoZ3l2ssGPHJEOtTmVEnsus0
jJdBscicQLJvKXm29c8biJ6pZKrM8TLKAXhETzFfD3YoRuOjydnMtiza3sUZqln8
fMUzOzdtiYedXbOUYExc35ev+acLA9HQ2K7Eoara2z4///9VqKcV0BwmKw==
-----END CERTIFICATE-----