Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4d2aef2-5bdc-4ae0-a4f2-294ba3346b0a.roa
File:                     b4d2aef2-5bdc-4ae0-a4f2-294ba3346b0a.roa (raw, json)
Hash identifier:          fTjI9DLRvaemb48IQiNe0vhQJMHtMykuFDa5dBn8r9A=
Subject key identifier:   97:48:6E:A3:FF:8E:51:B3:C0:B3:42:C9:36:9D:AB:D5:B0:C7:0E:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10ADBEE71D009AB77F77C2A734D76064E7A6A7C6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4d2aef2-5bdc-4ae0-a4f2-294ba3346b0a.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.52.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ad:be:e7:1d:00:9a:b7:7f:77:c2:a7:34:d7:60:64:e7:a6:a7:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=3739f841399065c835b23c68bd420ef3a415c41a4878500b7baa293702e2c656, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3e:6e:9b:e4:16:52:61:11:51:ca:79:84:01:
                    48:ba:21:c2:3e:0a:92:98:6e:92:81:67:47:be:9d:
                    1e:3e:a8:6f:67:cb:31:58:c2:ef:56:a7:fb:6e:cc:
                    d4:b3:bf:0d:f3:66:d0:87:54:78:06:fc:5d:34:a1:
                    c2:44:fa:a7:bd:a4:85:1e:96:d1:7d:b0:54:f6:7c:
                    62:7a:e9:13:71:de:e1:84:63:bd:25:dd:ed:60:c8:
                    50:cf:1c:4f:d5:fb:95:21:66:99:98:45:67:90:58:
                    31:94:9d:de:ee:b1:55:29:11:d0:d1:a4:b9:f4:8c:
                    51:76:30:97:05:c6:aa:63:fa:61:09:b9:f5:02:d9:
                    9e:71:f4:59:5a:47:57:a7:19:10:0a:61:31:1c:42:
                    18:3f:44:a8:3f:74:12:dd:d0:1d:03:d3:c5:ee:c3:
                    0b:c5:21:d1:68:56:d8:27:4f:b5:90:90:10:e5:ee:
                    f8:78:e4:b8:1c:33:7c:d9:6b:bf:49:d2:5c:03:8e:
                    58:5d:a4:dc:08:f1:56:a2:fa:83:a3:34:ae:92:2e:
                    be:9c:28:9a:6a:6a:aa:18:fd:57:89:e4:b6:a6:7b:
                    86:ec:69:17:3f:c3:5a:c8:77:e2:9a:b1:80:08:99:
                    33:b8:9e:22:c5:23:6f:9c:b6:7f:83:70:05:b1:0e:
                    a1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:48:6E:A3:FF:8E:51:B3:C0:B3:42:C9:36:9D:AB:D5:B0:C7:0E:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b4d2aef2-5bdc-4ae0-a4f2-294ba3346b0a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.52.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:58:d6:ea:77:fe:9e:4b:65:93:b4:99:81:24:83:df:03:c1:
         e0:ea:ae:7c:7e:11:f9:4e:b0:23:bf:38:c5:e6:99:8b:a9:80:
         0e:7d:74:49:4a:bd:6a:19:ed:02:8c:94:4e:a3:f7:18:ae:27:
         61:1d:17:c2:64:4d:46:a2:50:4d:30:3b:47:e0:6d:8b:a8:0c:
         40:f3:a1:e0:3f:39:e3:76:79:0c:57:ab:0e:7a:36:cc:ae:5d:
         d5:ce:e1:05:a3:e9:2d:17:5b:cb:c5:ed:2e:50:12:a6:fd:37:
         ba:1e:56:f3:45:34:ac:95:a1:6f:49:3f:0d:8a:5a:98:a3:28:
         5b:d3:93:42:0c:23:b8:e9:51:1b:7f:6f:48:83:cb:9a:a1:86:
         81:59:f0:cd:82:00:d7:ec:e2:6a:1f:fd:a9:9f:35:e8:a4:c7:
         7e:e4:8d:83:26:0c:70:b8:0d:0c:7b:b8:e2:96:41:bd:d4:cc:
         14:bd:11:57:9d:cc:f8:d5:25:ae:58:5d:ee:1d:92:aa:90:68:
         ea:3c:ac:b2:f9:22:0f:b8:be:36:cf:32:10:55:98:32:bb:db:
         11:3f:c7:ba:7b:ef:99:5a:3a:9d:e0:f5:91:5c:d3:a2:e9:19:
         70:a9:04:b2:7d:0c:96:9f:4b:aa:07:24:fb:24:20:25:2a:97:
         e4:57:ba:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEK2+5x0Amrd/d8KnNNdgZOemp8YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzM5Zjg0MTM5OTA2NWM4MzViMjNjNjhiZDQyMGVmM2E0
MTVjNDFhNDg3ODUwMGI3YmFhMjkzNzAyZTJjNjU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcPm6b5BZSYRFRynmEAUi6IcI+CpKYbpKBZ0e+nR4+qG9n
yzFYwu9Wp/tuzNSzvw3zZtCHVHgG/F00ocJE+qe9pIUeltF9sFT2fGJ66RNx3uGE
Y70l3e1gyFDPHE/V+5UhZpmYRWeQWDGUnd7usVUpEdDRpLn0jFF2MJcFxqpj+mEJ
ufUC2Z5x9FlaR1enGRAKYTEcQhg/RKg/dBLd0B0D08XuwwvFIdFoVtgnT7WQkBDl
7vh45LgcM3zZa79J0lwDjlhdpNwI8Vai+oOjNK6SLr6cKJpqaqoY/VeJ5Lame4bs
aRc/w1rId+KasYAImTO4niLFI2+ctn+DcAWxDqFhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUl0huo/+OUbPAs0LJNp2r1bDHDn4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I0ZDJhZWYyLTViZGMtNGFlMC1hNGYyLTI5NGJhMzM0NmIwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQNDANBgkqhkiG9w0BAQsFAAOCAQEAo1jW6nf+nktlk7SZgSSD3wPB4Oqu
fH4R+U6wI784xeaZi6mADn10SUq9ahntAoyUTqP3GK4nYR0XwmRNRqJQTTA7R+Bt
i6gMQPOh4D8543Z5DFerDno2zK5d1c7hBaPpLRdby8XtLlASpv03uh5W80U0rJWh
b0k/DYpamKMoW9OTQgwjuOlRG39vSIPLmqGGgVnwzYIA1+ziah/9qZ816KTHfuSN
gyYMcLgNDHu44pZBvdTMFL0RV53M+NUlrlhd7h2SqpBo6jyssvkiD7i+Ns8yEFWY
MrvbET/HunvvmVo6neD1kVzToukZcKkEsn0Mlp9Lqgck+yQgJSqX5Fe6Lw==
-----END CERTIFICATE-----