Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6222d08-a08b-4a83-b980-8ccfe9a7afe3.roa
File:                     b6222d08-a08b-4a83-b980-8ccfe9a7afe3.roa (raw, json)
Hash identifier:          cYNAY61/oKrKMNak9P9Otdzwwm8NbyR0XuH44ODhplI=
Subject key identifier:   59:C1:60:DF:33:68:D9:D5:A4:EA:7C:BC:AC:8A:97:1A:B4:0A:EF:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03490C2606DC93C85D817B182DEEA30EE698A472
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6222d08-a08b-4a83-b980-8ccfe9a7afe3.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.88.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:49:0c:26:06:dc:93:c8:5d:81:7b:18:2d:ee:a3:0e:e6:98:a4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=bb531316b0256b31f56ff999deec2f1a71387e8bf15153bc006ded11791f6b32, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0c:32:c4:99:c6:78:61:26:7d:7c:9d:9a:b9:
                    4c:b3:06:d8:e0:fd:2c:d2:f2:67:de:1f:61:19:b2:
                    98:e9:cf:dc:0f:7c:19:b6:b0:f7:c0:6b:3e:01:ad:
                    8a:43:5a:61:06:5f:d8:32:8b:a6:e7:87:a9:42:d3:
                    24:54:81:84:a8:9c:e2:b7:37:ca:16:68:6b:37:07:
                    2e:54:2f:53:c0:65:be:02:13:70:8d:65:98:5a:b5:
                    7a:3f:52:e4:06:04:c5:99:22:5c:73:53:a4:0e:8a:
                    ad:c2:dc:87:0f:a7:24:91:21:70:39:8b:7c:5e:7b:
                    4e:e2:1f:2f:40:fe:d8:c4:c8:39:b8:bf:a9:cd:42:
                    11:f3:38:07:57:05:bc:30:4f:de:77:cc:8d:b6:5d:
                    0f:ac:c1:c5:17:30:d0:62:fc:7f:6f:ce:09:5e:ba:
                    3d:d1:ec:8e:15:cb:ec:e2:aa:d4:76:f4:d0:f2:80:
                    c5:83:d2:0e:86:98:fd:29:b7:5a:84:ab:ae:87:a9:
                    0e:69:85:5c:c3:31:c8:c3:96:f8:05:bb:07:60:c1:
                    99:45:30:1b:17:5b:cb:d9:59:f5:81:e5:fa:94:75:
                    09:2c:4c:81:d9:cc:5f:52:5b:0b:1c:ed:6f:7d:6b:
                    93:e9:9f:a6:14:92:2f:53:7c:01:97:89:ea:43:6e:
                    64:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C1:60:DF:33:68:D9:D5:A4:EA:7C:BC:AC:8A:97:1A:B4:0A:EF:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b6222d08-a08b-4a83-b980-8ccfe9a7afe3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.88.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         61:a1:e5:4f:35:fa:f2:db:ce:c6:fe:3b:4f:1f:c1:06:7e:f2:
         14:2c:5b:b8:cd:b4:af:3f:96:d3:0e:37:3c:7e:83:50:21:bc:
         ab:d9:25:59:e8:3e:0c:ad:9c:62:f2:32:e1:d6:95:58:22:64:
         be:a6:1d:3a:c4:ae:5a:5d:4b:e6:8a:83:b9:fa:16:de:8a:3a:
         11:c8:6c:21:17:50:2a:34:f8:9c:e0:ea:95:24:52:30:df:1a:
         59:d1:45:02:71:cb:0b:9e:b4:19:a7:16:1a:7e:37:dd:c1:5f:
         8b:9d:23:e6:18:89:20:e3:6c:e5:24:ca:2e:15:e2:38:1d:ba:
         8c:bb:0e:fc:5d:be:d8:c3:3f:9a:b5:9f:f0:24:02:4a:eb:33:
         18:ef:4f:d6:e1:10:a4:b6:ec:71:89:25:74:b5:c4:55:33:bb:
         e6:c8:34:7a:75:c5:de:71:d9:5d:94:c2:be:ac:a0:a6:31:9c:
         6a:ab:cd:f6:c0:a7:66:35:b6:a8:be:7f:1c:02:26:70:dc:50:
         24:45:0d:eb:3d:20:d6:c2:4f:1d:ee:33:72:b0:ba:a1:ac:5d:
         fa:78:90:f2:8c:9f:12:af:df:f5:44:6b:d9:cf:c5:30:6c:90:
         0f:8e:15:7b:4f:13:de:25:84:f9:32:93:d6:0a:9c:db:32:4d:
         9f:f6:8a:3d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUA0kMJgbck8hdgXsYLe6jDuaYpHIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjUzMTMxNmIwMjU2YjMxZjU2ZmY5OTlkZWVjMmYxYTcx
Mzg3ZThiZjE1MTUzYmMwMDZkZWQxMTc5MWY2YjMyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4DDLEmcZ4YSZ9fJ2auUyzBtjg/SzS8mfeH2EZspjpz9wP
fBm2sPfAaz4BrYpDWmEGX9gyi6bnh6lC0yRUgYSonOK3N8oWaGs3By5UL1PAZb4C
E3CNZZhatXo/UuQGBMWZIlxzU6QOiq3C3IcPpySRIXA5i3xee07iHy9A/tjEyDm4
v6nNQhHzOAdXBbwwT953zI22XQ+swcUXMNBi/H9vzgleuj3R7I4Vy+ziqtR29NDy
gMWD0g6GmP0pt1qEq66HqQ5phVzDMcjDlvgFuwdgwZlFMBsXW8vZWfWB5fqUdQks
TIHZzF9SWwsc7W99a5Ppn6YUki9TfAGXiepDbmQDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUWcFg3zNo2dWk6ny8rIqXGrQK74YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2MjIyZDA4LWEwOGItNGE4My1iOTgwLThjY2ZlOWE3YWZlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQWDANBgkqhkiG9w0BAQsFAAOCAQEAYaHlTzX68tvOxv47Tx/BBn7yFCxb
uM20rz+W0w43PH6DUCG8q9klWeg+DK2cYvIy4daVWCJkvqYdOsSuWl1L5oqDufoW
3oo6EchsIRdQKjT4nODqlSRSMN8aWdFFAnHLC560GacWGn433cFfi50j5hiJIONs
5STKLhXiOB26jLsO/F2+2MM/mrWf8CQCSuszGO9P1uEQpLbscYkldLXEVTO75sg0
enXF3nHZXZTCvqygpjGcaqvN9sCnZjW2qL5/HAImcNxQJEUN6z0g1sJPHe4zcrC6
oaxd+niQ8oyfEq/f9URr2c/FMGyQD44Ve08T3iWE+TKT1gqc2zJNn/aKPQ==
-----END CERTIFICATE-----