Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be9533f8-52be-4457-b651-62b580c3c24d.roa
File:                     be9533f8-52be-4457-b651-62b580c3c24d.roa (raw, json)
Hash identifier:          jgabP8EGoO4AAa2rwh95+upRa/JLYaOQbR8CzQhnFU4=
Subject key identifier:   FD:FC:40:1D:48:25:AE:2C:41:0C:0A:02:91:CE:83:61:B2:5D:93:44
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7AD1C23EFF50E39E3E32AEEB3D118D24B11B0E45
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be9533f8-52be-4457-b651-62b580c3c24d.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.93.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:d1:c2:3e:ff:50:e3:9e:3e:32:ae:eb:3d:11:8d:24:b1:1b:0e:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=97916d76fcaef17e677db33d239e0dbf546a23a8a74caaec193ba2d0aab34f4f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6a:83:81:85:99:a4:d7:2d:e1:35:de:bb:23:
                    04:3a:73:d5:ed:0f:53:49:86:c8:24:44:e8:c3:f0:
                    48:36:10:d5:75:87:89:09:48:60:7d:b2:74:fc:4c:
                    0c:22:f3:77:df:2f:4a:ee:e8:25:dd:aa:b7:08:8d:
                    10:42:c7:6f:e2:36:9f:11:2d:64:c7:46:37:de:a1:
                    7d:3b:34:19:2d:4d:16:51:41:2d:c4:a8:47:15:da:
                    de:d0:b0:d0:c8:9c:0b:95:1f:f5:1e:80:94:4b:1c:
                    94:f6:11:32:d5:c0:b1:7b:0b:ae:85:c1:a8:2f:78:
                    b6:66:89:fa:76:1e:5c:9e:ac:de:64:86:c0:a5:a6:
                    16:a5:9a:f5:12:67:50:4b:37:b6:0f:c2:99:02:cd:
                    83:e4:42:7b:46:5f:28:3c:a9:9e:c8:64:21:9e:30:
                    33:3b:20:65:e4:bc:0a:bb:ce:ba:53:58:3a:99:82:
                    4a:a2:89:96:7e:ba:9b:ac:85:9c:5e:f1:4d:6b:8c:
                    bb:2a:c2:b2:5d:b7:b8:d5:82:f9:99:1d:c3:28:b3:
                    55:13:cd:9b:63:ee:20:08:8f:e1:96:3b:17:a9:be:
                    20:dc:71:fa:f9:68:94:70:c2:da:46:a7:63:a7:5e:
                    59:44:32:5c:c2:21:4f:fc:b9:26:40:62:8e:20:4c:
                    74:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FC:40:1D:48:25:AE:2C:41:0C:0A:02:91:CE:83:61:B2:5D:93:44
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/be9533f8-52be-4457-b651-62b580c3c24d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.93.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9b:c3:69:2c:a0:08:54:86:12:6e:1b:81:53:9a:2b:26:f9:0e:
         89:79:a2:be:b7:48:30:92:63:f5:19:d8:f4:c5:3c:e2:7e:50:
         24:14:0c:d1:99:85:c0:97:e9:6b:dc:29:5e:f3:c6:24:11:c5:
         16:6e:c8:24:09:e7:93:45:cd:78:0c:89:4a:2f:57:56:ad:3d:
         85:f6:21:b9:43:72:ed:b9:ce:82:cf:b1:6f:72:66:2b:5f:97:
         47:53:ce:bc:ba:71:fe:11:8c:9d:b7:83:c2:3b:0c:a7:c8:51:
         f4:47:12:2b:64:4c:19:31:2a:c5:03:02:7f:b3:bd:c1:a3:19:
         93:26:ef:a5:45:92:88:69:42:53:22:8e:e5:cc:0a:91:a0:65:
         16:32:86:68:1a:d4:08:a8:30:8e:b9:c0:0c:0f:6b:e9:9c:a8:
         d9:8b:0b:16:85:b5:be:91:17:e7:0c:a3:5e:a4:9a:aa:47:cf:
         e6:f9:ad:a1:9e:16:bb:bb:af:af:d5:82:f2:44:63:0a:cc:7a:
         04:7b:d3:a1:c6:1c:78:20:31:a9:d2:21:98:d5:9b:01:ec:54:
         0d:58:fc:64:34:34:cf:0b:94:bb:84:4a:81:b8:bc:fb:ac:1b:
         bd:cf:4f:14:35:be:00:dd:a9:f0:ec:81:5c:27:75:1b:8c:2e:
         8c:a2:7c:cc
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUetHCPv9Q454+Mq7rPRGNJLEbDkUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzkxNmQ3NmZjYWVmMTdlNjc3ZGIzM2QyMzllMGRiZjU0
NmEyM2E4YTc0Y2FhZWMxOTNiYTJkMGFhYjM0ZjRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7aoOBhZmk1y3hNd67IwQ6c9XtD1NJhsgkROjD8Eg2ENV1
h4kJSGB9snT8TAwi83ffL0ru6CXdqrcIjRBCx2/iNp8RLWTHRjfeoX07NBktTRZR
QS3EqEcV2t7QsNDInAuVH/UegJRLHJT2ETLVwLF7C66FwagveLZmifp2HlyerN5k
hsClphalmvUSZ1BLN7YPwpkCzYPkQntGXyg8qZ7IZCGeMDM7IGXkvAq7zrpTWDqZ
gkqiiZZ+upushZxe8U1rjLsqwrJdt7jVgvmZHcMos1UTzZtj7iAIj+GWOxepviDc
cfr5aJRwwtpGp2OnXllEMlzCIU/8uSZAYo4gTHSbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/fxAHUglrixBDAoCkc6DYbJdk0QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlOTUzM2Y4LTUyYmUtNDQ1Ny1iNjUxLTYyYjU4MGMzYzI0ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQXTANBgkqhkiG9w0BAQsFAAOCAQEAm8NpLKAIVIYSbhuBU5orJvkOiXmi
vrdIMJJj9RnY9MU84n5QJBQM0ZmFwJfpa9wpXvPGJBHFFm7IJAnnk0XNeAyJSi9X
Vq09hfYhuUNy7bnOgs+xb3JmK1+XR1POvLpx/hGMnbeDwjsMp8hR9EcSK2RMGTEq
xQMCf7O9waMZkybvpUWSiGlCUyKO5cwKkaBlFjKGaBrUCKgwjrnADA9r6Zyo2YsL
FoW1vpEX5wyjXqSaqkfP5vmtoZ4Wu7uvr9WC8kRjCsx6BHvTocYceCAxqdIhmNWb
AexUDVj8ZDQ0zwuUu4RKgbi8+6wbvc9PFDW+AN2p8OyBXCd1G4wujKJ8zA==
-----END CERTIFICATE-----