Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb1a2cca-1a9e-4883-b656-f0d368f3d12d.roa
File:                     cb1a2cca-1a9e-4883-b656-f0d368f3d12d.roa (raw, json)
Hash identifier:          l5ERnmAyGrJuloLh1envhxsL50jbfpVefNCcrnziWBE=
Subject key identifier:   B0:6D:99:3A:04:7D:E7:47:4B:B6:04:FD:F2:8C:E9:2C:D3:16:24:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47B967096AE6C04EBD09C6435674D8CDD55EDDAB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb1a2cca-1a9e-4883-b656-f0d368f3d12d.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.56.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:b9:67:09:6a:e6:c0:4e:bd:09:c6:43:56:74:d8:cd:d5:5e:dd:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: serialNumber=283b990e84fca1ce8803439386cd0a206680765c601565fc803f506c1b39f1f0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:6a:aa:33:84:f4:16:4e:43:cd:d9:f0:ce:fa:
                    6b:87:d9:5c:bc:b9:a8:95:42:fc:59:10:41:d9:d2:
                    e6:97:7f:99:90:74:10:8c:10:ba:f0:97:6e:7c:66:
                    5e:1d:41:fd:c0:70:67:d4:95:f1:54:b5:b3:c1:2c:
                    35:ad:39:9f:85:bc:48:f9:68:9b:ba:a4:77:d7:72:
                    e5:2d:57:29:7c:5a:ff:79:00:36:09:c6:2d:ce:90:
                    d2:be:06:f1:74:df:d9:a0:72:d8:78:3f:5c:09:43:
                    64:ac:00:ee:e6:8e:25:b3:5e:d9:25:14:dd:b2:dd:
                    64:f3:f1:0f:66:1d:3e:ee:7f:65:87:af:02:41:40:
                    85:70:c2:85:b2:1d:82:ac:c6:6f:7d:38:b4:a4:8b:
                    c3:ae:d8:5d:67:82:c8:59:31:58:8d:ca:e7:40:de:
                    41:c9:83:3a:c5:35:62:ae:ef:35:ee:ce:b3:df:41:
                    bf:bf:fd:3c:6e:ff:75:54:4d:88:9b:a5:aa:0a:4a:
                    24:00:23:73:cc:64:ce:fd:1a:63:b0:58:ab:db:08:
                    36:0c:1d:bf:6e:cc:f5:0e:2d:83:f3:82:d5:a4:64:
                    f7:20:30:61:d7:71:fc:5d:6a:c4:be:9f:78:29:01:
                    ee:c1:7a:12:48:9a:42:4d:4a:18:40:74:ac:32:32:
                    7e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:6D:99:3A:04:7D:E7:47:4B:B6:04:FD:F2:8C:E9:2C:D3:16:24:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cb1a2cca-1a9e-4883-b656-f0d368f3d12d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.56.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5e:5b:21:26:16:4e:97:df:19:9b:f1:31:25:ab:40:55:9b:b4:
         b5:3b:a0:f1:a3:f8:78:91:9b:44:ab:e5:23:b5:0a:e9:d9:c2:
         8a:6a:c3:dc:06:73:05:1f:39:19:5e:57:4a:41:16:f7:2b:c8:
         a0:d6:72:73:79:28:63:a7:31:b0:d8:05:7c:1d:2b:ae:9b:af:
         e4:bc:e7:65:99:00:e3:a3:91:57:fa:62:51:2a:61:bc:64:c5:
         9c:03:da:83:d4:c7:72:a5:7d:a5:bb:82:38:fb:6a:f4:85:c6:
         0f:88:7b:d9:75:86:19:79:05:2c:9d:09:12:b6:67:2b:76:0f:
         dd:b3:3c:d3:46:2a:30:40:28:54:3f:0b:32:39:79:e2:1e:18:
         1f:92:99:36:c4:42:06:73:26:bf:60:c4:5c:b9:ad:ea:c8:94:
         50:d8:1a:ec:75:a7:16:2e:8e:94:80:f7:02:dc:de:2c:e7:41:
         54:de:56:df:27:ed:6d:fc:bf:20:24:31:63:4f:15:de:29:b8:
         80:e8:6e:c3:de:50:7b:a7:53:d4:15:bc:3e:5c:7c:f3:7f:fa:
         68:20:6a:cb:96:7f:0f:c6:e0:e8:dd:02:9d:e8:9a:aa:c1:ba:
         f8:e6:51:30:eb:e6:a3:e2:e5:c5:ea:0a:9f:c2:81:02:72:18:
         72:33:2b:97
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR7lnCWrmwE69CcZDVnTYzdVe3aswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyODNiOTkwZTg0ZmNhMWNlODgwMzQzOTM4NmNkMGEyMDY2
ODA3NjVjNjAxNTY1ZmM4MDNmNTA2YzFiMzlmMWYwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1aqozhPQWTkPN2fDO+muH2Vy8uaiVQvxZEEHZ0uaXf5mQ
dBCMELrwl258Zl4dQf3AcGfUlfFUtbPBLDWtOZ+FvEj5aJu6pHfXcuUtVyl8Wv95
ADYJxi3OkNK+BvF039mgcth4P1wJQ2SsAO7mjiWzXtklFN2y3WTz8Q9mHT7uf2WH
rwJBQIVwwoWyHYKsxm99OLSki8Ou2F1ngshZMViNyudA3kHJgzrFNWKu7zXuzrPf
Qb+//Txu/3VUTYibpaoKSiQAI3PMZM79GmOwWKvbCDYMHb9uzPUOLYPzgtWkZPcg
MGHXcfxdasS+n3gpAe7BehJImkJNShhAdKwyMn61AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsG2ZOgR950dLtgT98ozpLNMWJEYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiMWEyY2NhLTFhOWUtNDg4My1iNjU2LWYwZDM2OGYzZDEyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYQOAAwDQYJKoZIhvcNAQELBQADggEBAF5bISYWTpffGZvxMSWrQFWbtLU7
oPGj+HiRm0Sr5SO1CunZwopqw9wGcwUfORleV0pBFvcryKDWcnN5KGOnMbDYBXwd
K66br+S852WZAOOjkVf6YlEqYbxkxZwD2oPUx3KlfaW7gjj7avSFxg+Ie9l1hhl5
BSydCRK2Zyt2D92zPNNGKjBAKFQ/CzI5eeIeGB+SmTbEQgZzJr9gxFy5rerIlFDY
Gux1pxYujpSA9wLc3iznQVTeVt8n7W38vyAkMWNPFd4puIDobsPeUHunU9QVvD5c
fPN/+mggasuWfw/G4OjdAp3omqrBuvjmUTDr5qPi5cXqCp/CgQJyGHIzK5c=
-----END CERTIFICATE-----