Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd5be52a-f3b1-4656-9436-d20a6bb64562.roa
File:                     cd5be52a-f3b1-4656-9436-d20a6bb64562.roa (raw, json)
Hash identifier:          d3+IMMfR+HxDLMHjzY/MHMRYoLgBCBkmajOm/EzyqoE=
Subject key identifier:   42:29:A7:28:09:01:F1:74:D9:F7:40:F6:C2:37:D8:EC:37:B5:0B:0F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0FE146EED4FD9B3A6ACE7CC3B5382DB29EC235E0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd5be52a-f3b1-4656-9436-d20a6bb64562.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.21.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:e1:46:ee:d4:fd:9b:3a:6a:ce:7c:c3:b5:38:2d:b2:9e:c2:35:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=ec6fa34e1917a60397d0947732612273715b36969856b8a8bfa9373bf2adaeab, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:60:66:3c:55:da:91:a8:40:92:2e:a5:38:74:
                    1b:05:61:c8:60:90:7b:52:9f:d5:c2:fe:13:10:da:
                    44:6d:cf:7a:bb:ef:fa:b0:c0:dc:73:44:16:a7:c9:
                    b4:93:d9:4d:c2:67:bd:50:b6:7c:04:28:84:eb:69:
                    ed:64:1c:4a:54:ee:41:12:af:55:ec:68:f4:3d:c6:
                    98:34:b6:e8:40:49:79:88:3f:b5:09:6f:f5:89:7e:
                    0c:e5:51:dc:ae:35:e3:14:4f:8c:bb:28:3c:8f:19:
                    1c:f1:94:57:1b:1f:d7:49:6e:be:98:04:29:14:9d:
                    9d:0b:d4:fa:de:ed:eb:b0:8a:90:6d:06:98:b9:df:
                    f9:28:01:5a:58:aa:80:44:5f:7d:bd:25:9c:1e:b6:
                    3c:80:00:31:b4:cc:44:45:76:a8:5d:bc:46:d1:b4:
                    bc:3d:60:f4:80:50:1e:0d:e1:2c:24:ef:cc:77:54:
                    8e:4d:3e:a3:86:ea:39:77:a3:e7:99:2d:88:f7:c0:
                    9a:0f:0f:a7:b3:41:44:9f:89:27:24:00:15:28:36:
                    3e:52:d5:f0:d1:27:20:26:bb:87:6c:cd:f9:c8:7d:
                    05:85:a6:06:aa:39:9b:ba:5d:b2:e5:20:81:24:32:
                    b6:54:3c:c0:c2:bb:58:cb:c3:af:c2:03:48:27:cb:
                    56:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:29:A7:28:09:01:F1:74:D9:F7:40:F6:C2:37:D8:EC:37:B5:0B:0F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd5be52a-f3b1-4656-9436-d20a6bb64562.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c5:6c:4b:a7:18:68:e7:0b:b3:67:f8:c2:f4:e6:16:5f:8b:cb:
         f3:a4:7c:00:f5:ee:53:6c:49:a6:2b:33:32:85:90:1e:3d:89:
         c3:94:86:d3:27:72:fa:4c:95:fc:b3:5f:2f:02:85:a3:43:2f:
         87:b4:47:7b:83:20:36:cd:c6:ec:89:2a:ed:18:33:0b:15:fe:
         85:1b:22:66:6d:13:fe:6b:6f:71:3d:8e:07:4b:3f:e1:dd:08:
         6b:23:29:14:3c:cc:56:d6:fb:30:9d:4b:91:05:16:10:25:e5:
         a1:69:a9:c7:46:81:43:ee:e1:3f:56:ae:ba:0d:e2:46:b1:49:
         f4:78:9a:ab:6e:34:7f:c5:8b:26:e4:c2:ec:c8:0a:79:59:95:
         80:37:d8:25:22:33:3f:36:26:6e:6e:33:af:d3:6e:e2:4e:60:
         36:bc:af:f9:1e:3c:ba:86:7e:a8:dd:49:cf:4a:f9:09:1b:a1:
         a6:15:de:a5:66:eb:6b:28:a4:0d:89:7a:76:65:58:6b:e9:f5:
         90:bd:1d:b0:9b:ee:7f:ff:4b:40:23:57:08:c6:ed:99:18:d4:
         ce:f1:b2:6b:3b:c5:aa:bc:6b:f4:e8:9f:3a:30:20:b2:45:e2:
         7b:58:13:2e:16:e2:fa:2e:f2:c3:26:88:07:5d:71:6d:07:41:
         b6:f6:a4:06
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUD+FG7tT9mzpqznzDtTgtsp7CNeAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzZmYTM0ZTE5MTdhNjAzOTdkMDk0NzczMjYxMjI3Mzcx
NWIzNjk2OTg1NmI4YThiZmE5MzczYmYyYWRhZWFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiYGY8VdqRqECSLqU4dBsFYchgkHtSn9XC/hMQ2kRtz3q7
7/qwwNxzRBanybST2U3CZ71QtnwEKITrae1kHEpU7kESr1XsaPQ9xpg0tuhASXmI
P7UJb/WJfgzlUdyuNeMUT4y7KDyPGRzxlFcbH9dJbr6YBCkUnZ0L1Pre7euwipBt
Bpi53/koAVpYqoBEX329JZwetjyAADG0zERFdqhdvEbRtLw9YPSAUB4N4Swk78x3
VI5NPqOG6jl3o+eZLYj3wJoPD6ezQUSfiSckABUoNj5S1fDRJyAmu4dszfnIfQWF
pgaqOZu6XbLlIIEkMrZUPMDCu1jLw6/CA0gny1YZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQimnKAkB8XTZ90D2wjfY7De1Cw8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NkNWJlNTJhLWYzYjEtNDY1Ni05NDM2LWQyMGE2YmI2NDU2Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQFTANBgkqhkiG9w0BAQsFAAOCAQEAxWxLpxho5wuzZ/jC9OYWX4vL86R8
APXuU2xJpiszMoWQHj2Jw5SG0ydy+kyV/LNfLwKFo0Mvh7RHe4MgNs3G7Ikq7Rgz
CxX+hRsiZm0T/mtvcT2OB0s/4d0IayMpFDzMVtb7MJ1LkQUWECXloWmpx0aBQ+7h
P1auug3iRrFJ9Hiaq240f8WLJuTC7MgKeVmVgDfYJSIzPzYmbm4zr9Nu4k5gNryv
+R48uoZ+qN1Jz0r5CRuhphXepWbrayikDYl6dmVYa+n1kL0dsJvuf/9LQCNXCMbt
mRjUzvGyazvFqrxr9OifOjAgskXie1gTLhbi+i7ywyaIB11xbQdBtvakBg==
-----END CERTIFICATE-----