Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd818d78-5bf5-4ab2-a248-de1006ba6b9d.roa
File:                     cd818d78-5bf5-4ab2-a248-de1006ba6b9d.roa (raw, json)
Hash identifier:          6/OsgDCLwxqum7Q6ytllxtjlXl5ywNhnQqy3Thpf2Qg=
Subject key identifier:   36:BC:55:A5:C7:BA:3B:7A:05:A4:14:38:3E:DE:C3:70:84:78:1B:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       05DBA799ECA4AAFF2E3C1038D81BD0864AC60BA2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd818d78-5bf5-4ab2-a248-de1006ba6b9d.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        16.156.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:db:a7:99:ec:a4:aa:ff:2e:3c:10:38:d8:1b:d0:86:4a:c6:0b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=9e1a5fd776cb2f97c4451e4a300ed4a5bf15f2d54235a74a67198d03b87af79d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1a:2d:ae:6b:0d:81:fe:8d:ed:77:74:2b:cf:
                    76:34:9c:28:68:a6:75:12:7a:13:2f:6c:12:79:80:
                    27:35:cf:2d:2e:0c:f7:4b:d6:65:d4:d8:ff:c9:80:
                    c0:8e:6f:85:b0:9d:af:53:4a:69:64:c4:27:47:ac:
                    08:a4:e5:ea:f8:e5:96:f9:59:06:a8:a0:d1:23:e0:
                    bf:48:90:9e:50:4c:bc:31:79:c7:68:e2:50:b0:32:
                    a7:60:50:5d:00:de:9f:58:c4:e5:9e:29:da:11:f7:
                    83:e1:be:4c:9e:75:be:bb:a7:e6:97:61:fb:4c:a5:
                    ea:72:40:3a:ed:2b:f1:0c:fc:be:82:67:99:60:a8:
                    d0:02:b1:11:86:d7:31:cc:98:4a:69:ab:f2:ee:47:
                    92:de:de:1e:2c:d4:38:1b:5c:84:bc:85:a5:ee:e5:
                    1c:b6:74:d3:2e:09:e0:91:53:db:fe:9e:8d:cd:95:
                    18:f1:62:e2:0a:7d:47:e8:19:31:b8:53:99:0c:df:
                    70:b5:84:e4:74:66:e7:4c:84:45:71:91:49:a9:43:
                    2a:e9:cb:73:40:91:e4:e8:95:c0:cd:0f:e5:9d:9f:
                    12:12:fa:bd:50:65:52:eb:b0:84:2d:42:b1:33:70:
                    20:98:bd:04:5f:be:57:3e:fd:83:3c:dd:4e:55:f3:
                    cc:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:BC:55:A5:C7:BA:3B:7A:05:A4:14:38:3E:DE:C3:70:84:78:1B:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cd818d78-5bf5-4ab2-a248-de1006ba6b9d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.156.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         b6:5d:94:be:42:6b:1c:06:25:6c:6b:fd:00:17:10:09:75:02:
         e8:31:a9:1e:3f:b9:53:9a:c2:dc:63:32:e7:f1:c3:55:d5:88:
         78:38:a8:fe:f5:0f:57:ba:a6:5c:24:d2:db:65:f4:fd:08:c3:
         2e:84:a5:b4:f0:98:1c:b4:bd:db:57:db:4c:c4:83:a6:12:e7:
         73:0b:4e:aa:ec:83:7b:c1:5d:4b:26:44:b7:d6:83:74:e8:59:
         54:2f:27:7a:95:55:bb:50:0e:98:4b:c7:24:c9:e4:20:7c:78:
         5c:a1:97:fb:c2:68:8d:c9:a4:cc:5c:27:40:3a:08:9d:af:c7:
         e9:d3:c0:42:10:0d:3e:ce:21:90:23:a8:c5:fe:36:e0:4b:8a:
         75:5f:69:9b:f1:48:48:7e:2b:97:0b:4b:0d:b4:3b:d6:cb:6d:
         ed:82:58:7d:21:39:88:70:75:2f:04:95:ba:73:1a:cd:f5:39:
         83:80:03:81:d7:78:c0:88:2d:e0:b1:75:34:a7:ff:6e:42:67:
         15:b2:48:ac:c8:73:5d:35:5e:6f:25:23:83:ec:ef:30:1a:47:
         11:8c:cf:ce:57:83:f7:14:a0:26:42:e3:e1:d5:85:a1:23:a9:
         77:e0:7a:eb:b9:1b:7a:18:5c:a7:c4:19:a8:1b:80:97:fc:03:
         51:55:19:be
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBdunmeykqv8uPBA42BvQhkrGC6IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZTFhNWZkNzc2Y2IyZjk3YzQ0NTFlNGEzMDBlZDRhNWJm
MTVmMmQ1NDIzNWE3NGE2NzE5OGQwM2I4N2FmNzlkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0Gi2uaw2B/o3td3Qrz3Y0nChopnUSehMvbBJ5gCc1zy0u
DPdL1mXU2P/JgMCOb4Wwna9TSmlkxCdHrAik5er45Zb5WQaooNEj4L9IkJ5QTLwx
ecdo4lCwMqdgUF0A3p9YxOWeKdoR94Phvkyedb67p+aXYftMpepyQDrtK/EM/L6C
Z5lgqNACsRGG1zHMmEppq/LuR5Le3h4s1DgbXIS8haXu5Ry2dNMuCeCRU9v+no3N
lRjxYuIKfUfoGTG4U5kM33C1hOR0ZudMhEVxkUmpQyrpy3NAkeTolcDND+WdnxIS
+r1QZVLrsIQtQrEzcCCYvQRfvlc+/YM83U5V88yhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNrxVpce6O3oFpBQ4Pt7DcIR4G28wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NkODE4ZDc4LTViZjUtNGFiMi1hMjQ4LWRlMTAwNmJhNmI5ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIQnDANBgkqhkiG9w0BAQsFAAOCAQEAtl2UvkJrHAYlbGv9ABcQCXUC6DGp
Hj+5U5rC3GMy5/HDVdWIeDio/vUPV7qmXCTS22X0/QjDLoSltPCYHLS921fbTMSD
phLncwtOquyDe8FdSyZEt9aDdOhZVC8nepVVu1AOmEvHJMnkIHx4XKGX+8Jojcmk
zFwnQDoIna/H6dPAQhANPs4hkCOoxf424EuKdV9pm/FISH4rlwtLDbQ71stt7YJY
fSE5iHB1LwSVunMazfU5g4ADgdd4wIgt4LF1NKf/bkJnFbJIrMhzXTVebyUjg+zv
MBpHEYzPzleD9xSgJkLj4dWFoSOpd+B667kbehhcp8QZqBuAl/wDUVUZvg==
-----END CERTIFICATE-----