Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d897b52f-d7be-4c28-b9e2-2e11a336c5b7.roa
File:                     d897b52f-d7be-4c28-b9e2-2e11a336c5b7.roa (raw, json)
Hash identifier:          WvQsQFMkmreiCp7k3GGyJWDODVybbSmQszIuZkTiWeI=
Subject key identifier:   EE:A1:D7:B8:80:DB:61:B3:95:97:EC:C2:3F:F2:40:BC:36:04:7D:FA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1915C11288A1AD045EE83962B903C17701C3F335
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d897b52f-d7be-4c28-b9e2-2e11a336c5b7.roa
Signing time:             Sat 28 Dec 2024 00:00:00 +0000
ROA not before:           Sat 28 Dec 2024 00:00:00 +0000
ROA not after:            Sat 01 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.95.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:15:c1:12:88:a1:ad:04:5e:e8:39:62:b9:03:c1:77:01:c3:f3:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 28 00:00:00 2024 GMT
            Not After : Feb  1 23:59:59 2025 GMT
        Subject: serialNumber=5710a2f4dc6c226ace3358abbe19e3082b07e8fbb4b85f8ed0aa08ab49f4101f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ff:2f:46:25:a2:87:1f:51:b8:b6:80:af:6f:
                    48:70:b0:30:ed:fd:1e:57:b4:36:59:42:4b:8f:d2:
                    75:a6:d4:43:3a:f0:53:7b:a9:ac:1c:72:d5:09:29:
                    a3:c3:98:72:73:49:c9:b9:6d:52:fb:bb:41:7b:8a:
                    1f:3d:81:2f:5f:f9:09:e1:e0:b4:83:93:44:08:ef:
                    ce:5c:5c:dd:fa:b7:c8:8b:f0:39:80:04:ff:28:5e:
                    93:64:cc:b0:f5:df:65:cc:c3:b9:a9:e6:b1:fe:08:
                    3b:7d:9c:a4:3d:07:a5:7a:5a:dc:64:af:51:12:c7:
                    b4:f9:32:f7:e5:de:e6:18:f9:da:40:56:77:7b:a2:
                    69:d5:a5:bd:a7:51:95:19:5c:f4:ab:ef:35:d9:26:
                    37:e8:a8:18:96:fe:fb:a7:3b:67:27:da:d3:fe:e1:
                    2f:24:b3:68:6c:18:5b:21:f7:8d:57:7b:f7:2f:c4:
                    64:0d:de:91:b6:08:37:dc:a0:46:33:cb:ef:5b:d8:
                    53:42:d9:fd:ff:61:c1:0d:c2:c1:7b:ac:ed:e5:0b:
                    d9:b3:e4:56:e6:bf:15:1f:b3:4e:29:e7:3b:73:89:
                    0a:0c:6a:0b:22:67:04:35:7e:2f:32:38:ba:36:cc:
                    06:a3:d5:3c:31:16:84:8f:88:c4:f1:da:12:da:71:
                    99:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A1:D7:B8:80:DB:61:B3:95:97:EC:C2:3F:F2:40:BC:36:04:7D:FA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d897b52f-d7be-4c28-b9e2-2e11a336c5b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.95.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d6:27:56:39:d0:87:48:bd:af:ac:bf:96:20:7b:a9:a3:bb:59:
         71:e4:3b:33:5d:e0:f0:7e:77:79:16:96:10:1e:20:5c:a0:6c:
         77:18:c1:ea:9d:92:c5:25:7e:0d:c3:dd:a3:c3:8c:65:01:23:
         72:77:d1:c8:f5:4f:97:c7:08:79:10:68:a5:66:1d:75:8e:ac:
         0b:77:bf:c7:bb:da:7d:24:f8:b6:fc:dd:9c:fb:9d:e8:69:56:
         91:1b:ff:bb:91:ee:72:0d:1f:a9:e6:21:43:6a:c7:b2:de:81:
         36:c4:9a:35:ed:d3:a0:10:8b:da:63:52:ec:fd:5b:57:6a:a3:
         17:cf:ed:d9:37:64:34:5c:57:42:35:3d:78:57:e0:62:04:d0:
         6b:5a:27:e6:ca:e2:a7:19:11:c2:f9:25:4b:d9:de:9b:8d:33:
         8e:26:34:be:6f:25:a7:10:6d:10:2f:52:01:7c:d1:73:ee:53:
         83:b6:24:aa:81:bf:64:72:f4:48:84:6c:99:7a:82:ef:e8:1b:
         b6:6b:11:2b:40:93:18:13:a9:50:ef:83:f7:b8:3b:5a:dc:9e:
         26:b5:26:61:6d:0b:b8:87:d7:c2:a6:6e:e7:65:b4:6c:d0:96:
         3b:84:58:2b:4a:a7:77:a4:b4:8b:46:a9:eb:44:d4:12:5f:3d:
         73:67:67:1e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUGRXBEoihrQRe6DliuQPBdwHD8zUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI4MDAwMDAwWhcNMjUwMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzEwYTJmNGRjNmMyMjZhY2UzMzU4YWJiZTE5ZTMwODJi
MDdlOGZiYjRiODVmOGVkMGFhMDhhYjQ5ZjQxMDFmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDO/y9GJaKHH1G4toCvb0hwsDDt/R5XtDZZQkuP0nWm1EM6
8FN7qawcctUJKaPDmHJzScm5bVL7u0F7ih89gS9f+Qnh4LSDk0QI785cXN36t8iL
8DmABP8oXpNkzLD132XMw7mp5rH+CDt9nKQ9B6V6Wtxkr1ESx7T5Mvfl3uYY+dpA
Vnd7omnVpb2nUZUZXPSr7zXZJjfoqBiW/vunO2cn2tP+4S8ks2hsGFsh941Xe/cv
xGQN3pG2CDfcoEYzy+9b2FNC2f3/YcENwsF7rO3lC9mz5FbmvxUfs04p5ztziQoM
agsiZwQ1fi8yOLo2zAaj1TwxFoSPiMTx2hLacZkPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7qHXuIDbYbOVl+zCP/JAvDYEffowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4OTdiNTJmLWQ3YmUtNGMyOC1iOWUyLTJlMTFhMzM2YzViNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQXzANBgkqhkiG9w0BAQsFAAOCAQEA1idWOdCHSL2vrL+WIHupo7tZceQ7
M13g8H53eRaWEB4gXKBsdxjB6p2SxSV+DcPdo8OMZQEjcnfRyPVPl8cIeRBopWYd
dY6sC3e/x7vafST4tvzdnPud6GlWkRv/u5Hucg0fqeYhQ2rHst6BNsSaNe3ToBCL
2mNS7P1bV2qjF8/t2TdkNFxXQjU9eFfgYgTQa1on5sripxkRwvklS9nem40zjiY0
vm8lpxBtEC9SAXzRc+5Tg7YkqoG/ZHL0SIRsmXqC7+gbtmsRK0CTGBOpUO+D97g7
WtyeJrUmYW0LuIfXwqZu52W0bNCWO4RYK0qnd6S0i0ap60TUEl89c2dnHg==
-----END CERTIFICATE-----