Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de66d5d6-3d09-45f3-b516-d511dc4942ac.roa
File:                     de66d5d6-3d09-45f3-b516-d511dc4942ac.roa (raw, json)
Hash identifier:          93XAxj8lk9jR5xQXDMP1cM8LW/XtJT7ZXAZpdRN0aUw=
Subject key identifier:   B1:F9:6B:3B:C4:B6:DC:C8:F1:54:60:AF:35:62:02:74:AD:06:F0:9B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C9C359DFB29EC09AF7F6CC69B3A1DFB401D7244
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de66d5d6-3d09-45f3-b516-d511dc4942ac.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.144.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:9c:35:9d:fb:29:ec:09:af:7f:6c:c6:9b:3a:1d:fb:40:1d:72:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=ca3593a134927ca15eb49ae1d56f8ab03986f1d8cc7b6a6ede20452a802a8f6d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ef:f0:2c:57:fe:11:d1:8b:bd:e2:ba:33:de:
                    da:23:2f:7f:26:3e:91:f7:27:d7:93:4c:d0:11:61:
                    78:94:64:3d:6f:02:34:94:b5:0c:87:5e:01:12:68:
                    60:a1:98:73:e0:7e:5d:5d:02:f9:fa:00:c5:4c:01:
                    6c:3e:9f:b5:e9:1d:f9:01:9c:eb:bb:1f:00:56:6d:
                    2e:08:10:e3:4c:17:a8:43:6d:0a:9c:cc:e9:5e:0c:
                    12:1c:6c:6f:b5:3d:a1:ee:03:a4:6d:26:fa:6c:e6:
                    93:00:db:22:09:d0:7b:45:1a:6d:57:ed:e4:d7:4b:
                    8d:60:8c:86:e3:fe:53:86:0a:22:35:7f:68:7c:c7:
                    6a:e6:90:a9:f8:e5:0d:ce:6d:09:83:ff:9b:88:97:
                    47:35:7d:ca:1f:29:ec:48:b4:a3:14:37:3f:be:42:
                    df:a1:79:d1:39:19:3b:15:65:b0:ff:97:fa:5b:66:
                    c2:1c:91:5f:d2:a7:7b:dc:06:ad:49:06:60:11:d1:
                    c6:de:12:8d:ee:67:0f:3e:30:7d:44:59:91:d8:b6:
                    09:e5:26:a2:d6:85:58:be:ef:04:e6:37:ff:c9:20:
                    f2:c5:8e:9d:80:5b:31:c0:db:45:d8:0b:0d:02:77:
                    8e:ae:7f:c9:27:f4:b2:4e:5c:36:4a:74:f4:6e:be:
                    f7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:F9:6B:3B:C4:B6:DC:C8:F1:54:60:AF:35:62:02:74:AD:06:F0:9B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de66d5d6-3d09-45f3-b516-d511dc4942ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.144.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:a5:9d:fe:fa:a9:5b:18:c7:c6:a5:c3:18:d1:be:bb:74:17:
         b2:1a:95:6f:78:d2:0a:96:08:26:11:fc:3d:82:da:98:d3:91:
         5e:78:e9:37:33:95:05:ee:17:af:78:47:70:a2:3a:7d:97:ca:
         d1:f5:10:73:5f:78:54:89:6a:df:17:9b:2b:6b:fa:09:5d:47:
         13:b3:c5:e9:5a:67:e6:47:b9:f6:8a:31:8e:6e:d4:2b:fe:bc:
         92:90:92:bc:a6:fb:de:37:18:26:8d:77:ef:e3:c3:d6:be:9f:
         43:23:27:80:ad:f3:23:f4:87:3b:5b:e8:fb:64:f0:50:ff:32:
         e7:30:af:81:17:c0:d7:0a:92:b5:9f:64:2c:19:6a:95:85:ba:
         ce:25:7f:0f:88:f3:53:15:30:f2:4c:ab:a7:de:dd:0c:fb:0a:
         23:90:d4:94:c3:b3:d7:a0:1c:35:02:f4:c6:8f:ef:36:c8:ba:
         1d:87:5f:f3:f5:2e:1d:00:6a:d7:ad:c7:69:54:8b:5e:fc:bd:
         8a:ce:df:20:aa:b5:09:c0:13:71:0e:55:10:aa:1f:e3:c0:1a:
         a2:ed:da:4c:ee:da:eb:2d:2f:ed:e2:51:39:2f:28:bf:10:18:
         cd:65:84:70:20:1c:3a:1c:e4:88:16:1d:29:1d:c0:b5:83:c9:
         00:0e:aa:b0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPJw1nfsp7Amvf2zGmzod+0AdckQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYTM1OTNhMTM0OTI3Y2ExNWViNDlhZTFkNTZmOGFiMDM5
ODZmMWQ4Y2M3YjZhNmVkZTIwNDUyYTgwMmE4ZjZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDN7/AsV/4R0Yu94roz3tojL38mPpH3J9eTTNARYXiUZD1v
AjSUtQyHXgESaGChmHPgfl1dAvn6AMVMAWw+n7XpHfkBnOu7HwBWbS4IEONMF6hD
bQqczOleDBIcbG+1PaHuA6RtJvps5pMA2yIJ0HtFGm1X7eTXS41gjIbj/lOGCiI1
f2h8x2rmkKn45Q3ObQmD/5uIl0c1fcofKexItKMUNz++Qt+hedE5GTsVZbD/l/pb
ZsIckV/Sp3vcBq1JBmAR0cbeEo3uZw8+MH1EWZHYtgnlJqLWhVi+7wTmN//JIPLF
jp2AWzHA20XYCw0Cd46uf8kn9LJOXDZKdPRuvvfDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsflrO8S23MjxVGCvNWICdK0G8JswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlNjZkNWQ2LTNkMDktNDVmMy1iNTE2LWQ1MTFkYzQ5NDJhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQkDANBgkqhkiG9w0BAQsFAAOCAQEAPKWd/vqpWxjHxqXDGNG+u3QXshqV
b3jSCpYIJhH8PYLamNORXnjpNzOVBe4Xr3hHcKI6fZfK0fUQc194VIlq3xebK2v6
CV1HE7PF6Vpn5ke59ooxjm7UK/68kpCSvKb73jcYJo137+PD1r6fQyMngK3zI/SH
O1vo+2TwUP8y5zCvgRfA1wqStZ9kLBlqlYW6ziV/D4jzUxUw8kyrp97dDPsKI5DU
lMOz16AcNQL0xo/vNsi6HYdf8/UuHQBq163HaVSLXvy9is7fIKq1CcATcQ5VEKof
48Aaou3aTO7a6y0v7eJROS8ovxAYzWWEcCAcOhzkiBYdKR3AtYPJAA6qsA==
-----END CERTIFICATE-----