Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/152d632f-831d-46c4-8b97-92ba02d162d1.roa
File:                     152d632f-831d-46c4-8b97-92ba02d162d1.roa (raw, json)
Hash identifier:          R6oGoZga0bYEYODYXzyXHkOcYC+bHpVSTRh26WJUsRg=
Subject key identifier:   3A:2D:D2:5D:B8:2D:7A:CD:62:10:B4:DE:56:98:5B:83:E6:F4:8B:1C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       65BFBF2CF0EAFA019DFD73A3E404CBD7A77CEBF7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/152d632f-831d-46c4-8b97-92ba02d162d1.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.162.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:bf:bf:2c:f0:ea:fa:01:9d:fd:73:a3:e4:04:cb:d7:a7:7c:eb:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=697c3ab02f93ceda8e430e5538f95f239a36211d50b561e70110c110eeaf2f33, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:31:f1:0a:ca:bf:5f:3e:ed:f5:24:6e:d3:1b:
                    42:cd:08:69:32:58:15:a9:5e:79:58:29:38:3a:af:
                    81:ad:9e:4b:ed:aa:de:03:77:63:3d:99:f6:7b:60:
                    f1:80:0b:6d:a6:d4:d3:fe:58:f2:c2:82:d2:37:c3:
                    9c:a6:ca:9c:7c:f5:8f:9b:45:1d:61:35:53:c6:75:
                    42:01:12:91:b1:ce:cc:06:04:25:7c:a3:5c:b5:9f:
                    bd:d9:78:16:81:27:16:16:64:23:1e:dc:bb:92:9e:
                    e1:a8:92:96:d1:50:68:85:46:3c:39:a2:72:a2:b1:
                    b1:16:ea:db:01:c5:0b:90:7c:e5:15:60:e4:82:49:
                    e3:4c:8f:15:be:bc:40:6e:22:5a:24:11:8a:11:ee:
                    40:ac:22:a4:54:01:66:9c:47:9a:f4:d7:ad:0e:59:
                    0f:f0:46:e1:29:11:c9:1f:e2:75:21:8b:5d:06:3a:
                    98:5c:d4:9f:57:4a:4f:37:cc:d6:e0:45:fb:d7:ee:
                    04:b7:f3:7b:00:7e:20:9a:68:37:b1:6d:36:d6:74:
                    60:06:e1:12:49:36:63:f2:bc:85:3f:db:60:ec:0a:
                    fe:d7:94:08:26:95:ac:2a:99:05:c7:2a:6a:00:9f:
                    a6:d2:2f:13:48:d5:a7:fa:a6:35:02:80:41:a9:fe:
                    8d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:2D:D2:5D:B8:2D:7A:CD:62:10:B4:DE:56:98:5B:83:E6:F4:8B:1C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/152d632f-831d-46c4-8b97-92ba02d162d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.162.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         7d:95:f1:4f:2c:5e:7a:f3:61:21:f8:5f:fd:d7:e5:b1:d5:36:
         eb:a5:5b:47:96:73:a2:d8:79:90:3f:25:0c:9e:0a:29:9d:92:
         77:d0:e3:4d:f1:20:ad:44:26:e7:96:73:6d:e7:d6:b5:d2:f4:
         e3:fa:13:5d:15:b4:00:cc:7a:d9:12:35:23:7e:16:56:35:06:
         52:a7:a8:5d:ca:31:71:d6:98:fc:1a:06:e8:09:48:d5:59:bc:
         42:ba:da:3c:39:6f:45:29:b5:cf:02:50:c6:5a:12:91:c0:8f:
         c3:15:ed:21:1f:a6:58:2e:6e:ff:b6:db:58:ff:ca:36:91:43:
         d7:ab:8b:7f:6a:18:aa:49:1d:f2:90:61:29:ec:a4:0c:f8:bb:
         8d:43:c3:cc:bf:25:1a:04:99:94:a7:df:7e:76:d7:ed:39:ac:
         27:55:b8:42:e4:da:d4:6e:3f:15:c6:5b:9b:10:30:79:5a:c8:
         ec:46:20:8a:51:d2:f2:1e:25:77:16:b2:ed:69:81:c6:17:6a:
         26:5a:91:46:95:b8:31:69:27:b6:ad:3a:c4:dc:b8:e8:c5:ff:
         55:a1:95:47:c9:0d:bd:e3:c9:fd:56:56:70:e9:36:48:a5:46:
         ba:3d:2c:1c:15:81:06:6e:35:bf:44:14:b0:c2:8a:18:54:3a:
         f9:20:cc:5f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZb+/LPDq+gGd/XOj5ATL16d86/cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2OTdjM2FiMDJmOTNjZWRhOGU0MzBlNTUzOGY5NWYyMzlh
MzYyMTFkNTBiNTYxZTcwMTEwYzExMGVlYWYyZjMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4MfEKyr9fPu31JG7TG0LNCGkyWBWpXnlYKTg6r4Gtnkvt
qt4Dd2M9mfZ7YPGAC22m1NP+WPLCgtI3w5ymypx89Y+bRR1hNVPGdUIBEpGxzswG
BCV8o1y1n73ZeBaBJxYWZCMe3LuSnuGokpbRUGiFRjw5onKisbEW6tsBxQuQfOUV
YOSCSeNMjxW+vEBuIlokEYoR7kCsIqRUAWacR5r0160OWQ/wRuEpEckf4nUhi10G
Ophc1J9XSk83zNbgRfvX7gS383sAfiCaaDexbTbWdGAG4RJJNmPyvIU/22DsCv7X
lAgmlawqmQXHKmoAn6bSLxNI1af6pjUCgEGp/o1/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOi3SXbgtes1iELTeVphbg+b0ixwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE1MmQ2MzJmLTgzMWQtNDZjNC04Yjk3LTkyYmEwMmQxNjJkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQojANBgkqhkiG9w0BAQsFAAOCAQEAfZXxTyxeevNhIfhf/dflsdU266Vb
R5Zzoth5kD8lDJ4KKZ2Sd9DjTfEgrUQm55ZzbefWtdL04/oTXRW0AMx62RI1I34W
VjUGUqeoXcoxcdaY/BoG6AlI1Vm8QrraPDlvRSm1zwJQxloSkcCPwxXtIR+mWC5u
/7bbWP/KNpFD16uLf2oYqkkd8pBhKeykDPi7jUPDzL8lGgSZlKfffnbX7TmsJ1W4
QuTa1G4/FcZbmxAweVrI7EYgilHS8h4ldxay7WmBxhdqJlqRRpW4MWkntq06xNy4
6MX/VaGVR8kNvePJ/VZWcOk2SKVGuj0sHBWBBm41v0QUsMKKGFQ6+SDMXw==
-----END CERTIFICATE-----