Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b6e3735-b9d5-4de6-810c-4b236afea0b2.roa
File:                     1b6e3735-b9d5-4de6-810c-4b236afea0b2.roa (raw, json)
Hash identifier:          EPA9B8d2M6SCTHewbqW5niHfxEzaM4ZfAlx0s3YzQmI=
Subject key identifier:   CC:68:AB:50:1F:C0:2F:F4:02:BB:4E:DA:3C:B8:F0:4A:AF:A7:7E:FF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       269F38E3B69E36F0C6AA1FF7031455FC153ECB85
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b6e3735-b9d5-4de6-810c-4b236afea0b2.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.156.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:9f:38:e3:b6:9e:36:f0:c6:aa:1f:f7:03:14:55:fc:15:3e:cb:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:53:48:f9:ad:04:47:91:4c:b2:44:95:58:5b:
                    55:d9:3e:95:df:ce:52:8b:35:96:b8:2d:84:a7:3f:
                    fa:42:d3:15:13:e2:51:ec:c7:83:03:13:2c:40:d2:
                    ef:d0:00:39:db:e6:d7:26:03:f0:20:4b:8f:91:e5:
                    be:e5:08:65:f6:3e:a6:ad:ae:79:27:d4:d8:3c:72:
                    e0:f5:32:6a:12:32:c9:f7:a7:13:cd:5f:cd:c9:1e:
                    5b:8f:81:4d:45:88:c1:60:e3:7b:79:a0:1b:09:a2:
                    dd:00:36:39:48:6e:d6:80:11:7c:cf:62:e9:a5:92:
                    ff:d2:c7:73:5b:aa:ec:b2:2a:68:1f:9d:60:2f:23:
                    e3:ee:5a:05:d3:3b:1a:b3:63:3f:3b:8e:99:c3:de:
                    be:08:3e:5d:65:fb:6e:cd:8e:0b:c4:33:bc:89:01:
                    ee:76:72:b3:d8:7f:dc:9d:56:27:ec:da:50:e6:8a:
                    9d:4b:2e:2f:2d:65:42:46:a2:bf:ef:32:7c:83:b2:
                    64:26:77:77:1e:92:44:2f:99:66:88:aa:8c:13:59:
                    37:8c:d2:ff:ac:fd:60:d3:b5:0e:36:84:8a:d9:4e:
                    aa:30:81:da:22:68:41:f3:3f:39:ed:a3:47:d3:16:
                    de:46:f7:2b:40:33:16:31:80:5a:f0:58:d8:13:86:
                    6b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:68:AB:50:1F:C0:2F:F4:02:BB:4E:DA:3C:B8:F0:4A:AF:A7:7E:FF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1b6e3735-b9d5-4de6-810c-4b236afea0b2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.156.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:8e:5a:c3:2a:76:ff:62:8c:ee:b6:6e:00:44:bb:c9:20:e2:
         ed:d6:fd:f6:6e:78:30:25:77:7e:16:52:6a:8e:17:8b:6b:64:
         b4:d9:9d:30:fe:83:c8:e0:58:ad:8e:89:c9:df:09:be:73:aa:
         fa:47:88:e4:9d:1c:89:dd:a1:81:b5:5b:c6:5f:a8:51:b5:dd:
         b4:f8:42:cb:bd:bb:df:21:fd:6e:ec:7f:76:98:9e:4d:ac:96:
         67:d9:3a:a8:c8:b1:4b:a9:e1:55:95:73:22:e6:08:7d:72:4e:
         38:86:91:d0:2b:e6:0e:b3:e1:3f:ef:82:9f:a7:b2:09:d5:2a:
         d8:21:e8:5a:ad:0d:e2:e4:54:ea:5f:f0:ee:52:d5:17:60:95:
         af:02:2e:54:5a:7d:77:70:53:31:96:e7:20:67:b1:f0:43:d3:
         1b:6b:66:d6:4f:ec:15:bc:89:de:d5:c9:46:0f:b7:27:db:49:
         6b:e3:50:76:76:13:0b:d4:ed:34:e6:fe:e3:bb:94:0a:db:72:
         7d:51:b5:dc:f8:66:47:99:a4:5e:52:03:29:d8:fc:49:95:24:
         15:f1:7e:d7:41:0a:18:63:46:28:dc:79:85:23:c9:a8:8a:17:
         88:b9:82:95:d0:72:bb:1f:81:f3:23:26:27:5a:5d:a1:4f:26:
         58:f2:86:b9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJp8447aeNvDGqh/3AxRV/BU+y4UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZmNkYjY0MWJjNjcxMTM3MGQ1MmE1M2RhMWI0MDhjYzJj
YWVjZDIxMDkzMmRhY2NjYzQxZjQzOGIzNDM3NTI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuU0j5rQRHkUyyRJVYW1XZPpXfzlKLNZa4LYSnP/pC0xUT
4lHsx4MDEyxA0u/QADnb5tcmA/AgS4+R5b7lCGX2Pqatrnkn1Ng8cuD1MmoSMsn3
pxPNX83JHluPgU1FiMFg43t5oBsJot0ANjlIbtaAEXzPYumlkv/Sx3NbquyyKmgf
nWAvI+PuWgXTOxqzYz87jpnD3r4IPl1l+27NjgvEM7yJAe52crPYf9ydVifs2lDm
ip1LLi8tZUJGor/vMnyDsmQmd3cekkQvmWaIqowTWTeM0v+s/WDTtQ42hIrZTqow
gdoiaEHzPznto0fTFt5G9ytAMxYxgFrwWNgThmsRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzGirUB/AL/QCu07aPLjwSq+nfv8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFiNmUzNzM1LWI5ZDUtNGRlNi04MTBjLTRiMjM2YWZlYTBiMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQnDANBgkqhkiG9w0BAQsFAAOCAQEAG45awyp2/2KM7rZuAES7ySDi7db9
9m54MCV3fhZSao4Xi2tktNmdMP6DyOBYrY6Jyd8JvnOq+keI5J0cid2hgbVbxl+o
UbXdtPhCy7273yH9bux/dpieTayWZ9k6qMixS6nhVZVzIuYIfXJOOIaR0CvmDrPh
P++Cn6eyCdUq2CHoWq0N4uRU6l/w7lLVF2CVrwIuVFp9d3BTMZbnIGex8EPTG2tm
1k/sFbyJ3tXJRg+3J9tJa+NQdnYTC9TtNOb+47uUCttyfVG13PhmR5mkXlIDKdj8
SZUkFfF+10EKGGNGKNx5hSPJqIoXiLmCldByux+B8yMmJ1pdoU8mWPKGuQ==
-----END CERTIFICATE-----