Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/471bc80a-1c79-4400-b714-e29292b9c798.roa
File:                     471bc80a-1c79-4400-b714-e29292b9c798.roa (raw, json)
Hash identifier:          bdzrIRl36M7sFEECAX0iBqlNQs5lzFLKCYoj90HYN54=
Subject key identifier:   AD:59:C1:41:97:35:42:1F:C7:99:BD:BE:CF:0B:6D:E6:84:19:68:BA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3EFC0D3244F7A43F8116F7F08D224BBA16645997
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/471bc80a-1c79-4400-b714-e29292b9c798.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.24.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:fc:0d:32:44:f7:a4:3f:81:16:f7:f0:8d:22:4b:ba:16:64:59:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:aa:69:3e:a3:db:36:22:83:38:36:bf:57:62:
                    d0:ba:0a:30:0f:f7:99:7e:d6:5a:c0:8e:3d:df:f4:
                    2a:33:87:5d:0a:62:1c:47:47:d3:69:02:be:f3:b0:
                    0b:32:a2:71:7f:cc:7f:6d:0a:ff:15:1e:97:1d:f0:
                    7a:17:03:c3:da:97:46:a6:1a:aa:7e:f5:6d:66:2f:
                    b1:d9:1f:17:80:7f:f0:8e:59:cf:3b:36:b1:a3:72:
                    63:4f:6d:54:fb:9f:d3:b7:86:a3:ec:10:6b:6b:1f:
                    f8:a5:43:de:b6:dc:e2:eb:73:66:b7:79:88:7d:78:
                    41:19:25:41:f6:c7:0e:18:7f:8d:1c:ed:76:79:38:
                    1a:8b:09:3c:d3:95:7c:e4:c4:68:bf:d6:2a:e3:f5:
                    5f:b9:27:ec:bd:27:63:25:aa:fd:d2:f1:79:55:ea:
                    45:fe:52:38:34:08:03:dd:20:35:2b:e4:b7:1c:cb:
                    73:e4:58:d3:2a:5f:26:0d:13:55:48:71:5d:b9:6b:
                    94:6b:2c:9e:e7:0b:03:44:d3:d8:63:9e:ff:e0:c9:
                    31:84:11:6c:9b:65:1a:71:60:dc:c2:ff:78:86:9e:
                    a2:13:93:c6:9e:d3:a7:a4:01:09:0c:27:5f:32:54:
                    db:21:ec:dc:37:be:94:e7:11:af:a7:86:54:a0:8f:
                    8c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:59:C1:41:97:35:42:1F:C7:99:BD:BE:CF:0B:6D:E6:84:19:68:BA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/471bc80a-1c79-4400-b714-e29292b9c798.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.24.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         03:1d:17:5a:1f:77:92:ee:c7:fa:f1:80:2b:6b:d0:20:54:df:
         99:dd:fa:00:63:3a:74:66:f3:ad:d5:99:f2:d8:34:bf:b4:eb:
         5a:70:80:92:c9:bf:76:5a:88:e8:76:31:f4:10:cb:2d:3d:ea:
         23:be:ec:6b:7f:04:4a:52:db:5d:46:ef:00:b3:f2:bb:f9:20:
         83:dd:c7:50:ca:97:84:91:89:51:7b:3e:24:eb:53:d9:5e:29:
         62:d1:1f:28:b3:6f:69:5c:e0:93:ed:8c:3d:d2:0a:2c:b7:f9:
         db:0b:e5:de:04:be:3f:69:84:5d:e4:62:aa:fb:ae:0e:b4:37:
         e0:54:dc:23:de:23:e8:3b:34:d4:28:0b:e4:1a:c8:06:d5:fb:
         e8:74:5f:49:27:30:81:74:eb:e7:b3:8b:d9:a9:7e:60:07:49:
         d5:ab:8e:be:c7:84:32:28:1e:95:b5:7e:9b:cf:d5:15:46:fb:
         bf:59:9d:55:fb:6f:16:8a:99:cf:6a:9e:a9:1f:61:06:d2:f9:
         1b:46:3a:b0:b1:85:fb:34:82:46:50:c8:16:2b:60:5a:36:44:
         b4:1d:5e:27:75:ff:53:fd:bd:e9:20:41:51:19:3c:98:0e:95:
         f5:6a:2c:25:c8:9c:de:f3:98:72:83:f4:56:f7:b4:f1:67:30:
         1c:a1:52:80
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPvwNMkT3pD+BFvfwjSJLuhZkWZcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDlhYmFiNjZmODRkZWVjYzA1NzZmZmUxZWQyZGMzMmQx
ZTAwMjE2YTdjNDRmNDRkZDY4ZDQwMGYyOWQ2ODVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAqmk+o9s2IoM4Nr9XYtC6CjAP95l+1lrAjj3f9Cozh10K
YhxHR9NpAr7zsAsyonF/zH9tCv8VHpcd8HoXA8Pal0amGqp+9W1mL7HZHxeAf/CO
Wc87NrGjcmNPbVT7n9O3hqPsEGtrH/ilQ9623OLrc2a3eYh9eEEZJUH2xw4Yf40c
7XZ5OBqLCTzTlXzkxGi/1irj9V+5J+y9J2Mlqv3S8XlV6kX+Ujg0CAPdIDUr5Lcc
y3PkWNMqXyYNE1VIcV25a5RrLJ7nCwNE09hjnv/gyTGEEWybZRpxYNzC/3iGnqIT
k8ae06ekAQkMJ18yVNsh7Nw3vpTnEa+nhlSgj4yBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrVnBQZc1Qh/Hmb2+zwtt5oQZaLowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ3MWJjODBhLTFjNzktNDQwMC1iNzE0LWUyOTI5MmI5Yzc5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEQGDANBgkqhkiG9w0BAQsFAAOCAQEAAx0XWh93ku7H+vGAK2vQIFTfmd36
AGM6dGbzrdWZ8tg0v7TrWnCAksm/dlqI6HYx9BDLLT3qI77sa38ESlLbXUbvALPy
u/kgg93HUMqXhJGJUXs+JOtT2V4pYtEfKLNvaVzgk+2MPdIKLLf52wvl3gS+P2mE
XeRiqvuuDrQ34FTcI94j6Ds01CgL5BrIBtX76HRfSScwgXTr57OL2al+YAdJ1auO
vseEMigelbV+m8/VFUb7v1mdVftvFoqZz2qeqR9hBtL5G0Y6sLGF+zSCRlDIFitg
WjZEtB1eJ3X/U/296SBBURk8mA6V9WosJcic3vOYcoP0Vve08WcwHKFSgA==
-----END CERTIFICATE-----