Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b588e310-7696-4fe1-8c8a-a648ec03d5c3.roa
File:                     b588e310-7696-4fe1-8c8a-a648ec03d5c3.roa (raw, json)
Hash identifier:          FeU0E+d4N+PQ7ropmVwNCfjDIZ40b2vYCCH35sWXlxM=
Subject key identifier:   11:69:DD:0A:9D:DC:11:3D:FD:10:13:CD:54:F6:6A:6D:78:98:D0:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7BD1B19B671D1EA39D4BBE73D731C985423108A7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b588e310-7696-4fe1-8c8a-a648ec03d5c3.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        16.158.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:d1:b1:9b:67:1d:1e:a3:9d:4b:be:73:d7:31:c9:85:42:31:08:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1a:61:39:c5:58:c9:a0:e4:f6:4a:62:b0:f3:
                    cc:41:f8:e9:16:b7:d7:a7:2f:b6:c3:75:8c:6b:9a:
                    11:84:e4:41:7e:e4:0e:44:2f:93:bd:0d:85:bc:3c:
                    c6:9c:d8:66:4e:f2:63:10:c0:d0:87:8a:71:6e:ce:
                    5b:9f:5b:da:b5:74:8e:ec:2a:01:6b:2c:ac:d8:3c:
                    d2:24:0e:d1:87:8e:8c:14:2b:a1:98:e2:11:53:c9:
                    e1:16:4a:78:fa:fe:c5:c5:b4:2d:19:19:b7:31:60:
                    fe:09:03:87:5a:c0:c9:34:bd:26:5b:e8:5e:de:39:
                    ee:d1:79:0f:ec:87:92:f2:c5:19:a4:22:36:d1:f0:
                    f9:20:60:b0:e0:6b:6b:e3:d7:23:a6:00:fc:3f:31:
                    a7:66:05:0f:23:2a:08:cf:c5:1d:18:7c:62:bd:b2:
                    0c:12:89:f9:69:0e:2f:24:07:5e:36:35:a3:d6:cb:
                    b0:6f:05:93:5f:33:3f:68:0c:b0:3d:7d:7b:da:2b:
                    34:06:8d:f2:ab:e3:a2:7d:1a:83:3a:9e:09:05:ab:
                    19:bd:d5:b8:51:b0:5c:9b:d9:c8:28:ae:75:15:a3:
                    c9:f8:ae:ed:8e:dc:58:e2:9b:ba:84:19:7c:b7:64:
                    d5:db:c1:c6:3c:06:4d:63:8a:6a:48:25:cc:1e:20:
                    ea:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:69:DD:0A:9D:DC:11:3D:FD:10:13:CD:54:F6:6A:6D:78:98:D0:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b588e310-7696-4fe1-8c8a-a648ec03d5c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.158.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6c:ff:93:7c:6d:d1:01:77:f0:f7:c1:5a:5f:50:da:fe:22:6a:
         52:b3:36:94:b7:0d:ba:24:dd:6e:b7:94:42:c6:15:ba:b5:c9:
         a5:b5:57:d9:43:7c:7a:db:ac:a8:6d:f4:5e:ee:5c:13:04:8c:
         bb:f4:c3:3b:02:56:fa:70:44:e3:43:12:92:2d:9f:a9:83:01:
         0b:27:0e:b9:43:12:b1:9f:08:20:1d:6e:47:06:7d:d0:d3:be:
         17:48:ba:3f:a7:14:36:cb:49:b9:34:3b:f2:50:69:67:3d:e3:
         4a:33:78:4a:f9:aa:19:29:f3:73:53:7e:45:65:5f:e3:aa:c2:
         cf:95:7b:e2:97:82:6b:c4:31:ae:a6:da:ff:da:bf:be:c0:ca:
         86:9d:5a:50:3c:4c:c9:a4:42:3f:34:0a:d1:90:db:c7:ea:3b:
         a6:d7:49:01:3b:90:dd:94:c6:3b:a7:b1:f8:44:ee:b1:10:8b:
         9b:97:2d:8c:99:22:58:ee:13:66:30:61:18:b8:17:98:9b:53:
         25:e3:99:3b:3e:6e:43:43:06:d7:10:e0:45:9f:b5:2e:76:68:
         24:f5:1d:18:6f:82:16:7b:6f:3e:bb:45:92:c0:71:ec:df:e6:
         a7:2f:0d:87:70:9d:ec:1f:00:a9:59:1e:fd:4a:6d:05:10:cc:
         b0:92:39:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUe9Gxm2cdHqOdS75z1zHJhUIxCKcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMDgyZWMyNWNiNzBjODkxYmE1NGI2M2EzZmM0ZjdjMmYy
NTY3NWVjNjQ3ODQ4NzdkMjNhNWE3OGYyYTA4ZWE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLGmE5xVjJoOT2SmKw88xB+OkWt9enL7bDdYxrmhGE5EF+
5A5EL5O9DYW8PMac2GZO8mMQwNCHinFuzlufW9q1dI7sKgFrLKzYPNIkDtGHjowU
K6GY4hFTyeEWSnj6/sXFtC0ZGbcxYP4JA4dawMk0vSZb6F7eOe7ReQ/sh5LyxRmk
IjbR8PkgYLDga2vj1yOmAPw/MadmBQ8jKgjPxR0YfGK9sgwSiflpDi8kB142NaPW
y7BvBZNfMz9oDLA9fXvaKzQGjfKr46J9GoM6ngkFqxm91bhRsFyb2cgornUVo8n4
ru2O3Fjim7qEGXy3ZNXbwcY8Bk1jimpIJcweIOqpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEWndCp3cET39EBPNVPZqbXiY0JcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1ODhlMzEwLTc2OTYtNGZlMS04YzhhLWE2NDhlYzAzZDVjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQnjANBgkqhkiG9w0BAQsFAAOCAQEAbP+TfG3RAXfw98FaX1Da/iJqUrM2
lLcNuiTdbreUQsYVurXJpbVX2UN8etusqG30Xu5cEwSMu/TDOwJW+nBE40MSki2f
qYMBCycOuUMSsZ8IIB1uRwZ90NO+F0i6P6cUNstJuTQ78lBpZz3jSjN4SvmqGSnz
c1N+RWVf46rCz5V74peCa8Qxrqba/9q/vsDKhp1aUDxMyaRCPzQK0ZDbx+o7ptdJ
ATuQ3ZTGO6ex+ETusRCLm5ctjJkiWO4TZjBhGLgXmJtTJeOZOz5uQ0MG1xDgRZ+1
LnZoJPUdGG+CFntvPrtFksBx7N/mpy8Nh3Cd7B8AqVke/UptBRDMsJI5Kw==
-----END CERTIFICATE-----