Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c081ceb3-c25b-4b93-b50e-5403edadd6f7.roa
File:                     c081ceb3-c25b-4b93-b50e-5403edadd6f7.roa (raw, json)
Hash identifier:          yseakj4Vi7GdcIFsH0wjHWBRT4EhQZUdSEZUhwmhCH8=
Subject key identifier:   15:F8:A7:61:B8:BE:5E:3B:2A:DB:7B:99:3B:F1:B4:5E:BE:5F:35:CE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41D90E8D70790EED1C10EF9C85D8FD6E2436A769
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c081ceb3-c25b-4b93-b50e-5403edadd6f7.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.116.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d9:0e:8d:70:79:0e:ed:1c:10:ef:9c:85:d8:fd:6e:24:36:a7:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=a49a3f1dfcd213c018c8f2fecedfbad746e3317b6339b054adaeed4a8eb98bf8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:6b:40:3b:5e:e2:e0:ce:77:5f:7a:36:a5:8d:
                    71:1d:bf:e6:ad:99:ee:bb:c3:e6:2f:f0:03:ec:4f:
                    26:52:63:0c:51:bb:c7:57:66:b9:51:17:39:bf:34:
                    62:de:d8:85:fb:c5:5b:84:c3:15:be:55:93:01:18:
                    23:62:c8:0c:c3:c8:dd:d8:f4:ab:08:f6:51:54:4d:
                    b3:61:c3:8d:07:5c:8f:e6:75:f0:52:92:3d:f1:09:
                    2f:e6:10:11:a6:80:29:6b:2c:13:f0:22:4b:e2:c5:
                    b4:58:a9:b6:cb:1c:e3:49:30:05:4a:19:b6:5e:5b:
                    a6:10:cc:f6:dc:68:96:94:9e:cb:d4:67:61:8b:3a:
                    d0:78:1c:85:9b:a9:91:f6:5c:ea:62:c8:95:83:9b:
                    30:bc:2f:bf:74:50:ed:f8:f5:ed:3f:9f:86:05:da:
                    b3:7e:ac:9d:61:88:c4:12:43:36:bb:ac:45:58:15:
                    d9:f4:e1:4f:08:fd:19:79:36:83:ef:60:0c:af:d8:
                    d5:c2:4e:ab:3c:6d:aa:2f:45:18:ce:b3:77:99:cd:
                    d6:23:18:3d:1f:b9:50:d4:6d:61:c9:a6:7d:c6:ae:
                    4f:b9:f8:14:29:7d:30:6d:66:6e:a5:ee:29:3a:ec:
                    55:5f:5f:5e:e1:53:3a:a7:ca:1e:f1:e9:b5:29:93:
                    07:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F8:A7:61:B8:BE:5E:3B:2A:DB:7B:99:3B:F1:B4:5E:BE:5F:35:CE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c081ceb3-c25b-4b93-b50e-5403edadd6f7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.116.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         47:56:e1:74:78:b4:8e:b8:b1:77:15:2d:e4:70:4d:10:d6:00:
         97:a3:7c:03:08:26:c1:99:d3:26:fe:f2:e0:60:70:02:c9:45:
         8c:45:c6:a6:77:24:cd:8b:ff:47:62:c7:43:cb:8b:d1:6b:1b:
         22:3b:03:1b:5d:78:44:a2:58:7c:5c:13:e6:25:7c:2f:be:6f:
         ed:b4:f8:3f:bc:47:27:4e:c0:3e:d6:55:71:0f:76:39:a1:83:
         4c:0b:bd:00:b7:c5:f0:4b:59:7d:85:49:e9:c9:e5:ca:98:a4:
         a3:85:f0:ea:03:f9:b5:4c:b0:cf:45:5c:32:ca:ff:cb:89:d5:
         50:8c:41:ce:14:55:52:86:cd:75:f7:55:c9:b5:31:6f:c8:e9:
         c5:e4:c4:67:50:ae:95:f7:10:dd:d2:b5:e7:17:6d:0e:14:a0:
         5e:20:0a:8f:f5:22:c6:ec:58:a8:93:52:67:59:d0:51:86:c0:
         96:fb:96:95:ef:41:41:5c:14:72:1f:1e:3a:4a:58:76:5b:97:
         1f:ce:57:7c:38:48:08:48:a6:d4:8e:18:b0:04:d6:8c:98:d0:
         bc:84:0e:c9:0f:0e:09:4a:2f:b0:51:5f:79:66:aa:37:99:9f:
         b1:81:a3:f9:94:54:75:cd:e9:09:20:58:ba:5b:39:0b:ab:b9:
         42:28:fd:91
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQdkOjXB5Du0cEO+chdj9biQ2p2kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNDlhM2YxZGZjZDIxM2MwMThjOGYyZmVjZWRmYmFkNzQ2
ZTMzMTdiNjMzOWIwNTRhZGFlZWQ0YThlYjk4YmY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9a0A7XuLgzndfejaljXEdv+atme67w+Yv8APsTyZSYwxR
u8dXZrlRFzm/NGLe2IX7xVuEwxW+VZMBGCNiyAzDyN3Y9KsI9lFUTbNhw40HXI/m
dfBSkj3xCS/mEBGmgClrLBPwIkvixbRYqbbLHONJMAVKGbZeW6YQzPbcaJaUnsvU
Z2GLOtB4HIWbqZH2XOpiyJWDmzC8L790UO349e0/n4YF2rN+rJ1hiMQSQza7rEVY
Fdn04U8I/Rl5NoPvYAyv2NXCTqs8baovRRjOs3eZzdYjGD0fuVDUbWHJpn3Grk+5
+BQpfTBtZm6l7ik67FVfX17hUzqnyh7x6bUpkwf5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFfinYbi+Xjsq23uZO/G0Xr5fNc4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MwODFjZWIzLWMyNWItNGI5My1iNTBlLTU0MDNlZGFkZDZmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2dDANBgkqhkiG9w0BAQsFAAOCAQEAR1bhdHi0jrixdxUt5HBNENYAl6N8
AwgmwZnTJv7y4GBwAslFjEXGpnckzYv/R2LHQ8uL0WsbIjsDG114RKJYfFwT5iV8
L75v7bT4P7xHJ07APtZVcQ92OaGDTAu9ALfF8EtZfYVJ6cnlypiko4Xw6gP5tUyw
z0VcMsr/y4nVUIxBzhRVUobNdfdVybUxb8jpxeTEZ1CulfcQ3dK15xdtDhSgXiAK
j/UixuxYqJNSZ1nQUYbAlvuWle9BQVwUch8eOkpYdluXH85XfDhICEim1I4YsATW
jJjQvIQOyQ8OCUovsFFfeWaqN5mfsYGj+ZRUdc3pCSBYuls5C6u5Qij9kQ==
-----END CERTIFICATE-----