Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5960a50e-8994-4368-ac6c-afd213e8e07a.roa
File:                     5960a50e-8994-4368-ac6c-afd213e8e07a.roa (raw, json)
Hash identifier:          ojYFTQ6nIkCKuciBJNhs9lYasgRr3TKJjCafXpRBh5A=
Subject key identifier:   A0:F3:22:DF:FB:26:6B:6E:4A:16:13:E6:C4:98:F8:12:F7:51:C8:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7FB6D87A22A6A7E2F84698FB94B559B2085B3F39
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5960a50e-8994-4368-ac6c-afd213e8e07a.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.113.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:b6:d8:7a:22:a6:a7:e2:f8:46:98:fb:94:b5:59:b2:08:5b:3f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=4e7a006800ff3d5515ae2f1e4e4c6e449321d756312403d3e169d0b9c6a2e76d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:60:bc:a6:93:3a:76:a2:da:11:f4:fd:b6:76:
                    27:c6:0d:2e:df:c4:b9:45:ad:11:38:e5:25:f8:3b:
                    ed:b5:ca:e4:20:5c:c3:73:17:30:34:60:3c:56:4b:
                    ea:bd:c1:03:87:a9:1a:d0:6a:ef:be:08:9b:7f:8a:
                    c2:0a:48:71:bf:93:91:f4:2b:8f:f6:0f:4f:08:b7:
                    a8:d1:83:10:ec:8e:23:7e:c8:6a:ad:78:90:45:ab:
                    a5:ab:e0:23:a8:b9:cc:77:b8:c3:e3:69:b1:79:42:
                    9a:ce:eb:bc:0a:4a:d7:ea:c7:ea:81:aa:89:fa:71:
                    6c:fc:42:d4:83:64:ce:88:73:7b:fc:7f:fd:d0:e9:
                    5a:0c:a2:e8:6f:c3:39:d9:a6:e9:2a:dd:6a:e1:8c:
                    c9:5a:29:23:7b:81:17:7a:e1:a5:4c:c2:dc:97:8f:
                    2d:69:e8:39:ee:24:40:34:a5:b8:8f:43:47:a3:80:
                    fb:b2:da:30:c9:f9:5c:c2:8e:55:6a:5e:f3:c0:8f:
                    aa:2d:10:85:63:de:83:58:91:12:6c:c8:89:44:23:
                    ed:fb:88:da:42:b1:be:a8:20:be:a1:8c:c4:09:04:
                    bf:66:33:09:b3:70:c0:42:27:2e:b8:f0:da:eb:bb:
                    ee:b2:15:39:34:9c:cf:83:b1:f0:74:36:1d:84:3e:
                    70:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:F3:22:DF:FB:26:6B:6E:4A:16:13:E6:C4:98:F8:12:F7:51:C8:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5960a50e-8994-4368-ac6c-afd213e8e07a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.113.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1f:f6:f3:a6:6f:21:b7:28:55:d5:91:cb:9f:62:ac:29:fc:70:
         15:3a:0b:aa:a9:9e:ba:73:05:f7:79:be:2e:f3:12:53:45:c7:
         fb:67:72:06:27:2f:16:00:87:63:06:41:16:05:6e:27:4e:74:
         7d:42:9b:4e:e8:94:ad:00:ec:e3:e3:67:da:c8:73:b3:97:4c:
         43:3e:44:39:d7:f5:c3:69:e2:7c:c3:b2:bb:6b:73:8b:ec:76:
         bb:00:58:e0:05:a7:1d:e9:1d:13:aa:4b:e6:bd:30:18:fa:85:
         e3:5f:76:34:b1:d3:c2:7a:32:6f:4c:9f:32:7b:65:a2:9e:ad:
         9c:e6:1b:64:d1:d4:e6:5e:66:47:f3:98:c6:ee:5a:57:b5:3a:
         f8:e4:ee:9f:7a:9c:54:db:a2:ae:90:f2:1d:14:17:17:5d:90:
         da:00:d9:7c:2d:7a:4e:bc:46:0d:fb:b5:c8:e5:ab:79:dd:d1:
         d4:06:a2:fb:2b:a2:83:41:d2:00:4a:a6:de:a2:8d:ad:43:aa:
         b8:e0:16:94:82:42:81:f1:fd:1d:8d:91:7d:56:4a:93:bb:76:
         d0:f4:4d:52:22:5f:02:7b:44:85:0d:d9:ae:d7:df:84:1f:fe:
         22:12:9b:4b:75:27:81:28:f8:85:92:37:bb:03:60:51:f3:61:
         bf:df:bc:69
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUf7bYeiKmp+L4Rpj7lLVZsghbPzkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTdhMDA2ODAwZmYzZDU1MTVhZTJmMWU0ZTRjNmU0NDkz
MjFkNzU2MzEyNDAzZDNlMTY5ZDBiOWM2YTJlNzZkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXYLymkzp2otoR9P22difGDS7fxLlFrRE45SX4O+21yuQg
XMNzFzA0YDxWS+q9wQOHqRrQau++CJt/isIKSHG/k5H0K4/2D08It6jRgxDsjiN+
yGqteJBFq6Wr4COoucx3uMPjabF5QprO67wKStfqx+qBqon6cWz8QtSDZM6Ic3v8
f/3Q6VoMouhvwznZpukq3WrhjMlaKSN7gRd64aVMwtyXjy1p6DnuJEA0pbiPQ0ej
gPuy2jDJ+VzCjlVqXvPAj6otEIVj3oNYkRJsyIlEI+37iNpCsb6oIL6hjMQJBL9m
MwmzcMBCJy648Nrru+6yFTk0nM+DsfB0Nh2EPnAnAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUoPMi3/sma25KFhPmxJj4EvdRyIIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5NjBhNTBlLTg5OTQtNDM2OC1hYzZjLWFmZDIxM2U4ZTA3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQcTANBgkqhkiG9w0BAQsFAAOCAQEAH/bzpm8htyhV1ZHLn2KsKfxwFToL
qqmeunMF93m+LvMSU0XH+2dyBicvFgCHYwZBFgVuJ050fUKbTuiUrQDs4+Nn2shz
s5dMQz5EOdf1w2nifMOyu2tzi+x2uwBY4AWnHekdE6pL5r0wGPqF4192NLHTwnoy
b0yfMntlop6tnOYbZNHU5l5mR/OYxu5aV7U6+OTun3qcVNuirpDyHRQXF12Q2gDZ
fC16TrxGDfu1yOWred3R1Aai+yuig0HSAEqm3qKNrUOquOAWlIJCgfH9HY2RfVZK
k7t20PRNUiJfAntEhQ3ZrtffhB/+IhKbS3UngSj4hZI3uwNgUfNhv9+8aQ==
-----END CERTIFICATE-----
Generated at Sun Apr 27 00:18:07 2025 by rpki-client