Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8ca52bd5-feba-477c-a572-c96999609dfa.roa
File:                     8ca52bd5-feba-477c-a572-c96999609dfa.roa (raw, json)
Hash identifier:          wlxPylJHJGbKSemtNEzStEbA6adulztHUUsOmoV5YVk=
Subject key identifier:   21:EB:40:8C:12:3F:F2:08:10:C4:AC:FF:41:98:38:A8:3F:93:86:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       059EB9C2868A6A9258AC19C0F9A440A7F504E968
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8ca52bd5-feba-477c-a572-c96999609dfa.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.153.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:9e:b9:c2:86:8a:6a:92:58:ac:19:c0:f9:a4:40:a7:f5:04:e9:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=da6ecfadd52e3279a41a42a236f3157ca24a604c056eafda2d14d22115ec1d2d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:39:27:f8:ba:59:00:55:33:a0:19:fb:2d:ee:
                    de:14:1b:58:40:aa:46:b8:cf:dc:ea:ec:d9:ad:67:
                    da:02:5e:9f:42:e0:a4:d1:0c:3a:86:3a:a6:7a:cf:
                    e9:01:78:fe:5a:aa:7d:d1:85:c7:c7:af:5c:bc:b7:
                    9f:87:62:c2:c9:e6:62:fd:4c:2a:dd:53:1d:4f:00:
                    02:86:01:f2:8a:fe:c0:5e:53:1b:6e:78:7f:c1:1e:
                    76:90:22:3b:64:56:a0:a4:27:b9:d9:5b:55:30:d4:
                    db:c6:9f:1f:fb:b5:0d:21:a8:1e:12:1e:24:75:b3:
                    78:55:b0:51:65:a9:26:68:b1:a0:a1:77:89:9a:12:
                    37:cb:ed:71:9c:7e:df:0d:b7:88:65:e5:52:1b:3f:
                    93:eb:52:eb:25:39:a7:1a:8f:3d:78:60:1e:aa:e9:
                    d4:8a:33:11:4b:5d:58:e0:1e:b1:a9:6b:90:7f:25:
                    28:ff:60:25:da:47:25:b2:da:1a:f9:91:b2:07:ac:
                    59:cb:2e:e8:f9:d5:16:e2:41:4a:67:7a:70:8c:fc:
                    7a:45:0a:25:65:e7:96:8b:d7:c5:3e:c0:8b:41:fe:
                    dc:fa:e7:17:83:d6:a4:f5:f2:6b:cc:88:37:9e:f5:
                    16:42:e6:c4:1e:39:87:28:8d:82:4f:51:c2:88:c4:
                    a8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:EB:40:8C:12:3F:F2:08:10:C4:AC:FF:41:98:38:A8:3F:93:86:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8ca52bd5-feba-477c-a572-c96999609dfa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.153.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c7:29:fe:fb:3f:25:4e:8b:ce:8b:c4:a8:51:27:0e:c5:c2:a6:
         35:65:55:e2:bb:b3:c0:c8:15:a4:ed:50:2e:14:15:ae:4e:f5:
         38:a0:1e:e1:7d:b3:74:d7:44:20:a0:ea:1d:42:81:c4:bb:bb:
         ea:c3:3b:01:69:5b:9c:3d:2e:f4:80:e7:87:fa:31:4f:80:37:
         e7:a1:8e:8d:c8:4b:ee:a1:b0:5b:dd:93:b6:e6:8a:15:be:f9:
         62:3e:29:6a:b9:60:8e:78:4d:5d:83:8b:5f:cf:41:e2:af:26:
         bc:0f:23:e6:c4:5b:b7:b6:dd:84:53:bb:17:e0:fe:97:76:a0:
         f2:db:2f:4c:1c:3c:f7:d9:cf:71:a4:38:f7:af:e7:b6:ff:2d:
         e9:3f:63:c7:82:ac:7d:c8:e8:d2:1f:4c:c1:58:81:ff:f3:c1:
         c7:13:18:e1:4c:11:b1:dd:cd:f9:fd:ab:1f:f2:df:05:e3:49:
         77:02:68:2c:20:74:94:36:14:f5:a5:34:10:d6:bb:31:97:89:
         d3:87:4b:5e:cc:a3:9d:b9:8c:46:cc:6c:88:27:c1:fb:c2:ee:
         8c:f4:da:b9:48:a8:af:f6:15:60:15:6b:4c:6a:95:11:bc:ea:
         e3:52:a5:4a:d5:8c:3a:c3:69:72:a0:0e:34:7c:4a:b4:5f:ed:
         0b:d3:af:23
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBZ65woaKapJYrBnA+aRAp/UE6WgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYTZlY2ZhZGQ1MmUzMjc5YTQxYTQyYTIzNmYzMTU3Y2Ey
NGE2MDRjMDU2ZWFmZGEyZDE0ZDIyMTE1ZWMxZDJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtOSf4ulkAVTOgGfst7t4UG1hAqka4z9zq7NmtZ9oCXp9C
4KTRDDqGOqZ6z+kBeP5aqn3RhcfHr1y8t5+HYsLJ5mL9TCrdUx1PAAKGAfKK/sBe
UxtueH/BHnaQIjtkVqCkJ7nZW1Uw1NvGnx/7tQ0hqB4SHiR1s3hVsFFlqSZosaCh
d4maEjfL7XGcft8Nt4hl5VIbP5PrUuslOacajz14YB6q6dSKMxFLXVjgHrGpa5B/
JSj/YCXaRyWy2hr5kbIHrFnLLuj51RbiQUpnenCM/HpFCiVl55aL18U+wItB/tz6
5xeD1qT18mvMiDee9RZC5sQeOYcojYJPUcKIxKjfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIetAjBI/8ggQxKz/QZg4qD+ThpgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhjYTUyYmQ1LWZlYmEtNDc3Yy1hNTcyLWM5Njk5OTYwOWRmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQmTANBgkqhkiG9w0BAQsFAAOCAQEAxyn++z8lTovOi8SoUScOxcKmNWVV
4ruzwMgVpO1QLhQVrk71OKAe4X2zdNdEIKDqHUKBxLu76sM7AWlbnD0u9IDnh/ox
T4A356GOjchL7qGwW92TtuaKFb75Yj4parlgjnhNXYOLX89B4q8mvA8j5sRbt7bd
hFO7F+D+l3ag8tsvTBw899nPcaQ496/ntv8t6T9jx4Ksfcjo0h9MwViB//PBxxMY
4UwRsd3N+f2rH/LfBeNJdwJoLCB0lDYU9aU0ENa7MZeJ04dLXsyjnbmMRsxsiCfB
+8LujPTauUior/YVYBVrTGqVEbzq41KlStWMOsNpcqAONHxKtF/tC9OvIw==
-----END CERTIFICATE-----