Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec5007e8-609d-493d-8fad-d5f5238eee46.roa
File:                     ec5007e8-609d-493d-8fad-d5f5238eee46.roa (raw, json)
Hash identifier:          VSBgm9iKtaIlL3D1i/8X1RHK24ccbh/Euqka+iR5KKI=
Subject key identifier:   DA:23:56:BE:06:C5:19:25:D7:A9:C0:E8:1C:85:38:A0:16:8B:75:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       683F079477CBC39A225236A998FB7A9AF2D595B4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec5007e8-609d-493d-8fad-d5f5238eee46.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        16.133.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:3f:07:94:77:cb:c3:9a:22:52:36:a9:98:fb:7a:9a:f2:d5:95:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=514dace068684ed34725e18908e3099dba45aa65484f848cbd3a9cca78849986, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4e:00:d6:25:1b:30:d5:8d:44:29:7a:3b:9a:
                    c6:d6:57:cb:4a:b0:9b:12:41:31:45:47:c0:6f:6d:
                    2d:ff:fb:95:3b:59:87:1d:c0:83:86:e5:d0:fd:cf:
                    fa:10:a1:19:f1:d5:12:8c:85:41:89:ca:71:ec:b2:
                    e1:cd:91:d9:b9:bd:7b:50:8d:0b:67:a2:46:a7:d8:
                    bf:dc:84:07:30:dd:0f:3f:ec:78:81:00:fb:a9:6c:
                    ef:80:e7:44:cb:f7:0d:18:a7:b4:d5:4b:dc:02:4b:
                    3a:10:49:60:e3:b0:ff:3a:b2:16:95:b6:ec:f6:52:
                    3e:02:ed:df:fc:ef:1f:69:1b:d5:9f:1e:fc:46:91:
                    57:93:5f:85:95:2b:c4:45:1a:fa:47:3a:c1:70:82:
                    0e:47:66:f3:8e:52:83:73:78:03:d3:86:97:b2:d4:
                    a7:c5:54:9e:91:59:34:dd:18:6a:f2:0a:2b:6f:95:
                    3c:c2:bc:25:a1:93:b4:7f:31:36:92:b9:e9:d7:9d:
                    ee:7d:e9:f9:2e:e8:19:b2:90:b2:fa:11:ef:66:d5:
                    a9:c9:52:bc:4f:87:aa:a0:d7:50:84:c7:cc:48:5d:
                    c6:36:42:6f:d1:44:c4:34:88:8c:f5:1c:da:25:30:
                    b7:31:c6:fa:bd:54:b0:ef:9c:bd:0b:3b:88:d7:46:
                    ae:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:23:56:BE:06:C5:19:25:D7:A9:C0:E8:1C:85:38:A0:16:8B:75:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ec5007e8-609d-493d-8fad-d5f5238eee46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  16.133.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d0:aa:93:00:50:8a:98:4f:a1:cb:be:34:58:2c:de:90:da:3d:
         5c:03:74:51:ee:9d:d0:b7:f2:96:b4:dc:ef:74:dd:88:49:92:
         9a:a4:28:af:c3:3a:0f:8f:4c:0c:a1:52:36:30:27:30:34:8b:
         a9:86:ea:c4:00:ac:ef:2b:fa:4a:31:09:67:19:e3:2c:60:1c:
         c7:e2:d2:89:61:a0:48:21:72:e2:e8:7f:e6:90:79:ce:2b:ce:
         17:1c:be:45:0b:a4:4d:e3:71:60:2c:17:07:08:e8:22:05:df:
         50:77:89:9b:71:ea:54:05:05:0e:92:2b:78:62:62:48:66:22:
         0b:56:0f:1e:cd:19:74:78:7a:9e:ee:08:93:1b:7b:d4:b3:52:
         c4:2d:85:65:b7:e2:89:74:7b:af:89:3f:9b:60:7a:9d:c4:d7:
         02:80:45:14:db:ba:ba:18:f3:68:2b:64:05:71:23:63:6a:1f:
         9c:44:13:25:90:de:26:af:18:53:16:37:cd:99:b7:b9:d0:25:
         7f:d2:1b:73:0b:0a:d4:b2:34:5b:73:28:2c:16:bb:d5:59:ea:
         2b:19:e1:9d:ac:f9:bd:98:bb:ae:5b:cc:9a:de:1d:09:73:00:
         2c:49:36:42:9d:0a:a0:ff:f8:5d:74:32:8d:cf:ff:62:8b:bf:
         47:b1:05:e6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUaD8HlHfLw5oiUjapmPt6mvLVlbQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MTRkYWNlMDY4Njg0ZWQzNDcyNWUxODkwOGUzMDk5ZGJh
NDVhYTY1NDg0Zjg0OGNiZDNhOWNjYTc4ODQ5OTg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCTgDWJRsw1Y1EKXo7msbWV8tKsJsSQTFFR8BvbS3/+5U7
WYcdwIOG5dD9z/oQoRnx1RKMhUGJynHssuHNkdm5vXtQjQtnokan2L/chAcw3Q8/
7HiBAPupbO+A50TL9w0Yp7TVS9wCSzoQSWDjsP86shaVtuz2Uj4C7d/87x9pG9Wf
HvxGkVeTX4WVK8RFGvpHOsFwgg5HZvOOUoNzeAPThpey1KfFVJ6RWTTdGGryCitv
lTzCvCWhk7R/MTaSuenXne596fku6BmykLL6Ee9m1anJUrxPh6qg11CEx8xIXcY2
Qm/RRMQ0iIz1HNolMLcxxvq9VLDvnL0LO4jXRq6xAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2iNWvgbFGSXXqcDoHIU4oBaLdcMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VjNTAwN2U4LTYwOWQtNDkzZC04ZmFkLWQ1ZjUyMzhlZWU0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAQhTANBgkqhkiG9w0BAQsFAAOCAQEA0KqTAFCKmE+hy740WCzekNo9XAN0
Ue6d0LfylrTc73TdiEmSmqQor8M6D49MDKFSNjAnMDSLqYbqxACs7yv6SjEJZxnj
LGAcx+LSiWGgSCFy4uh/5pB5zivOFxy+RQukTeNxYCwXBwjoIgXfUHeJm3HqVAUF
DpIreGJiSGYiC1YPHs0ZdHh6nu4Ikxt71LNSxC2FZbfiiXR7r4k/m2B6ncTXAoBF
FNu6uhjzaCtkBXEjY2ofnEQTJZDeJq8YUxY3zZm3udAlf9IbcwsK1LI0W3MoLBa7
1VnqKxnhnaz5vZi7rlvMmt4dCXMALEk2Qp0KoP/4XXQyjc//You/R7EF5g==
-----END CERTIFICATE-----