Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/23a6493c-7da2-4642-acd3-a90a8b54788b.roa
File:                     23a6493c-7da2-4642-acd3-a90a8b54788b.roa (raw, json)
Hash identifier:          lakVZiuS+6mAWG/GnepMi4odLXEHNLcLpE8Xr2KjFPA=
Subject key identifier:   16:56:4E:95:52:EF:C9:CE:34:58:D6:C8:31:AC:86:D5:78:0A:A8:AB
Certificate issuer:       /CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
Certificate serial:       440766A2154B3F6BAA115074EAD712FEEA105AA3
Authority key identifier: BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/23a6493c-7da2-4642-acd3-a90a8b54788b.roa
Signing time:             Fri 06 Dec 2024 00:00:00 +0000
ROA not before:           Fri 06 Dec 2024 00:00:00 +0000
ROA not after:            Fri 10 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        23.251.224.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:07:66:a2:15:4b:3f:6b:aa:11:50:74:ea:d7:12:fe:ea:10:5a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5
        Validity
            Not Before: Dec  6 00:00:00 2024 GMT
            Not After : Jan 10 23:59:59 2025 GMT
        Subject: CN=42519eb9-9579-4979-bdaf-164abd0e290e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:20:66:b9:32:45:be:a6:5c:4b:08:ed:81:64:
                    64:5d:1c:3a:89:b6:1e:60:0f:1c:4c:c5:35:28:d0:
                    25:9e:e8:6a:81:47:85:be:68:4c:3c:5f:33:5a:c2:
                    69:53:17:6f:df:01:96:9e:be:19:59:92:0c:79:ef:
                    0e:1b:9c:7d:02:16:a1:74:aa:78:77:e8:ec:76:af:
                    bd:6f:92:be:fe:56:c4:11:0e:4f:14:ed:a3:b2:2a:
                    5a:59:ae:b1:41:7d:47:aa:3f:1d:9f:12:67:fe:f7:
                    ba:03:ea:61:25:52:b1:53:a3:fe:b2:54:e6:80:5e:
                    73:a0:8a:41:a0:8c:1d:d8:f8:11:b0:bd:d1:c5:87:
                    d6:3d:d6:78:80:ff:97:42:13:ec:20:3c:d2:aa:65:
                    c6:38:35:59:8c:55:cc:41:32:e1:dc:09:05:de:cd:
                    24:57:3d:eb:23:03:a9:08:20:1c:03:f1:ff:4f:ef:
                    1f:e8:0d:19:c3:1a:44:20:46:4c:68:04:f4:77:0e:
                    96:46:40:ca:c4:68:32:a7:0e:1c:f4:ba:5a:c9:c0:
                    19:27:94:87:05:46:6b:44:ce:f4:5a:e7:d0:dc:c1:
                    90:1e:2d:82:1e:71:7c:2b:7b:f7:0f:e8:12:6c:46:
                    b8:01:32:6a:1b:4b:c3:5d:0d:11:3e:a0:78:04:a1:
                    6c:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:56:4E:95:52:EF:C9:CE:34:58:D6:C8:31:AC:86:D5:78:0A:A8:AB
            X509v3 Authority Key Identifier:
                keyid:BC:93:AE:71:0F:AF:14:22:36:08:2F:8E:D9:6B:56:CB:A9:D5:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1059b52d-846a-4cbe-a7db-796f1dd8b929/d58fa2ccb66b1b0eae2d6e3f5c46e9c2f2d1d309dfbd9d2af5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/23a6493c-7da2-4642-acd3-a90a8b54788b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b8a1dd25-c313-4f25-ac21-bf55514d9c7d/axsOri1uP1xG6cLy0dMJ372dKvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.251.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         34:79:18:57:1d:19:37:61:3e:62:e9:af:0e:d7:8c:cc:14:b8:
         16:f4:16:35:80:ef:1c:a2:55:89:91:9f:a0:c0:39:54:30:10:
         9c:bb:94:f4:1f:ca:00:55:3c:61:09:ad:35:aa:2c:71:29:82:
         dd:a3:51:3b:d7:ce:ea:f3:64:b3:a8:2d:ae:11:3b:23:4a:2f:
         9f:44:37:c3:5a:e4:d6:44:a4:ae:2b:b5:c2:7d:53:b2:b6:43:
         27:09:2c:27:97:30:5e:0f:4d:e0:18:53:13:5a:b7:b5:7c:d9:
         b8:cd:b3:ab:c9:bc:a2:06:25:81:b7:fd:2a:d5:84:5f:27:b5:
         e6:2c:60:27:25:c1:08:81:30:1e:e5:dc:07:e6:d5:50:35:00:
         cf:86:2c:d5:0a:26:00:0c:1e:b2:c7:7f:e0:af:69:f2:44:87:
         65:34:a0:df:2c:20:94:15:97:c9:ce:e0:ef:f0:b0:9d:83:4b:
         50:5f:c9:9b:d0:5a:e7:fe:c0:a0:78:9e:4b:bc:f1:6c:d0:47:
         43:aa:27:3c:95:32:df:8a:65:91:25:eb:b7:5f:8c:c8:f0:1d:
         85:ae:f6:13:a8:85:11:c6:a9:68:e4:ea:8b:2c:37:ed:1a:39:
         44:3e:99:8a:97:a9:17:78:cb:20:14:a0:3d:b4:b7:af:dd:b9:
         84:22:9d:87
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURAdmohVLP2uqEVB06tcS/uoQWqMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2ZTNmNWM0NmU5YzJm
MmQxZDMwOWRmYmQ5ZDJhZjUwHhcNMjQxMjA2MDAwMDAwWhcNMjUwMTEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGEwOGI1OGMwNzQyNWJkZjdkYzNiODYwYTZjZWM4MWIw
YmFmNDUzNjQyZDdiYWY3YjVlNDQ2Yjc4ZmZhNDljMS0wKwYDVQQDEyQ0MjUxOWVi
OS05NTc5LTQ5NzktYmRhZi0xNjRhYmQwZTI5MGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCIGa5MkW+plxLCO2BZGRdHDqJth5gDxxMxTUo0CWe6GqB
R4W+aEw8XzNawmlTF2/fAZaevhlZkgx57w4bnH0CFqF0qnh36Ox2r71vkr7+VsQR
Dk8U7aOyKlpZrrFBfUeqPx2fEmf+97oD6mElUrFTo/6yVOaAXnOgikGgjB3Y+BGw
vdHFh9Y91niA/5dCE+wgPNKqZcY4NVmMVcxBMuHcCQXezSRXPesjA6kIIBwD8f9P
7x/oDRnDGkQgRkxoBPR3DpZGQMrEaDKnDhz0ulrJwBknlIcFRmtEzvRa59DcwZAe
LYIecXwre/cP6BJsRrgBMmobS8NdDRE+oHgEoWxpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFlZOlVLvyc40WNbIMayG1XgKqKswHwYDVR0jBBgwFoAUvJOucQ+vFCI2
CC+O2WtWy6nVAo0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xMDU5YjUyZC04
NDZhLTRjYmUtYTdkYi03OTZmMWRkOGI5MjkvZDU4ZmEyY2NiNjZiMWIwZWFlMmQ2
ZTNmNWM0NmU5YzJmMmQxZDMwOWRmYmQ5ZDJhZjUuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvYjhhMWRkMjUtYzMxMy00ZjI1LWFjMjEtYmY1
NTUxNGQ5YzdkLzIzYTY0OTNjLTdkYTItNDY0Mi1hY2QzLWE5MGE4YjU0Nzg4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I4YTFkZDI1LWMzMTMtNGYyNS1hYzIx
LWJmNTU1MTRkOWM3ZC9heHNPcmkxdVAxeEc2Y0x5MGRNSjM3MmRLdlUuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUX++AwDQYJKoZIhvcNAQELBQADggEBADR5GFcdGTdhPmLprw7XjMwUuBb0
FjWA7xyiVYmRn6DAOVQwEJy7lPQfygBVPGEJrTWqLHEpgt2jUTvXzurzZLOoLa4R
OyNKL59EN8Na5NZEpK4rtcJ9U7K2QycJLCeXMF4PTeAYUxNat7V82bjNs6vJvKIG
JYG3/SrVhF8nteYsYCclwQiBMB7l3Afm1VA1AM+GLNUKJgAMHrLHf+CvafJEh2U0
oN8sIJQVl8nO4O/wsJ2DS1BfyZvQWuf+wKB4nku88WzQR0OqJzyVMt+KZZEl67df
jMjwHYWu9hOohRHGqWjk6ossN+0aOUQ+mYqXqRd4yyAUoD20t6/duYQinYc=
-----END CERTIFICATE-----