Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02966c99-e9da-4328-8e96-1b25a0b7adb1.roa
File:                     02966c99-e9da-4328-8e96-1b25a0b7adb1.roa (raw, json)
Hash identifier:          uj3gvJk0Wsv5EQBJCE4XENOn70BD2YuGNdigHec/Rh0=
Subject key identifier:   0A:45:8D:2A:A6:06:54:84:A3:C2:5C:25:23:CF:40:0C:09:28:37:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       472C120FB7C941195773E4F9E133B0278F2D32F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02966c99-e9da-4328-8e96-1b25a0b7adb1.roa
Signing time:             Wed 18 Dec 2024 00:00:00 +0000
ROA not before:           Wed 18 Dec 2024 00:00:00 +0000
ROA not after:            Wed 22 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        136.18.152.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:2c:12:0f:b7:c9:41:19:57:73:e4:f9:e1:33:b0:27:8f:2d:32:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 18 00:00:00 2024 GMT
            Not After : Jan 22 23:59:59 2025 GMT
        Subject: serialNumber=f3d2d495561856b26ad43aeb36c5e0c3c0e74d39d102a5df2f2c9e8c0b99b740, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ce:18:51:8a:ed:6b:55:c9:0a:7c:1b:85:82:
                    0a:b0:1b:90:5d:3b:4c:98:d3:3e:e6:74:d0:dc:05:
                    9b:b6:41:d6:cd:1c:c6:c0:51:b7:78:55:29:33:b8:
                    45:ed:2d:03:5b:b3:3f:ea:8a:39:7c:09:61:ff:11:
                    b2:c6:0a:d4:9d:86:b5:3b:ab:f4:2a:b6:03:7a:1e:
                    b9:e7:57:bd:9e:f7:1a:42:b7:47:33:94:9f:8c:79:
                    bc:b8:e5:54:dc:35:6d:6d:de:ba:f0:96:72:c2:ec:
                    7f:c7:4c:db:9a:92:8f:62:17:4b:27:f8:e4:a4:61:
                    27:66:1f:c8:0e:22:2f:43:38:f2:50:cd:74:b3:58:
                    87:0f:81:e5:3d:ad:ab:e9:a7:6c:23:44:59:a4:1f:
                    a0:c3:64:6d:21:d7:7e:24:44:66:17:20:7e:bc:e9:
                    75:ba:5e:d1:c4:b8:82:3f:a4:b9:19:87:9b:d6:34:
                    a9:3f:e4:be:ca:73:68:b3:cb:42:00:19:78:ad:d0:
                    d4:f3:ce:78:33:a4:25:94:22:66:5b:87:cf:26:67:
                    75:bd:93:05:fd:23:23:92:f6:54:86:95:1d:a7:b7:
                    cb:e2:56:52:56:1e:fc:da:fd:a1:f8:fa:37:94:41:
                    fd:ef:0f:bb:66:8a:6a:a2:b5:a8:81:88:8e:c0:e3:
                    8c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:45:8D:2A:A6:06:54:84:A3:C2:5C:25:23:CF:40:0C:09:28:37:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/02966c99-e9da-4328-8e96-1b25a0b7adb1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.18.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:6d:ba:3a:67:33:8e:cc:5c:1d:96:4f:3c:8c:27:24:ee:6f:
         ae:97:f8:3b:d6:01:21:ad:37:8e:a2:29:46:8e:70:7d:28:a5:
         c6:0f:cc:6f:a0:72:e9:6f:db:b9:e0:04:7e:ad:cc:fd:03:b1:
         d5:dd:26:de:64:5c:63:6c:41:3d:fe:81:45:ce:a8:37:dd:32:
         7d:6b:6d:66:06:1f:dd:91:cb:71:72:8b:d7:19:26:95:72:51:
         2b:89:29:41:5c:97:28:04:92:a7:50:60:fa:da:7a:8b:34:80:
         48:00:10:73:d6:b8:9d:b7:dd:25:50:e2:41:85:f6:b0:ab:5b:
         b8:9a:46:cf:65:10:33:b6:87:fb:60:b5:b8:98:ab:a8:16:20:
         9c:7e:db:2f:20:62:c2:6c:4f:77:e7:fc:5a:05:13:5b:37:75:
         bf:24:9f:64:29:ce:28:9e:13:4b:0e:35:1e:41:1f:92:3e:6f:
         79:bb:86:3b:31:56:ba:d9:2a:8b:8b:53:66:7e:9e:ac:55:05:
         07:49:ee:f4:d9:b8:bd:f2:8c:0b:3a:19:7a:5f:b4:14:ab:6b:
         e1:e4:8c:73:20:f3:fc:36:26:14:ee:23:b2:20:69:f4:7d:04:
         20:ac:62:63:8c:0a:41:dc:66:e7:81:c7:30:38:09:66:e8:e3:
         ab:a8:fc:12
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURywSD7fJQRlXc+T54TOwJ48tMvQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE4MDAwMDAwWhcNMjUwMTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmM2QyZDQ5NTU2MTg1NmIyNmFkNDNhZWIzNmM1ZTBjM2Mw
ZTc0ZDM5ZDEwMmE1ZGYyZjJjOWU4YzBiOTliNzQwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHzhhRiu1rVckKfBuFggqwG5BdO0yY0z7mdNDcBZu2QdbN
HMbAUbd4VSkzuEXtLQNbsz/qijl8CWH/EbLGCtSdhrU7q/QqtgN6HrnnV72e9xpC
t0czlJ+Meby45VTcNW1t3rrwlnLC7H/HTNuako9iF0sn+OSkYSdmH8gOIi9DOPJQ
zXSzWIcPgeU9ravpp2wjRFmkH6DDZG0h134kRGYXIH686XW6XtHEuII/pLkZh5vW
NKk/5L7Kc2izy0IAGXit0NTzzngzpCWUImZbh88mZ3W9kwX9IyOS9lSGlR2nt8vi
VlJWHvza/aH4+jeUQf3vD7tmimqitaiBiI7A44wnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUCkWNKqYGVISjwlwlI89ADAkoN2kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAyOTY2Yzk5LWU5ZGEtNDMyOC04ZTk2LTFiMjVhMGI3YWRiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOIEpgwDQYJKoZIhvcNAQELBQADggEBAFltujpnM47MXB2WTzyMJyTub66X
+DvWASGtN46iKUaOcH0opcYPzG+gculv27ngBH6tzP0DsdXdJt5kXGNsQT3+gUXO
qDfdMn1rbWYGH92Ry3Fyi9cZJpVyUSuJKUFclygEkqdQYPraeos0gEgAEHPWuJ23
3SVQ4kGF9rCrW7iaRs9lEDO2h/tgtbiYq6gWIJx+2y8gYsJsT3fn/FoFE1s3db8k
n2QpziieE0sONR5BH5I+b3m7hjsxVrrZKouLU2Z+nqxVBQdJ7vTZuL3yjAs6GXpf
tBSra+HkjHMg8/w2JhTuI7IgafR9BCCsYmOMCkHcZueBxzA4CWbo46uo/BI=
-----END CERTIFICATE-----