Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10757745-ab93-4da3-9ef0-49cf7ca653fb.roa
File:                     10757745-ab93-4da3-9ef0-49cf7ca653fb.roa (raw, json)
Hash identifier:          P1aOGtpbiDn2H2V0OsuGAZPwY480kWgQyBRLghEtvNY=
Subject key identifier:   5A:E7:82:EB:99:1E:19:A1:16:91:F4:44:D6:50:F1:2C:FF:A1:84:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23DC34CB46BC4A8E4FA294A099F33C987FF31086
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10757745-ab93-4da3-9ef0-49cf7ca653fb.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        198.200.149.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:dc:34:cb:46:bc:4a:8e:4f:a2:94:a0:99:f3:3c:98:7f:f3:10:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=1e0c8fd1c82c16f822c8704f97ef55517ea0bc334e72661041fa535263fa2955, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:b6:97:4c:a9:83:d9:64:06:c9:fc:4f:eb:55:
                    c4:e2:8e:a0:fc:c4:62:df:7b:ec:e7:98:15:03:37:
                    f2:fa:a4:f8:05:e4:91:18:ba:0d:54:cb:bb:a6:b0:
                    6b:7c:8d:30:72:ff:98:6f:7c:bd:63:40:48:49:dc:
                    01:28:93:3c:46:90:6e:24:12:97:6d:88:6d:25:fd:
                    1e:f0:59:66:26:cd:ce:02:3e:c4:5b:50:4a:2e:b3:
                    f0:62:fd:7d:cc:6a:0a:2c:86:06:13:6c:46:ad:7a:
                    8a:24:b5:7c:c3:bb:28:00:a4:b8:4f:db:55:07:19:
                    01:b2:2c:46:12:24:eb:ee:b6:6b:b3:b0:93:ea:89:
                    91:17:da:ef:46:ab:88:a6:91:7d:78:08:57:06:1a:
                    71:44:42:e5:c3:e7:e1:ea:7a:8b:6e:50:22:16:0c:
                    bd:7e:2f:10:f6:e0:c9:cd:9e:66:ae:3a:c8:46:2c:
                    6a:43:e6:33:c9:3d:c1:4d:d7:d8:f6:df:d3:0d:bc:
                    1f:e6:fe:25:96:54:9b:94:f0:87:0b:87:09:3d:61:
                    5b:96:e4:8f:92:6a:74:d0:56:ea:ac:e7:61:b3:4c:
                    81:2a:cd:6e:96:02:da:01:8c:3e:63:55:27:a1:51:
                    89:c1:0c:24:f8:28:59:87:2c:ea:c4:13:4d:ec:f9:
                    a8:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E7:82:EB:99:1E:19:A1:16:91:F4:44:D6:50:F1:2C:FF:A1:84:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10757745-ab93-4da3-9ef0-49cf7ca653fb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.200.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:f4:82:24:b6:f7:a8:72:ff:37:39:e2:19:a0:0b:1c:eb:23:
         38:cd:42:c2:ba:e6:55:04:ed:72:7b:09:3c:cd:bf:7a:cb:e3:
         d6:ae:ae:37:59:35:37:7a:21:72:24:11:92:5d:6f:56:9b:be:
         82:ab:df:42:c2:36:22:50:46:b8:af:50:93:bd:51:e3:1a:11:
         32:98:e5:e8:a1:cb:5e:4a:e5:ad:ac:96:91:10:4a:22:df:ac:
         54:29:47:a8:84:f7:fa:c2:89:e5:89:76:74:f2:af:95:94:4b:
         e3:4d:07:cd:a1:72:20:e9:d6:6c:e3:01:f1:2c:ce:f9:60:5f:
         8b:cf:e8:23:9e:7c:d3:8b:24:79:e1:f4:93:36:89:4e:0d:eb:
         60:9d:e5:c3:44:d2:76:ba:44:b5:1b:ed:31:fe:e7:9b:34:9f:
         f3:c5:46:f0:8d:f1:d0:41:32:f1:76:ff:af:79:9a:18:2e:31:
         a8:de:88:84:0b:1f:81:ab:4d:4c:88:8a:81:8e:ee:16:bd:8d:
         b1:f9:19:c5:ea:17:89:5e:fb:36:c1:c9:2a:48:1e:90:0b:9d:
         28:1b:d0:f7:ad:4d:97:4a:f3:de:d5:ec:85:da:2d:98:56:53:
         dd:33:c6:2d:7b:fe:62:3c:95:f5:57:99:7b:85:d5:81:ba:6e:
         d6:38:71:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI9w0y0a8So5PopSgmfM8mH/zEIYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTBjOGZkMWM4MmMxNmY4MjJjODcwNGY5N2VmNTU1MTdl
YTBiYzMzNGU3MjY2MTA0MWZhNTM1MjYzZmEyOTU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCtpdMqYPZZAbJ/E/rVcTijqD8xGLfe+znmBUDN/L6pPgF
5JEYug1Uy7umsGt8jTBy/5hvfL1jQEhJ3AEokzxGkG4kEpdtiG0l/R7wWWYmzc4C
PsRbUEous/Bi/X3MagoshgYTbEateooktXzDuygApLhP21UHGQGyLEYSJOvutmuz
sJPqiZEX2u9Gq4imkX14CFcGGnFEQuXD5+HqeotuUCIWDL1+LxD24MnNnmauOshG
LGpD5jPJPcFN19j239MNvB/m/iWWVJuU8IcLhwk9YVuW5I+SanTQVuqs52GzTIEq
zW6WAtoBjD5jVSehUYnBDCT4KFmHLOrEE03s+aiFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWueC65keGaEWkfRE1lDxLP+hhJcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwNzU3NzQ1LWFiOTMtNGRhMy05ZWYwLTQ5Y2Y3Y2E2NTNmYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADGyJUwDQYJKoZIhvcNAQELBQADggEBAFT0giS296hy/zc54hmgCxzrIzjN
QsK65lUE7XJ7CTzNv3rL49aurjdZNTd6IXIkEZJdb1abvoKr30LCNiJQRrivUJO9
UeMaETKY5eihy15K5a2slpEQSiLfrFQpR6iE9/rCieWJdnTyr5WUS+NNB82hciDp
1mzjAfEszvlgX4vP6COefNOLJHnh9JM2iU4N62Cd5cNE0na6RLUb7TH+55s0n/PF
RvCN8dBBMvF2/695mhguMajeiIQLH4GrTUyIioGO7ha9jbH5GcXqF4le+zbBySpI
HpALnSgb0PetTZdK897V7IXaLZhWU90zxi17/mI8lfVXmXuF1YG6btY4cbk=
-----END CERTIFICATE-----