Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1298c493-92dc-44c4-bf21-23519d85a3d4.roa
File:                     1298c493-92dc-44c4-bf21-23519d85a3d4.roa (raw, json)
Hash identifier:          LLD6rVbzv2H9xykn4PTN7wJWt9jopiZVvEaBH7W62CY=
Subject key identifier:   BE:43:AE:59:DA:4B:CE:14:F0:73:CD:D0:F3:30:AB:D1:52:02:7D:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15D135E52EB50187CCEDA181E70709A2324B9299
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1298c493-92dc-44c4-bf21-23519d85a3d4.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        216.175.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:d1:35:e5:2e:b5:01:87:cc:ed:a1:81:e7:07:09:a2:32:4b:92:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:73:c9:c5:18:54:6a:ca:ea:de:13:a9:cb:ac:
                    25:6c:c1:81:c0:b7:cf:90:f1:99:cd:28:71:68:2a:
                    c5:01:01:79:2d:a1:9c:bc:b6:e2:20:31:df:88:ec:
                    07:2f:e6:fb:2b:5f:13:c2:fc:87:05:19:f0:d7:44:
                    9b:1f:9e:5b:64:d0:03:7e:06:bb:31:95:72:fe:ab:
                    81:3b:2c:1e:67:6d:27:53:1c:ac:27:ef:9b:e5:a7:
                    cd:9c:0c:ca:04:ed:3e:97:57:07:75:75:a0:47:a9:
                    34:26:f9:23:38:c6:46:b9:c1:a9:61:5e:2f:c8:8b:
                    d1:ae:e3:66:d4:c9:57:19:2d:94:26:32:5d:42:36:
                    19:40:ec:d1:89:f1:cf:40:50:27:f7:b7:d8:93:a1:
                    8a:79:3c:65:83:e9:a4:da:10:78:eb:5e:e5:0e:71:
                    eb:ee:ae:9a:77:f6:c3:f6:f4:db:f4:3d:8e:2c:19:
                    2a:71:aa:9b:e2:d2:6d:5c:b7:7b:0b:17:7d:12:3d:
                    07:c0:25:46:73:24:c2:84:cf:2d:6b:ac:e1:3c:7f:
                    ad:12:a8:68:05:8b:aa:c3:ef:80:b1:61:86:b1:e3:
                    c8:7b:8d:1c:61:12:36:e7:28:08:c1:b4:be:74:3e:
                    40:2d:69:13:3d:f5:06:19:81:92:dc:79:50:d4:d8:
                    ab:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:43:AE:59:DA:4B:CE:14:F0:73:CD:D0:F3:30:AB:D1:52:02:7D:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1298c493-92dc-44c4-bf21-23519d85a3d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.175.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c9:6b:71:d7:d4:32:6a:bf:1f:dc:e6:17:57:f7:2e:68:2d:3e:
         79:8d:78:8f:cd:2e:c9:36:91:cb:24:08:df:9e:da:1b:45:a5:
         a7:4e:d1:4a:d0:b1:f7:19:ac:21:0b:28:23:5e:24:0a:42:e5:
         df:54:c1:bb:4d:97:50:91:0a:ff:dd:b7:a1:71:fd:f5:78:cb:
         b6:b1:7c:47:95:ea:ea:ef:6b:a9:55:a8:8f:2c:77:e0:50:6f:
         85:e4:cc:9a:5f:24:0e:7b:6e:50:b8:76:56:7b:7a:63:1b:8f:
         f0:ac:31:15:1e:d5:b2:19:5e:94:5e:3e:94:73:86:66:73:a3:
         cf:9a:d3:86:5a:48:2f:9d:5d:58:f9:c9:e4:b3:e2:a5:7f:42:
         53:5e:be:b5:9e:24:8c:11:29:03:7f:9f:53:b2:16:3a:94:ee:
         9e:db:aa:a7:17:d2:c1:02:3c:c7:26:9c:e4:f5:6f:73:16:a1:
         44:11:90:61:3a:7a:01:9e:2a:d2:bf:4f:e3:93:54:7c:99:12:
         1d:24:8a:21:5b:3f:d0:4e:2e:12:98:dc:9f:b5:02:67:cd:f6:
         13:1b:fe:59:71:6d:bf:35:a9:b9:2c:60:60:44:8d:f5:62:3e:
         3f:b5:39:1e:78:60:b7:9c:c6:5e:f8:26:d3:0c:3e:2c:16:7f:
         a5:05:3f:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFdE15S61AYfM7aGB5wcJojJLkpkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzZhMTBmYzQzYjIyNTgwYzc0YTRlMzMxZDc2YjFlYmMy
NmRiYmZiZGQzMzU1MjY1OWU2Njk2YjgxZmFmYWIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6c8nFGFRqyureE6nLrCVswYHAt8+Q8ZnNKHFoKsUBAXkt
oZy8tuIgMd+I7Acv5vsrXxPC/IcFGfDXRJsfnltk0AN+BrsxlXL+q4E7LB5nbSdT
HKwn75vlp82cDMoE7T6XVwd1daBHqTQm+SM4xka5walhXi/Ii9Gu42bUyVcZLZQm
Ml1CNhlA7NGJ8c9AUCf3t9iToYp5PGWD6aTaEHjrXuUOcevurpp39sP29Nv0PY4s
GSpxqpvi0m1ct3sLF30SPQfAJUZzJMKEzy1rrOE8f60SqGgFi6rD74CxYYax48h7
jRxhEjbnKAjBtL50PkAtaRM99QYZgZLceVDU2Kt3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvkOuWdpLzhTwc83Q8zCr0VICfbcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEyOThjNDkzLTkyZGMtNDRjNC1iZjIxLTIzNTE5ZDg1YTNkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbYr0AwDQYJKoZIhvcNAQELBQADggEBAMlrcdfUMmq/H9zmF1f3LmgtPnmN
eI/NLsk2kcskCN+e2htFpadO0UrQsfcZrCELKCNeJApC5d9UwbtNl1CRCv/dt6Fx
/fV4y7axfEeV6urva6lVqI8sd+BQb4XkzJpfJA57blC4dlZ7emMbj/CsMRUe1bIZ
XpRePpRzhmZzo8+a04ZaSC+dXVj5yeSz4qV/QlNevrWeJIwRKQN/n1OyFjqU7p7b
qqcX0sECPMcmnOT1b3MWoUQRkGE6egGeKtK/T+OTVHyZEh0kiiFbP9BOLhKY3J+1
AmfN9hMb/llxbb81qbksYGBEjfViPj+1OR54YLecxl74JtMMPiwWf6UFP98=
-----END CERTIFICATE-----