Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fce1545-8954-421b-a042-a770637c37b7.roa
File:                     1fce1545-8954-421b-a042-a770637c37b7.roa (raw, json)
Hash identifier:          oumNGeG5EH/mXXX3j7Rh7x93nAWrrbHjecvveXfN/gc=
Subject key identifier:   61:F1:99:E5:2B:C1:BA:A1:04:6C:19:7C:0E:88:03:A7:68:0A:60:AE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4735F70F9A6825384C12770E9E48028BF65B388F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fce1545-8954-421b-a042-a770637c37b7.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        32.164.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:35:f7:0f:9a:68:25:38:4c:12:77:0e:9e:48:02:8b:f6:5b:38:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:b1:e4:73:92:c6:ea:c3:f8:fc:8f:b5:93:cd:
                    a8:f5:aa:a5:f5:6f:11:6e:39:f8:b3:49:66:0a:84:
                    6d:02:40:2b:a5:cb:1c:35:d6:a2:03:d3:a3:d9:5d:
                    78:ec:35:11:b9:c2:05:68:93:d4:06:09:0b:c6:2d:
                    98:51:b6:9c:5f:63:a4:7c:d3:d3:a5:2d:a1:97:bb:
                    7a:26:00:ba:02:77:0b:c0:96:e8:26:ef:85:63:1b:
                    24:19:0d:ea:11:75:19:48:fd:5d:a9:fd:d6:9b:41:
                    01:dd:7a:3b:ff:00:dc:7b:59:bf:be:72:8d:df:1c:
                    1d:ff:1d:8b:ca:78:cd:7c:47:1c:ed:68:b2:b1:2c:
                    64:23:2e:40:15:19:34:b1:df:77:c5:49:13:2d:5b:
                    b3:8f:5c:a6:71:f4:ef:91:8c:97:57:b2:ef:c7:00:
                    3c:64:95:6c:05:a4:59:f2:7e:02:16:cd:4a:ce:5c:
                    18:1c:40:22:99:96:82:25:98:1d:d7:9e:12:90:ad:
                    39:f7:2d:e0:06:4b:62:7a:9a:b9:3e:be:b9:be:84:
                    64:b5:aa:23:2e:a9:a6:59:73:12:c7:e0:b1:2c:15:
                    50:f8:9a:3c:87:92:6f:12:b1:88:61:c4:e4:0b:c3:
                    84:6e:71:d8:af:e1:12:46:c1:2b:e5:69:61:09:22:
                    75:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F1:99:E5:2B:C1:BA:A1:04:6C:19:7C:0E:88:03:A7:68:0A:60:AE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fce1545-8954-421b-a042-a770637c37b7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  32.164.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         23:e1:7a:12:ed:8e:a7:b1:8d:48:76:13:6c:9c:a6:b0:86:eb:
         b3:5b:15:54:da:c0:68:a2:12:d3:a4:db:49:c2:c9:00:d8:0e:
         a5:48:82:21:9b:6d:69:0d:97:c2:fb:15:96:9f:ed:81:6e:e4:
         f2:c9:68:1d:10:55:7a:54:98:d1:3d:0c:4d:d0:e5:f8:25:cb:
         db:a8:2a:de:5b:9f:8f:b4:07:57:2e:fe:f4:87:8b:e0:72:ec:
         16:c6:7d:5a:ef:69:ed:d7:e6:be:71:cc:8c:2e:49:74:fb:0e:
         94:c7:de:30:82:fa:c5:e5:69:03:b7:3b:a5:59:d6:55:8d:7c:
         d7:34:25:60:c1:84:57:25:00:a6:3c:2a:4f:c4:83:92:7c:e2:
         7f:48:53:a8:79:c6:10:d1:24:74:56:4c:12:95:1a:8e:8f:3e:
         13:c0:6d:3e:f7:ed:57:d9:f4:ab:b7:9d:d0:8d:84:8b:8a:17:
         71:d9:c7:af:40:3e:b5:2a:f3:f5:da:de:3f:22:68:82:eb:5e:
         f6:cf:01:ee:74:cc:b7:9a:da:b3:56:7f:7a:ae:79:4b:71:79:
         eb:0c:8f:28:b6:63:ae:f8:df:d4:11:6f:30:05:9f:61:b9:6b:
         33:2e:b2:c5:c7:60:42:86:af:f0:92:5c:f5:4a:20:bf:4a:d3:
         13:63:90:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURzX3D5poJThMEncOnkgCi/ZbOI8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOGNkZDEwMGYxODFjYTRhZTJiZmZiMTc0NmJhYWYyMjhj
ZTAzMTQ1YjJmYjY3MTA2NDA5MjVjMzk1OGMxNzExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDiseRzksbqw/j8j7WTzaj1qqX1bxFuOfizSWYKhG0CQCul
yxw11qID06PZXXjsNRG5wgVok9QGCQvGLZhRtpxfY6R809OlLaGXu3omALoCdwvA
lugm74VjGyQZDeoRdRlI/V2p/dabQQHdejv/ANx7Wb++co3fHB3/HYvKeM18Rxzt
aLKxLGQjLkAVGTSx33fFSRMtW7OPXKZx9O+RjJdXsu/HADxklWwFpFnyfgIWzUrO
XBgcQCKZloIlmB3XnhKQrTn3LeAGS2J6mrk+vrm+hGS1qiMuqaZZcxLH4LEsFVD4
mjyHkm8SsYhhxOQLw4Rucdiv4RJGwSvlaWEJInUpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYfGZ5SvBuqEEbBl8DogDp2gKYK4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmY2UxNTQ1LTg5NTQtNDIxYi1hMDQyLWE3NzA2MzdjMzdiNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIgpDANBgkqhkiG9w0BAQsFAAOCAQEAI+F6Eu2Op7GNSHYTbJymsIbrs1sV
VNrAaKIS06TbScLJANgOpUiCIZttaQ2XwvsVlp/tgW7k8sloHRBVelSY0T0MTdDl
+CXL26gq3lufj7QHVy7+9IeL4HLsFsZ9Wu9p7dfmvnHMjC5JdPsOlMfeMIL6xeVp
A7c7pVnWVY181zQlYMGEVyUApjwqT8SDknzif0hTqHnGENEkdFZMEpUajo8+E8Bt
PvftV9n0q7ed0I2Ei4oXcdnHr0A+tSrz9drePyJogute9s8B7nTMt5ras1Z/eq55
S3F56wyPKLZjrvjf1BFvMAWfYblrMy6yxcdgQoav8JJc9Uogv0rTE2OQ+w==
-----END CERTIFICATE-----