Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58a3dcd9-db11-4ca2-8105-437306c32292.roa
File:                     58a3dcd9-db11-4ca2-8105-437306c32292.roa (raw, json)
Hash identifier:          PUTS3/1AxvQk/u2PJeyo5UFcNdWT4KleWFbHfeummVw=
Subject key identifier:   F8:FE:17:A3:10:84:EC:9A:AB:DA:14:74:CE:E5:39:97:E8:8F:B1:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53B5C89EA329E39F4E64D7CF8B182C8F79B73BD9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58a3dcd9-db11-4ca2-8105-437306c32292.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        208.110.48.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:b5:c8:9e:a3:29:e3:9f:4e:64:d7:cf:8b:18:2c:8f:79:b7:3b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ee:95:a0:43:ee:31:9f:18:fe:3b:4d:b8:c0:
                    44:a1:4b:20:59:a1:76:89:dc:56:9e:7d:32:f1:43:
                    1c:0c:ce:24:58:9f:e7:81:de:30:c1:2c:42:ae:50:
                    15:81:0f:60:a2:66:d2:c8:67:6e:50:b6:e4:96:64:
                    48:ca:7d:32:d7:f5:0d:54:e0:d1:a7:88:45:fa:c8:
                    4a:d7:0c:84:23:20:c9:ab:b5:71:bc:f4:b1:f1:92:
                    51:9c:dd:63:80:fd:c5:63:06:74:03:55:2e:0f:23:
                    f5:c6:1a:a6:e0:9a:bb:28:1e:92:0b:d0:aa:4b:b3:
                    12:6f:33:84:00:d5:13:a3:9e:2c:b0:3d:73:78:4f:
                    22:11:4d:61:4a:b2:06:5a:2e:fa:29:f7:69:55:d9:
                    0b:27:35:1e:7d:0d:a0:66:16:c4:3a:f3:48:ee:b0:
                    c4:0a:12:37:c1:7f:e1:82:54:f8:a8:df:99:6a:95:
                    36:13:50:ba:14:a8:22:fc:7a:0d:cb:b4:aa:a5:1e:
                    ab:a1:56:1b:bd:50:c4:c6:fe:e2:f5:aa:bd:78:76:
                    89:3b:68:84:79:be:d4:b4:fd:55:e7:68:a5:cc:c6:
                    c4:46:1b:63:8f:03:da:54:a5:e2:b7:a7:d2:c4:82:
                    37:ad:56:15:29:85:ba:80:cd:ba:de:cd:37:f9:90:
                    43:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:FE:17:A3:10:84:EC:9A:AB:DA:14:74:CE:E5:39:97:E8:8F:B1:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/58a3dcd9-db11-4ca2-8105-437306c32292.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.110.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8d:3e:9e:72:0c:9a:90:96:c9:b3:d7:62:a6:2d:4a:27:85:bb:
         3f:bc:5e:56:98:5e:c6:20:da:f4:f6:17:7e:90:19:0e:b0:ed:
         b0:e2:b4:b0:ef:48:9f:47:c7:75:0b:66:22:73:af:5b:24:f8:
         f7:ca:ba:ab:a3:c0:f6:cb:65:39:83:0a:7c:e2:35:68:08:ed:
         89:75:52:33:23:28:d0:a8:09:7d:34:b1:48:55:e2:69:89:70:
         35:3e:7e:21:ba:36:5c:89:69:e8:cb:95:64:0e:6e:52:83:78:
         a8:c9:b8:67:ca:d5:e3:7c:1a:e5:b9:cb:56:dd:47:49:ad:1c:
         f7:cc:c4:e9:d5:ba:19:b0:01:41:be:85:41:bf:e2:76:f4:57:
         ec:9d:23:5c:fd:e0:2c:56:2a:78:7e:32:93:02:1f:67:4e:bd:
         3f:3c:bd:c6:ac:ed:f7:3c:dc:8e:95:43:6c:9a:d9:81:eb:e0:
         aa:58:ec:51:d1:f0:d5:b6:a3:38:de:6d:46:17:ad:f9:17:96:
         4d:90:11:c0:83:8e:35:b1:52:29:ca:36:4f:f3:53:00:e0:99:
         d1:27:78:df:8d:32:97:f3:d6:f5:9b:92:21:66:c2:56:b0:00:
         ac:42:88:11:ed:31:7b:c6:5f:88:ec:d0:86:1f:06:98:84:e1:
         d8:2f:5f:32
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUU7XInqMp459OZNfPixgsj3m3O9kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzA2ODBmZGU0YzFhNThiMzZjNzhjOTJiMTBjNWJmZjQz
ODU5MzI0MzRhOGM3ZTc3OTg0MmYxNTgyYzNhZGRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI7pWgQ+4xnxj+O024wEShSyBZoXaJ3FaefTLxQxwMziRY
n+eB3jDBLEKuUBWBD2CiZtLIZ25QtuSWZEjKfTLX9Q1U4NGniEX6yErXDIQjIMmr
tXG89LHxklGc3WOA/cVjBnQDVS4PI/XGGqbgmrsoHpIL0KpLsxJvM4QA1ROjniyw
PXN4TyIRTWFKsgZaLvop92lV2QsnNR59DaBmFsQ680jusMQKEjfBf+GCVPio35lq
lTYTULoUqCL8eg3LtKqlHquhVhu9UMTG/uL1qr14dok7aIR5vtS0/VXnaKXMxsRG
G2OPA9pUpeK3p9LEgjetVhUphbqAzbrezTf5kEMDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+P4XoxCE7Jqr2hR0zuU5l+iPsfYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU4YTNkY2Q5LWRiMTEtNGNhMi04MTA1LTQzNzMwNmMzMjI5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATQbjAwDQYJKoZIhvcNAQELBQADggEBAI0+nnIMmpCWybPXYqYtSieFuz+8
XlaYXsYg2vT2F36QGQ6w7bDitLDvSJ9Hx3ULZiJzr1sk+PfKuqujwPbLZTmDCnzi
NWgI7Yl1UjMjKNCoCX00sUhV4mmJcDU+fiG6NlyJaejLlWQOblKDeKjJuGfK1eN8
GuW5y1bdR0mtHPfMxOnVuhmwAUG+hUG/4nb0V+ydI1z94CxWKnh+MpMCH2dOvT88
vcas7fc83I6VQ2ya2YHr4KpY7FHR8NW2ozjebUYXrfkXlk2QEcCDjjWxUinKNk/z
UwDgmdEneN+NMpfz1vWbkiFmwlawAKxCiBHtMXvGX4js0IYfBpiE4dgvXzI=
-----END CERTIFICATE-----