Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/633246d9-165c-4d33-a44d-b32b4bd508ba.roa
File:                     633246d9-165c-4d33-a44d-b32b4bd508ba.roa (raw, json)
Hash identifier:          KCQb7+D6lgJD0f4CvgoznrlHUtlSq6ATg+r6103PyE4=
Subject key identifier:   CC:48:EE:1F:9D:5E:A5:10:3B:17:C2:B6:B7:D1:E9:7A:D1:44:51:4A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       372298C1AF978662A532E0CB8382B90120923E37
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/633246d9-165c-4d33-a44d-b32b4bd508ba.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        149.180.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:22:98:c1:af:97:86:62:a5:32:e0:cb:83:82:b9:01:20:92:3e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:89:9d:d3:0b:7c:52:78:89:72:b7:65:d7:18:
                    c5:ef:63:ce:dd:4d:56:45:bd:bb:02:5c:eb:00:b6:
                    f4:db:64:e1:ff:52:99:36:fa:58:13:4b:94:06:2c:
                    e8:39:9c:5c:cd:cf:eb:37:1d:eb:ae:52:7d:1e:58:
                    70:1d:ea:26:99:3e:6a:ad:ee:7c:7d:a1:69:56:db:
                    33:7d:86:a6:bb:37:c3:1e:fe:ff:ae:79:7c:c6:9f:
                    f5:f2:d1:d4:80:7f:0c:2e:aa:66:ea:b7:02:a1:f9:
                    fc:62:21:80:93:bc:c8:74:69:02:80:fc:6b:03:7a:
                    45:6c:a4:28:dd:a9:c5:4d:e9:f6:75:27:f3:7d:c3:
                    ab:bc:14:51:8a:02:1b:42:41:2f:fd:da:ae:d0:fb:
                    a6:10:e6:df:7f:f9:10:aa:c1:be:e5:28:5b:0c:2c:
                    9d:98:54:69:ac:05:7c:33:a3:8e:3b:67:50:42:c7:
                    ac:cb:06:9e:15:c9:6f:d2:77:1a:78:a0:a6:e7:e5:
                    e8:b9:99:da:53:99:7d:eb:1d:46:9a:73:44:82:86:
                    02:a4:90:1a:9b:e4:23:80:13:bd:9f:e9:62:ee:9f:
                    97:95:d2:7b:40:d7:ca:ac:2a:0d:61:52:5a:d7:63:
                    5c:00:4e:b6:4f:f7:cc:38:7f:9a:55:84:0f:3a:95:
                    e0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:48:EE:1F:9D:5E:A5:10:3B:17:C2:B6:B7:D1:E9:7A:D1:44:51:4A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/633246d9-165c-4d33-a44d-b32b4bd508ba.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.180.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         12:13:51:ec:5f:d7:ca:f7:28:01:e7:cb:97:b7:36:83:a5:34:
         d7:70:ba:e7:de:66:6e:83:ee:a8:9a:e8:c8:be:20:11:35:ee:
         93:01:46:f4:8b:ec:ff:26:3f:c6:fe:f2:8d:d8:dd:de:8d:4d:
         b3:29:8c:1b:88:30:4c:d9:c3:77:4a:70:92:e2:0e:f4:29:4c:
         c8:ff:3e:c4:63:2a:d3:da:83:1f:48:de:03:5e:b0:04:50:7c:
         cb:a9:fe:fd:d4:00:9e:c6:33:ae:77:b9:8b:ed:4c:16:39:b1:
         f3:5c:89:1c:b2:cc:06:35:4b:c3:05:68:39:5f:36:c2:73:31:
         a0:68:2d:3a:7c:cb:64:c8:a0:e1:bf:bb:1c:37:42:b4:86:f1:
         40:d1:ee:d1:79:99:cb:92:19:72:c7:24:ef:ce:85:71:52:fa:
         6f:ee:1e:2e:54:c4:69:ea:18:67:64:e7:0e:1b:23:b3:7b:a9:
         f1:12:0f:8a:27:39:ae:71:e9:22:16:01:83:22:7c:ad:8c:d9:
         20:67:c9:01:5f:16:03:79:19:79:59:2d:7a:70:99:c0:b7:7f:
         30:93:83:05:ca:54:89:5f:90:d8:18:a4:97:ef:fb:64:9a:75:
         93:47:20:e2:a4:89:6b:59:09:7b:2e:d7:ed:5f:6b:d9:55:05:
         a6:78:46:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNyKYwa+XhmKlMuDLg4K5ASCSPjcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5YjY1MmMzMTRhZmI3M2I2OGI1NDc0MWM5ZWM4YzE1NDk1
MzMwNjVmMGU4ODlhMWJhMWI0MWJkMzUzMDBlYzc0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDPiZ3TC3xSeIlyt2XXGMXvY87dTVZFvbsCXOsAtvTbZOH/
Upk2+lgTS5QGLOg5nFzNz+s3HeuuUn0eWHAd6iaZPmqt7nx9oWlW2zN9hqa7N8Me
/v+ueXzGn/Xy0dSAfwwuqmbqtwKh+fxiIYCTvMh0aQKA/GsDekVspCjdqcVN6fZ1
J/N9w6u8FFGKAhtCQS/92q7Q+6YQ5t9/+RCqwb7lKFsMLJ2YVGmsBXwzo447Z1BC
x6zLBp4VyW/Sdxp4oKbn5ei5mdpTmX3rHUaac0SChgKkkBqb5COAE72f6WLun5eV
0ntA18qsKg1hUlrXY1wATrZP98w4f5pVhA86leCJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzEjuH51epRA7F8K2t9HpetFEUUowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzMzI0NmQ5LTE2NWMtNGQzMy1hNDRkLWIzMmI0YmQ1MDhiYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAeVtAAwDQYJKoZIhvcNAQELBQADggEBABITUexf18r3KAHny5e3NoOlNNdw
uufeZm6D7qia6Mi+IBE17pMBRvSL7P8mP8b+8o3Y3d6NTbMpjBuIMEzZw3dKcJLi
DvQpTMj/PsRjKtPagx9I3gNesARQfMup/v3UAJ7GM653uYvtTBY5sfNciRyyzAY1
S8MFaDlfNsJzMaBoLTp8y2TIoOG/uxw3QrSG8UDR7tF5mcuSGXLHJO/OhXFS+m/u
Hi5UxGnqGGdk5w4bI7N7qfESD4onOa5x6SIWAYMifK2M2SBnyQFfFgN5GXlZLXpw
mcC3fzCTgwXKVIlfkNgYpJfv+2SadZNHIOKkiWtZCXsu1+1fa9lVBaZ4RkY=
-----END CERTIFICATE-----