Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64c19aa3-f04a-4ad3-a8af-582cef894edf.roa
File:                     64c19aa3-f04a-4ad3-a8af-582cef894edf.roa (raw, json)
Hash identifier:          F8D8oVb+cfn3MoUlckVwgYM1kZ88CiELufJL8Y8Thpw=
Subject key identifier:   CD:D1:20:60:BE:58:74:86:78:40:FB:D0:24:6C:72:61:05:C3:62:77
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       40A7594D26DB919284F02C3D5F3312224248EA36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64c19aa3-f04a-4ad3-a8af-582cef894edf.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        161.228.192.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:a7:59:4d:26:db:91:92:84:f0:2c:3d:5f:33:12:22:42:48:ea:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=6728a2d28e5e4bac7f00656ce8cc857051fbfbb29ba3d4e1ca73cfc645ceee8e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c8:39:ea:9a:86:ec:ce:7c:cd:3b:94:63:fe:
                    ac:81:b3:0e:6f:2f:a8:56:72:03:f9:8d:0c:74:6b:
                    e4:f2:b2:a2:9b:59:19:65:31:14:54:71:98:9d:ed:
                    c4:01:1c:08:d3:b4:36:0a:ba:0a:3a:a1:bb:a3:e9:
                    59:2d:82:2f:cc:3e:cb:f0:27:88:b7:b7:75:c8:9c:
                    57:92:0c:b6:11:90:39:74:1e:18:34:ea:e1:ea:6d:
                    83:ad:86:3d:3b:3a:8e:77:3c:50:75:4a:2c:cf:d5:
                    f9:f8:fb:e1:0e:31:7e:41:b4:bf:2c:e1:1b:60:63:
                    1c:6a:3b:d8:93:5e:7e:98:47:5d:ac:02:c3:8e:38:
                    91:b0:c7:4c:19:87:e3:12:d2:ac:e5:67:90:fc:fc:
                    50:aa:56:52:db:0a:d4:5c:a7:2e:56:e3:95:c2:bf:
                    9e:f2:b6:78:80:6f:a0:a0:28:90:1b:2a:44:02:16:
                    26:1d:d9:ec:23:bd:88:23:cc:c4:d7:2a:ec:7e:15:
                    47:e2:de:00:6b:49:bd:59:3c:3e:11:57:1c:15:d0:
                    87:ee:74:5f:d1:38:1b:62:d6:98:37:0c:ab:0f:d0:
                    f2:91:0d:8a:cb:a2:c2:2b:1c:8b:23:5c:98:2f:e7:
                    dc:8d:30:4f:ff:6d:a5:49:9d:96:39:58:0b:56:23:
                    b6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D1:20:60:BE:58:74:86:78:40:FB:D0:24:6C:72:61:05:C3:62:77
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64c19aa3-f04a-4ad3-a8af-582cef894edf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.228.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d4:c0:81:f5:d3:9b:ec:7b:be:d4:b5:2f:68:d5:2d:e1:1e:b4:
         62:f1:21:01:9d:4b:a5:3a:60:d9:87:ff:bd:05:27:11:cd:b3:
         93:60:d8:fd:16:2b:5e:bf:07:25:02:e0:d6:8f:71:4e:83:5e:
         bc:cd:3d:3e:1c:42:00:c1:7c:02:a9:99:20:e9:c0:34:e6:cf:
         1d:6e:82:2b:0d:0f:c3:be:70:b0:b4:7d:54:a4:1f:05:9c:b1:
         29:90:56:76:48:28:53:e5:bc:7d:67:b5:be:a7:d3:70:76:07:
         bf:02:0c:9d:e8:b3:13:6e:74:45:86:36:70:a3:dd:8f:ed:b7:
         e0:d2:88:e3:fe:fd:e8:cb:1d:01:21:1b:3f:09:b9:6b:2a:9a:
         3f:94:ec:3b:7e:77:4b:34:50:4d:dc:6a:12:b3:28:af:c7:b9:
         c4:af:2b:71:f0:80:6f:9d:ab:0e:7d:dc:47:27:e4:c2:40:9c:
         47:74:b2:a2:6d:6c:08:4d:f0:82:40:c6:1b:49:5f:17:55:fc:
         d6:b7:24:53:46:24:d0:4f:3c:bd:e3:cb:7a:d3:81:a0:71:d7:
         24:16:b4:43:9a:e8:32:e3:0d:5a:fb:07:ce:46:84:11:4c:ab:
         73:58:29:73:e0:45:ff:f0:78:90:50:9b:f7:8d:1a:d3:f0:56:
         0c:b3:e4:c1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQKdZTSbbkZKE8Cw9XzMSIkJI6jYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzI4YTJkMjhlNWU0YmFjN2YwMDY1NmNlOGNjODU3MDUx
ZmJmYmIyOWJhM2Q0ZTFjYTczY2ZjNjQ1Y2VlZThlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcyDnqmobsznzNO5Rj/qyBsw5vL6hWcgP5jQx0a+TysqKb
WRllMRRUcZid7cQBHAjTtDYKugo6obuj6Vktgi/MPsvwJ4i3t3XInFeSDLYRkDl0
Hhg06uHqbYOthj07Oo53PFB1SizP1fn4++EOMX5BtL8s4RtgYxxqO9iTXn6YR12s
AsOOOJGwx0wZh+MS0qzlZ5D8/FCqVlLbCtRcpy5W45XCv57ytniAb6CgKJAbKkQC
FiYd2ewjvYgjzMTXKux+FUfi3gBrSb1ZPD4RVxwV0IfudF/ROBti1pg3DKsP0PKR
DYrLosIrHIsjXJgv59yNME//baVJnZY5WAtWI7YvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzdEgYL5YdIZ4QPvQJGxyYQXDYncwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0YzE5YWEzLWYwNGEtNGFkMy1hOGFmLTU4MmNlZjg5NGVkZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAah5MAwDQYJKoZIhvcNAQELBQADggEBANTAgfXTm+x7vtS1L2jVLeEetGLx
IQGdS6U6YNmH/70FJxHNs5Ng2P0WK16/ByUC4NaPcU6DXrzNPT4cQgDBfAKpmSDp
wDTmzx1ugisND8O+cLC0fVSkHwWcsSmQVnZIKFPlvH1ntb6n03B2B78CDJ3osxNu
dEWGNnCj3Y/tt+DSiOP+/ejLHQEhGz8JuWsqmj+U7Dt+d0s0UE3cahKzKK/HucSv
K3HwgG+dqw593Ecn5MJAnEd0sqJtbAhN8IJAxhtJXxdV/Na3JFNGJNBPPL3jy3rT
gaBx1yQWtEOa6DLjDVr7B85GhBFMq3NYKXPgRf/weJBQm/eNGtPwVgyz5ME=
-----END CERTIFICATE-----