Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78f221a7-ebc0-4961-937e-e0d72403b53e.roa
File:                     78f221a7-ebc0-4961-937e-e0d72403b53e.roa (raw, json)
Hash identifier:          YHmE3Vc7L09KeCYZjhc1YzijAvJwZ0RWAQrDniCLuSo=
Subject key identifier:   11:C4:C1:98:3E:9C:CF:AE:9F:24:E4:3F:64:42:93:3B:6C:47:8A:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F2DE5C84002779E839ECD4DD8C428A730961406
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78f221a7-ebc0-4961-937e-e0d72403b53e.roa
Signing time:             Wed 27 Nov 2024 00:00:00 +0000
ROA not before:           Wed 27 Nov 2024 00:00:00 +0000
ROA not after:            Wed 01 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        192.189.197.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:2d:e5:c8:40:02:77:9e:83:9e:cd:4d:d8:c4:28:a7:30:96:14:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 27 00:00:00 2024 GMT
            Not After : Jan  1 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8c:76:7c:9e:11:06:0c:45:05:a4:73:57:83:
                    a6:86:05:12:36:a2:08:34:d9:4e:c1:3a:81:fa:6e:
                    cf:2b:27:28:a3:aa:77:f3:18:2c:60:20:36:4d:5e:
                    19:09:0a:98:a1:fa:68:8f:e9:a8:f2:84:75:21:7c:
                    a2:4b:e5:00:31:28:61:79:c1:68:5a:2a:30:18:ab:
                    58:ec:d5:30:60:e2:f4:c5:75:45:a9:90:72:a7:06:
                    08:8b:45:70:5e:0c:eb:91:59:8e:ed:f2:b9:f9:ab:
                    18:b0:01:70:cc:cc:54:e8:5b:2b:e4:47:96:d7:27:
                    ae:e8:68:23:d2:88:f2:4e:23:95:69:56:23:5a:ac:
                    79:47:6b:12:fe:bf:c2:b4:c2:c2:81:90:14:32:61:
                    ec:da:84:1e:54:93:ed:b7:9d:a0:34:d4:30:47:9b:
                    a0:33:7e:f7:5f:c2:e4:11:f0:3e:54:9c:e1:d2:d2:
                    42:b5:50:15:a1:17:c1:d5:6c:74:5a:dd:61:aa:17:
                    fe:a3:29:3f:22:b9:b0:b5:0d:d2:a2:18:be:55:4b:
                    2a:63:d1:4d:df:1b:a0:3d:70:90:12:f4:d0:cd:69:
                    bc:ca:fc:e4:68:18:90:9c:46:8c:48:01:1d:35:0c:
                    b4:3f:b4:6c:91:e7:c7:4a:f4:53:be:e9:6f:bd:f5:
                    19:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C4:C1:98:3E:9C:CF:AE:9F:24:E4:3F:64:42:93:3B:6C:47:8A:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/78f221a7-ebc0-4961-937e-e0d72403b53e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:de:b9:b0:eb:83:6b:9a:be:e9:ce:8e:0c:19:54:ad:a4:2f:
         a1:58:1f:f9:1c:7e:cd:f5:a9:f5:b8:1f:cc:05:99:ce:71:0a:
         00:11:7a:85:32:54:20:1d:eb:1c:48:4e:cb:42:12:50:0f:8d:
         c4:d5:cc:72:36:b3:dc:4f:08:31:33:60:34:c5:cd:0b:f9:05:
         21:77:80:28:b9:85:7e:42:73:bc:4c:7b:28:77:d5:0c:60:dc:
         41:ae:3d:02:55:59:c5:20:38:35:77:2f:b3:8e:5b:6d:e4:02:
         ca:56:da:bc:f3:c6:4d:36:72:83:9d:f1:d9:4a:43:97:7c:4b:
         e3:c9:03:dc:57:46:d1:47:0e:5f:d1:85:bc:b6:91:4c:cd:39:
         a2:8f:fa:c1:d3:e0:c0:94:90:5d:87:41:14:f5:20:23:65:0f:
         a7:c6:62:82:e7:ff:f2:e8:42:f4:ab:64:38:86:37:f1:c4:59:
         9d:cc:61:ca:ef:c2:0e:44:76:5a:de:84:ab:05:e3:6c:fa:37:
         3c:13:c4:9a:ae:1d:3d:ff:6a:0e:65:54:b4:ec:d9:eb:34:33:
         04:e1:61:7b:5a:63:bc:88:49:25:c7:89:0a:fc:12:b2:26:25:
         e6:60:ea:eb:ac:f3:d4:d2:ad:ff:fe:0d:d0:3e:ac:5a:ed:df:
         34:88:d4:1c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXy3lyEACd56Dns1N2MQopzCWFAYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI3MDAwMDAwWhcNMjUwMTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MGZjODUyMDMzNjU5YjgzZDhjNGQ0M2U3ODIxNjMyNjY3
OTViNzk0OWFlNmM2MmE3ZTNiN2ZhMjEyMTY4YjM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzjHZ8nhEGDEUFpHNXg6aGBRI2ogg02U7BOoH6bs8rJyij
qnfzGCxgIDZNXhkJCpih+miP6ajyhHUhfKJL5QAxKGF5wWhaKjAYq1js1TBg4vTF
dUWpkHKnBgiLRXBeDOuRWY7t8rn5qxiwAXDMzFToWyvkR5bXJ67oaCPSiPJOI5Vp
ViNarHlHaxL+v8K0wsKBkBQyYezahB5Uk+23naA01DBHm6AzfvdfwuQR8D5UnOHS
0kK1UBWhF8HVbHRa3WGqF/6jKT8iubC1DdKiGL5VSypj0U3fG6A9cJAS9NDNabzK
/ORoGJCcRoxIAR01DLQ/tGyR58dK9FO+6W+99RlRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEcTBmD6cz66fJOQ/ZEKTO2xHir4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4ZjIyMWE3LWViYzAtNDk2MS05MzdlLWUwZDcyNDAzYjUzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAvcUwDQYJKoZIhvcNAQELBQADggEBAA3eubDrg2uavunOjgwZVK2kL6FY
H/kcfs31qfW4H8wFmc5xCgAReoUyVCAd6xxITstCElAPjcTVzHI2s9xPCDEzYDTF
zQv5BSF3gCi5hX5Cc7xMeyh31Qxg3EGuPQJVWcUgODV3L7OOW23kAspW2rzzxk02
coOd8dlKQ5d8S+PJA9xXRtFHDl/Rhby2kUzNOaKP+sHT4MCUkF2HQRT1ICNlD6fG
YoLn//LoQvSrZDiGN/HEWZ3MYcrvwg5EdlrehKsF42z6NzwTxJquHT3/ag5lVLTs
2es0MwThYXtaY7yISSXHiQr8ErImJeZg6uus89TSrf/+DdA+rFrt3zSI1Bw=
-----END CERTIFICATE-----