Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/83410682-4826-41d3-963b-6c7a7976752e.roa
File:                     83410682-4826-41d3-963b-6c7a7976752e.roa (raw, json)
Hash identifier:          Nik4TElvLQj2DAyl4BXQqFKs62RUwJ7KmwhNjvW2fO4=
Subject key identifier:   46:58:CE:74:71:32:F8:E9:DA:96:AD:7A:5A:5E:88:20:C0:1D:8D:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5ED9E8051CA0136F8E56B46F18708353860F86A8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/83410682-4826-41d3-963b-6c7a7976752e.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        96.0.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:d9:e8:05:1c:a0:13:6f:8e:56:b4:6f:18:70:83:53:86:0f:86:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3b:5e:b0:2b:7b:67:26:12:13:9a:f4:fb:4d:
                    b8:f7:37:72:25:de:c3:42:cb:2f:5e:1c:4f:80:cf:
                    ef:7a:19:de:57:28:94:e1:40:b7:ce:63:4b:be:80:
                    ad:6f:12:8c:88:cb:9d:d1:70:5a:d3:a7:2a:c4:93:
                    e0:6d:e2:2c:4a:94:16:9a:4d:74:30:7b:09:f4:85:
                    68:d1:e3:ca:2d:d7:a5:32:e5:83:3c:8b:f6:60:ee:
                    72:66:c3:81:80:f6:8b:87:b5:ce:03:2c:06:1b:2d:
                    65:e7:e1:22:78:1b:41:9c:77:1a:4a:83:5a:09:a3:
                    bd:31:bb:df:3f:73:64:40:e9:67:86:96:a3:09:c7:
                    c3:65:cb:05:7c:75:cd:c6:0e:2b:57:72:48:33:20:
                    46:10:40:62:0e:ce:4f:e0:e5:10:15:f8:bc:d6:56:
                    0c:29:0d:57:47:3f:7f:5e:ea:0d:fa:1f:84:f0:28:
                    d1:05:2d:af:e7:2d:a1:13:03:0b:ee:ce:9b:fb:28:
                    6b:19:c0:8e:e8:d8:80:48:04:8a:7f:91:45:1e:ff:
                    5d:bb:2c:4b:b8:1c:28:3b:04:1a:2a:5a:c9:9b:11:
                    5f:49:c0:f8:6b:d8:15:3d:e0:90:75:38:54:2e:5c:
                    3e:c6:50:41:43:93:0c:45:90:b7:87:c3:d8:eb:c7:
                    22:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:58:CE:74:71:32:F8:E9:DA:96:AD:7A:5A:5E:88:20:C0:1D:8D:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/83410682-4826-41d3-963b-6c7a7976752e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.0.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7e:0f:87:d4:01:0f:72:9a:45:4b:1d:50:cf:5d:68:81:46:8c:
         27:77:7c:f0:79:f7:e5:43:e2:5e:1b:1b:9f:00:8a:cb:fd:07:
         0f:7c:a3:b8:fb:4b:73:da:57:c4:dc:35:da:42:d5:85:b2:53:
         71:2d:59:ff:37:65:d8:29:4b:b0:b4:e0:d9:5b:8e:84:02:b9:
         82:ba:8b:16:00:24:66:c6:9c:5e:34:83:48:83:3e:df:77:ee:
         5e:53:97:a1:c2:75:c5:2c:a2:7f:ef:5a:41:bf:74:f0:58:47:
         a6:b0:e4:e3:6f:19:7a:0d:79:06:7f:37:30:c1:16:0b:c6:d7:
         8e:0f:45:26:b8:63:56:50:9e:f2:47:be:57:31:c1:99:8a:20:
         44:68:1e:23:0c:76:bd:f4:93:e5:bb:d2:f8:e3:7a:7b:6e:b3:
         b8:ba:19:29:a1:57:15:dc:8d:80:2e:40:3e:59:6d:3e:72:84:
         9b:c1:04:cc:78:5f:17:00:da:94:93:87:13:81:0e:95:86:1b:
         88:b0:3b:a4:d7:5e:47:73:b1:d4:cd:7e:e1:1b:05:ce:17:8a:
         e3:8a:fd:6b:74:2b:95:a6:3a:3b:4a:c5:40:b9:f4:88:c1:26:
         4c:93:25:a6:5b:95:e9:d0:ab:1c:b8:42:a7:3e:a0:94:4d:49:
         d9:65:08:3e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXtnoBRygE2+OVrRvGHCDU4YPhqgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlM2Y1ODU2N2Y1Y2JlMzRlYzEyYmM5YjQ3MDdmMTVjZmI4
Y2E0MzQ2YjgxZWU5NmNlNmFlZmU1YzE2ZDAwMGQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUO16wK3tnJhITmvT7Tbj3N3Il3sNCyy9eHE+Az+96Gd5X
KJThQLfOY0u+gK1vEoyIy53RcFrTpyrEk+Bt4ixKlBaaTXQwewn0hWjR48ot16Uy
5YM8i/Zg7nJmw4GA9ouHtc4DLAYbLWXn4SJ4G0GcdxpKg1oJo70xu98/c2RA6WeG
lqMJx8NlywV8dc3GDitXckgzIEYQQGIOzk/g5RAV+LzWVgwpDVdHP39e6g36H4Tw
KNEFLa/nLaETAwvuzpv7KGsZwI7o2IBIBIp/kUUe/127LEu4HCg7BBoqWsmbEV9J
wPhr2BU94JB1OFQuXD7GUEFDkwxFkLeHw9jrxyIPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURljOdHEy+Onalq16Wl6IIMAdja8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgzNDEwNjgyLTQ4MjYtNDFkMy05NjNiLTZjN2E3OTc2NzUyZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBgADANBgkqhkiG9w0BAQsFAAOCAQEAfg+H1AEPcppFSx1Qz11ogUaMJ3d8
8Hn35UPiXhsbnwCKy/0HD3yjuPtLc9pXxNw12kLVhbJTcS1Z/zdl2ClLsLTg2VuO
hAK5grqLFgAkZsacXjSDSIM+33fuXlOXocJ1xSyif+9aQb908FhHprDk428Zeg15
Bn83MMEWC8bXjg9FJrhjVlCe8ke+VzHBmYogRGgeIwx2vfST5bvS+ON6e26zuLoZ
KaFXFdyNgC5APlltPnKEm8EEzHhfFwDalJOHE4EOlYYbiLA7pNdeR3Ox1M1+4RsF
zheK44r9a3QrlaY6O0rFQLn0iMEmTJMlpluV6dCrHLhCpz6glE1J2WUIPg==
-----END CERTIFICATE-----