Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/956d4119-22f4-41ab-9e60-3b5db4dd915e.roa
File:                     956d4119-22f4-41ab-9e60-3b5db4dd915e.roa (raw, json)
Hash identifier:          NycdV3s6a06m4829HWKYDm0Ll57o2hhFFjc2v5DKxhE=
Subject key identifier:   96:A2:70:0A:EB:0B:A1:F1:C7:AD:2E:C0:61:70:0A:0C:A8:67:91:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29A701E8F6C0A36696C7B224E90BC6D9025A1326
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/956d4119-22f4-41ab-9e60-3b5db4dd915e.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.33.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a7:01:e8:f6:c0:a3:66:96:c7:b2:24:e9:0b:c6:d9:02:5a:13:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2c:c1:65:74:80:8f:c0:23:b6:12:92:60:66:
                    2a:d6:d0:1d:97:a9:77:ca:1a:b6:a2:8c:ef:8f:4c:
                    a4:ce:72:40:bb:c7:98:28:69:54:6f:15:b6:69:0e:
                    07:fc:52:63:a3:5f:7b:9a:55:8d:4f:8e:1e:01:b7:
                    d8:8d:89:55:c1:78:a5:a7:e6:0a:2d:02:64:70:44:
                    e9:c2:b0:0c:64:74:0a:27:e8:2d:9a:fd:df:cb:a7:
                    ef:89:98:af:cb:60:22:07:d6:e9:40:e6:66:0c:ea:
                    a2:a3:fa:15:24:40:83:03:34:67:33:4e:94:3c:8c:
                    ed:c1:83:d2:ae:e6:29:05:16:b9:1f:d4:84:02:a1:
                    7e:0a:32:2c:27:a1:5c:68:4d:2a:36:19:1d:de:7f:
                    7b:ae:32:3d:d7:84:da:de:a3:ab:3a:a3:4d:63:8d:
                    34:70:be:6e:70:ea:d7:22:18:b3:1c:9f:4f:33:e8:
                    ce:9f:04:1f:2b:0e:f1:67:d2:42:19:aa:6e:9d:88:
                    b6:20:81:9b:92:11:1e:1f:07:64:b8:24:fb:8e:54:
                    ea:2b:b9:84:a1:ab:33:12:04:83:e9:4d:2e:4f:b2:
                    75:e9:c5:20:2d:88:0e:81:b0:75:ed:9f:de:d8:eb:
                    31:69:68:57:bb:8a:6f:ea:e7:48:2f:d9:f0:6e:e0:
                    0f:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:A2:70:0A:EB:0B:A1:F1:C7:AD:2E:C0:61:70:0A:0C:A8:67:91:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/956d4119-22f4-41ab-9e60-3b5db4dd915e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.33.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         17:dc:7f:17:74:4a:b9:ab:67:16:31:86:14:2f:3b:68:c4:09:
         c9:f9:a4:a5:df:7e:56:ba:04:42:07:c9:e2:d9:bc:7c:a1:59:
         b2:3d:ab:e7:d0:54:6d:33:12:bd:11:c9:37:a2:36:f7:37:6a:
         67:4d:f4:64:3a:41:b5:58:51:39:5c:00:a3:37:c8:2e:9b:6c:
         39:80:9a:d0:9f:e3:4e:83:47:90:58:1d:49:05:13:dd:54:e7:
         f6:8a:f8:eb:aa:97:ab:c4:04:e5:4d:2f:ad:16:b3:ee:6f:41:
         4b:6b:a6:56:c4:03:fe:84:dd:ce:1f:87:51:6e:72:c3:d4:b5:
         80:ed:8a:69:b7:4f:64:ee:6f:44:b7:ae:c3:65:c6:25:0a:b2:
         bb:bb:f7:0a:18:53:3f:fd:92:ab:78:c9:ea:69:8b:ef:65:82:
         d3:e6:a4:ea:af:1e:c5:93:1d:11:b4:e0:fe:ec:9d:19:04:7c:
         9d:1c:0e:30:93:af:c2:2d:af:dd:45:37:6e:51:f8:5f:36:b1:
         8a:f9:d3:82:4f:48:36:18:7b:d9:26:f1:fc:a2:be:a4:be:0d:
         f8:c5:fc:89:a6:41:5a:46:77:74:61:8e:be:ab:7a:92:3b:5d:
         10:d3:2c:e9:4c:9e:e5:c8:4d:07:30:23:da:9b:bf:4e:89:7f:
         17:9c:79:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKacB6PbAo2aWx7Ik6QvG2QJaEyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjFmMGE4MDhlMTg4ODk0MzIxOWQyMDlkOTliZDhhZDA4
OWE3YzIzNGJhMmJkYjk5ZmUwOGYxZGM2MDU2ZGY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLLMFldICPwCO2EpJgZirW0B2XqXfKGraijO+PTKTOckC7
x5goaVRvFbZpDgf8UmOjX3uaVY1Pjh4Bt9iNiVXBeKWn5gotAmRwROnCsAxkdAon
6C2a/d/Lp++JmK/LYCIH1ulA5mYM6qKj+hUkQIMDNGczTpQ8jO3Bg9Ku5ikFFrkf
1IQCoX4KMiwnoVxoTSo2GR3ef3uuMj3XhNreo6s6o01jjTRwvm5w6tciGLMcn08z
6M6fBB8rDvFn0kIZqm6diLYggZuSER4fB2S4JPuOVOoruYShqzMSBIPpTS5PsnXp
xSAtiA6BsHXtn97Y6zFpaFe7im/q50gv2fBu4A/fAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUlqJwCusLofHHrS7AYXAKDKhnkdwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk1NmQ0MTE5LTIyZjQtNDFhYi05ZTYwLTNiNWRiNGRkOTE1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2ITANBgkqhkiG9w0BAQsFAAOCAQEAF9x/F3RKuatnFjGGFC87aMQJyfmk
pd9+VroEQgfJ4tm8fKFZsj2r59BUbTMSvRHJN6I29zdqZ030ZDpBtVhROVwAozfI
LptsOYCa0J/jToNHkFgdSQUT3VTn9or466qXq8QE5U0vrRaz7m9BS2umVsQD/oTd
zh+HUW5yw9S1gO2KabdPZO5vRLeuw2XGJQqyu7v3ChhTP/2Sq3jJ6mmL72WC0+ak
6q8exZMdEbTg/uydGQR8nRwOMJOvwi2v3UU3blH4XzaxivnTgk9INhh72Sbx/KK+
pL4N+MX8iaZBWkZ3dGGOvqt6kjtdENMs6Uye5chNBzAj2pu/Tol/F5x52Q==
-----END CERTIFICATE-----