Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9dbd06a8-580b-430d-973f-47d19f5f06ec.roa
File:                     9dbd06a8-580b-430d-973f-47d19f5f06ec.roa (raw, json)
Hash identifier:          TFcctxHseLDrnYI5/c1M18c8adFkrBcDdRx3/QipqvQ=
Subject key identifier:   F4:58:EA:EA:92:2C:61:AA:1B:19:E3:63:79:68:FC:F1:99:A5:05:42
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F4238D375224DF2992A8904AFB31AAEBAD01388
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9dbd06a8-580b-430d-973f-47d19f5f06ec.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        198.151.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:42:38:d3:75:22:4d:f2:99:2a:89:04:af:b3:1a:ae:ba:d0:13:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d4:f4:14:cf:77:30:34:9b:5b:70:d9:b5:9d:
                    1a:25:66:e8:aa:dc:f0:f2:e3:cd:b1:e6:d6:3a:41:
                    f0:8b:f1:78:b7:a5:54:42:51:0b:24:74:ec:be:03:
                    72:02:da:69:a6:c7:f1:35:cd:36:68:da:b3:ca:b3:
                    e5:a0:a2:7d:d3:af:4f:f1:47:7f:0b:72:2a:89:78:
                    aa:c1:ca:fd:ca:04:f8:7e:85:5b:24:ec:87:b6:0a:
                    11:55:d6:8b:c9:3e:91:c4:9e:87:55:f7:dc:a4:67:
                    19:72:57:ee:39:69:5f:da:df:2d:06:cb:6b:45:d8:
                    9c:30:54:8e:c8:b7:3e:0b:80:ea:eb:c1:1b:c4:d4:
                    1f:19:c2:10:49:25:28:d3:a4:d9:4f:b3:bb:43:6a:
                    ba:11:dd:60:59:56:f0:d1:40:a9:3b:53:81:fd:e8:
                    d3:02:29:f1:09:24:33:e4:8b:df:e1:7d:9f:c7:60:
                    a2:55:fc:56:07:c3:20:4b:31:d0:25:82:81:d2:cd:
                    b0:98:a2:03:c5:d0:25:9d:7f:20:2b:38:c9:bd:1b:
                    4e:85:f4:b7:b0:5b:f0:a1:0b:05:cc:d4:6f:a0:f0:
                    06:9d:c8:b0:4f:71:df:f2:99:06:34:af:de:bd:17:
                    1b:a1:16:30:2b:97:8d:4c:d2:ce:6b:06:7a:89:69:
                    9f:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:58:EA:EA:92:2C:61:AA:1B:19:E3:63:79:68:FC:F1:99:A5:05:42
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9dbd06a8-580b-430d-973f-47d19f5f06ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.151.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c4:f3:13:39:ff:1d:81:6b:72:d7:76:82:82:b4:f7:e8:e9:3a:
         f8:74:c6:97:8c:d4:5d:6f:fa:9c:78:80:3b:4b:2e:ca:1e:33:
         35:8a:17:10:24:37:6b:64:eb:89:f3:6c:e1:48:45:cd:3d:4f:
         a4:22:46:54:fe:6a:13:e4:34:36:d1:a6:64:db:44:ea:d4:ed:
         f3:61:88:a9:7b:7f:66:39:b2:55:d2:e4:a9:69:c5:c2:92:a2:
         a4:2e:9c:77:9e:fc:d8:b4:eb:94:15:1b:90:f9:ba:4a:ca:f3:
         e1:e6:c7:ea:4c:2f:98:61:52:c5:94:4e:12:57:9b:48:83:88:
         55:94:be:84:06:b0:08:35:1e:18:da:4e:ed:53:41:f1:fb:aa:
         6f:19:08:f3:7c:bf:38:4e:14:b0:67:be:d4:65:50:a9:9d:40:
         7b:a5:2c:c7:6d:c9:fb:a1:0f:a2:76:14:2a:a7:1f:99:e8:13:
         2f:a8:d5:ea:c2:21:98:5d:89:35:69:03:69:fc:5a:ce:f0:9a:
         38:51:66:19:0b:9a:23:d5:f3:6a:eb:56:b3:01:50:91:3b:8a:
         0c:1f:dd:4f:43:ea:0a:69:0c:21:cb:86:b9:be:25:4e:ab:46:
         8d:de:b7:a2:be:0b:a1:85:30:97:c7:bb:cf:c2:5e:dc:08:fd:
         3e:33:f4:60
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUb0I403UiTfKZKokEr7MarrrQE4gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZGIxOWU1OThlNDkwNjc4MTEwYjAzZThjNTU5N2FjYmNh
YmU1MjlhNzU1OTI0NDBhYzMyYTMxOTI4OThjNWY4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC71PQUz3cwNJtbcNm1nRolZuiq3PDy482x5tY6QfCL8Xi3
pVRCUQskdOy+A3IC2mmmx/E1zTZo2rPKs+Wgon3Tr0/xR38LciqJeKrByv3KBPh+
hVsk7Ie2ChFV1ovJPpHEnodV99ykZxlyV+45aV/a3y0Gy2tF2JwwVI7Itz4LgOrr
wRvE1B8ZwhBJJSjTpNlPs7tDaroR3WBZVvDRQKk7U4H96NMCKfEJJDPki9/hfZ/H
YKJV/FYHwyBLMdAlgoHSzbCYogPF0CWdfyArOMm9G06F9LewW/ChCwXM1G+g8Aad
yLBPcd/ymQY0r969FxuhFjArl41M0s5rBnqJaZ+3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9Fjq6pIsYaobGeNjeWj88ZmlBUIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkYmQwNmE4LTU4MGItNDMwZC05NzNmLTQ3ZDE5ZjVmMDZlYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAbGl0AwDQYJKoZIhvcNAQELBQADggEBAMTzEzn/HYFrctd2goK09+jpOvh0
xpeM1F1v+px4gDtLLsoeMzWKFxAkN2tk64nzbOFIRc09T6QiRlT+ahPkNDbRpmTb
ROrU7fNhiKl7f2Y5slXS5KlpxcKSoqQunHee/Ni065QVG5D5ukrK8+Hmx+pML5hh
UsWUThJXm0iDiFWUvoQGsAg1HhjaTu1TQfH7qm8ZCPN8vzhOFLBnvtRlUKmdQHul
LMdtyfuhD6J2FCqnH5noEy+o1erCIZhdiTVpA2n8Ws7wmjhRZhkLmiPV82rrVrMB
UJE7igwf3U9D6gppDCHLhrm+JU6rRo3et6K+C6GFMJfHu8/CXtwI/T4z9GA=
-----END CERTIFICATE-----