Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3a20974-6bfb-4332-8b61-5dbad67f1390.roa
File:                     a3a20974-6bfb-4332-8b61-5dbad67f1390.roa (raw, json)
Hash identifier:          p1Vv/BqbzfdGk11IJgrYKwrlmYikg9Xld7rIa0WUZ+o=
Subject key identifier:   65:47:89:E1:D1:67:C5:D0:8A:FC:7F:CC:13:36:91:2B:51:B2:A8:EB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       66D21DD93677AEE7178E9E3481B8E2EC3A2ABA56
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3a20974-6bfb-4332-8b61-5dbad67f1390.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        76.197.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:d2:1d:d9:36:77:ae:e7:17:8e:9e:34:81:b8:e2:ec:3a:2a:ba:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:3e:dc:39:16:04:8e:77:d6:bf:7c:0f:47:09:
                    01:b0:dd:ab:ac:e2:e1:7f:09:e9:60:b6:bb:ea:f5:
                    41:39:62:e9:17:48:3e:a8:30:cc:d4:3c:f6:41:4c:
                    49:f9:a8:09:b8:1d:6c:7f:da:a6:c1:d4:e0:0a:64:
                    0e:ea:a4:50:ca:b4:f6:28:24:77:76:a1:1a:f1:16:
                    34:0b:ef:e4:10:4c:8f:ba:c7:4e:14:88:d6:e1:af:
                    9e:93:fa:72:2e:d0:8c:54:0e:e5:cc:f5:c2:f7:20:
                    25:29:10:04:86:45:78:60:1f:b1:87:a0:3a:5a:8a:
                    02:86:69:3d:a4:1f:da:77:aa:5e:a2:95:96:fe:50:
                    c6:ea:25:95:ff:8d:d4:f9:79:5a:7d:e7:7c:76:b6:
                    2b:95:f0:f3:1a:bd:92:ce:16:48:60:1d:3e:8e:5e:
                    1d:6c:41:42:97:0f:c7:c1:46:46:35:27:33:74:ab:
                    74:e2:42:b0:a9:1c:2e:cb:b4:12:bf:c6:64:bf:52:
                    19:47:a0:55:4d:18:d4:c5:16:2b:67:98:11:ee:c0:
                    4a:a4:db:07:1b:52:6d:7d:b6:52:98:b4:dd:01:bf:
                    c3:41:b4:15:ea:5e:0f:07:75:7e:fe:e1:52:34:78:
                    8a:8d:27:a3:73:95:c7:47:2e:08:f6:70:fe:77:1d:
                    68:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:47:89:E1:D1:67:C5:D0:8A:FC:7F:CC:13:36:91:2B:51:B2:A8:EB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a3a20974-6bfb-4332-8b61-5dbad67f1390.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  76.197.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         97:5e:89:ac:a0:4b:da:d3:86:5d:3c:1d:e6:59:38:2a:d6:ef:
         ce:13:b1:16:fe:a7:e1:08:a8:63:4e:fe:ad:25:66:15:bc:a5:
         c1:03:ac:6f:91:8d:6f:dd:16:aa:f2:c4:5c:f7:3d:48:ab:60:
         c3:7d:5b:8f:e1:16:34:1f:21:d4:c8:8d:a4:a7:f6:8c:04:02:
         f5:ba:da:4f:11:06:26:9d:b6:59:12:cd:02:4b:31:6f:15:0e:
         4d:ce:0c:75:02:3b:13:04:1c:57:75:4c:57:b4:f6:dc:45:28:
         a0:97:d2:1a:d4:d6:18:18:0a:f7:90:e6:9f:55:c9:5d:30:8a:
         94:6c:3d:2b:ec:b2:e3:39:6e:e5:cd:e5:9d:85:ae:0e:91:62:
         a5:8f:05:d9:47:d5:4f:84:69:f1:44:d3:38:62:8f:23:ae:e8:
         95:22:f6:76:22:72:87:06:3e:bb:01:d3:ee:cd:ae:4a:7a:d0:
         49:1e:55:56:25:e0:2b:d8:c1:17:79:03:d6:3c:05:0d:20:f9:
         73:5a:ec:ca:f2:a8:c2:55:8a:91:37:7e:30:8c:2b:40:95:f6:
         85:e8:99:ab:eb:60:ad:a5:be:b9:2a:b9:dd:84:35:04:8b:88:
         92:b9:76:d7:fb:cc:b5:20:7d:12:78:e2:14:54:fc:85:1d:02:
         2b:dd:1f:34
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZtId2TZ3rucXjp40gbji7DoqulYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTlmZDQwN2Q0ZjhkZWY2Nzk2YzhiNDdmYTQ2NDRhZWMz
ZTg2OWY0ZDMwNGJlYThmMDY1OGJmMjZkOTgyMTNjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGPtw5FgSOd9a/fA9HCQGw3aus4uF/Celgtrvq9UE5YukX
SD6oMMzUPPZBTEn5qAm4HWx/2qbB1OAKZA7qpFDKtPYoJHd2oRrxFjQL7+QQTI+6
x04UiNbhr56T+nIu0IxUDuXM9cL3ICUpEASGRXhgH7GHoDpaigKGaT2kH9p3ql6i
lZb+UMbqJZX/jdT5eVp953x2tiuV8PMavZLOFkhgHT6OXh1sQUKXD8fBRkY1JzN0
q3TiQrCpHC7LtBK/xmS/UhlHoFVNGNTFFitnmBHuwEqk2wcbUm19tlKYtN0Bv8NB
tBXqXg8HdX7+4VI0eIqNJ6NzlcdHLgj2cP53HWifAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZUeJ4dFnxdCK/H/MEzaRK1GyqOswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EzYTIwOTc0LTZiZmItNDMzMi04YjYxLTVkYmFkNjdmMTM5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZMxYAwDQYJKoZIhvcNAQELBQADggEBAJdeiaygS9rThl08HeZZOCrW784T
sRb+p+EIqGNO/q0lZhW8pcEDrG+RjW/dFqryxFz3PUirYMN9W4/hFjQfIdTIjaSn
9owEAvW62k8RBiadtlkSzQJLMW8VDk3ODHUCOxMEHFd1TFe09txFKKCX0hrU1hgY
CveQ5p9VyV0wipRsPSvssuM5buXN5Z2Frg6RYqWPBdlH1U+EafFE0zhijyOu6JUi
9nYicocGPrsB0+7Nrkp60EkeVVYl4CvYwRd5A9Y8BQ0g+XNa7MryqMJVipE3fjCM
K0CV9oXomavrYK2lvrkqud2ENQSLiJK5dtf7zLUgfRJ44hRU/IUdAivdHzQ=
-----END CERTIFICATE-----