Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c21a03d2-c335-42e6-bd75-5dc8f46efae5.roa
File:                     c21a03d2-c335-42e6-bd75-5dc8f46efae5.roa (raw, json)
Hash identifier:          8QYm0wAVk8zmu11VM4s6b6zB48fSyJD6e9oaiVcQdSg=
Subject key identifier:   3E:D9:1E:28:A3:04:24:AD:65:52:00:ED:68:F0:A5:1A:39:2D:13:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10D2A5668AD3877FDDE127DC27AE876B2972EF11
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c21a03d2-c335-42e6-bd75-5dc8f46efae5.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.55.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:d2:a5:66:8a:d3:87:7f:dd:e1:27:dc:27:ae:87:6b:29:72:ef:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=4652f11c95245061f0e357f9a462c8f26cc5781459124aa52a7accdf8937c587, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:42:25:44:5a:cc:c3:32:56:cd:24:6f:2f:f9:
                    00:bc:0c:a0:7b:03:f9:c9:e5:2e:13:cd:50:ea:88:
                    25:9b:e8:5c:91:0e:6e:c2:dc:da:96:84:27:1e:ae:
                    4c:8d:c8:e3:51:a3:d5:a1:af:0c:31:b6:75:01:f7:
                    ec:5c:c5:c3:6b:99:33:b3:d1:be:22:4e:af:14:c0:
                    c0:b3:7f:cd:08:4b:7a:d8:29:11:5e:02:18:f8:46:
                    ca:cb:32:d4:aa:24:70:7d:ef:06:8c:3e:38:8d:87:
                    a9:08:d5:5d:a2:60:e5:cd:03:98:25:67:80:65:9f:
                    c3:bc:8a:c8:fe:19:e3:4f:d4:73:a0:1c:44:07:da:
                    79:94:5e:27:d1:25:f5:35:c4:61:7e:8c:71:66:40:
                    b3:b4:db:70:b4:12:be:c0:8b:0a:96:39:0d:c8:58:
                    07:ce:d6:06:f9:9c:ba:9c:ca:8b:1a:84:4d:eb:d2:
                    78:ef:8f:35:51:4a:c1:5c:dc:06:62:3c:7b:6e:e6:
                    5b:d7:3e:17:c0:85:83:7e:72:d1:7d:b7:28:63:26:
                    05:12:b8:fa:52:bc:cb:7f:62:9a:20:39:71:73:d5:
                    a2:3a:f3:d0:8b:d6:84:0d:e9:61:28:c7:ff:e3:51:
                    7d:ce:16:01:b7:a5:89:4c:d4:b6:93:76:13:da:27:
                    0a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D9:1E:28:A3:04:24:AD:65:52:00:ED:68:F0:A5:1A:39:2D:13:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c21a03d2-c335-42e6-bd75-5dc8f46efae5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.55.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         58:a2:75:12:24:fb:55:11:10:1c:0e:4d:68:bd:e3:c5:a6:d1:
         bf:cc:6e:d5:72:13:a3:3f:42:56:a8:a5:eb:02:90:f6:10:69:
         65:b8:1b:53:e0:bb:7f:df:57:2c:e7:ad:18:11:e3:6d:4d:38:
         a1:5a:91:59:84:df:30:91:45:5c:14:bc:fd:04:7b:8f:aa:99:
         26:46:6e:1a:af:bf:ed:d4:02:4c:4a:05:fa:af:49:e7:f0:ca:
         1a:c9:58:a1:44:58:f5:d2:4f:d0:21:35:c7:c0:1e:71:db:30:
         b9:2e:8e:d2:59:0c:e8:bd:63:1b:27:6d:b7:c7:ca:0a:73:6e:
         3e:9c:6b:82:aa:f2:d8:e6:e2:4a:93:07:ea:60:b6:a8:9f:16:
         01:cd:ab:9b:27:2c:c0:bb:4b:a0:c9:9a:4a:81:e6:99:9e:fd:
         81:85:43:96:1f:b6:16:41:49:f1:9c:2c:54:55:6d:e3:96:38:
         bc:2d:b9:ca:b9:5b:1a:85:e1:94:38:da:f2:f8:87:e3:93:74:
         0c:31:7a:d7:2d:a6:82:33:42:68:0a:f7:48:35:1a:74:85:d0:
         2d:08:4a:a5:db:b0:8f:1a:77:e7:54:d1:e5:46:ef:14:ba:d2:
         b1:f4:c2:5d:63:51:8b:ca:da:06:e0:98:ef:87:f0:1d:5c:ee:
         fe:34:f8:8d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUENKlZorTh3/d4SfcJ66Hayly7xEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NjUyZjExYzk1MjQ1MDYxZjBlMzU3ZjlhNDYyYzhmMjZj
YzU3ODE0NTkxMjRhYTUyYTdhY2NkZjg5MzdjNTg3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQQiVEWszDMlbNJG8v+QC8DKB7A/nJ5S4TzVDqiCWb6FyR
Dm7C3NqWhCcerkyNyONRo9WhrwwxtnUB9+xcxcNrmTOz0b4iTq8UwMCzf80IS3rY
KRFeAhj4RsrLMtSqJHB97waMPjiNh6kI1V2iYOXNA5glZ4Bln8O8isj+GeNP1HOg
HEQH2nmUXifRJfU1xGF+jHFmQLO023C0Er7AiwqWOQ3IWAfO1gb5nLqcyosahE3r
0njvjzVRSsFc3AZiPHtu5lvXPhfAhYN+ctF9tyhjJgUSuPpSvMt/YpogOXFz1aI6
89CL1oQN6WEox//jUX3OFgG3pYlM1LaTdhPaJwpdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPtkeKKMEJK1lUgDtaPClGjktE+0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyMWEwM2QyLWMzMzUtNDJlNi1iZDc1LTVkYzhmNDZlZmFlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2NzANBgkqhkiG9w0BAQsFAAOCAQEAWKJ1EiT7VREQHA5NaL3jxabRv8xu
1XIToz9CVqil6wKQ9hBpZbgbU+C7f99XLOetGBHjbU04oVqRWYTfMJFFXBS8/QR7
j6qZJkZuGq+/7dQCTEoF+q9J5/DKGslYoURY9dJP0CE1x8AecdswuS6O0lkM6L1j
Gydtt8fKCnNuPpxrgqry2ObiSpMH6mC2qJ8WAc2rmycswLtLoMmaSoHmmZ79gYVD
lh+2FkFJ8ZwsVFVt45Y4vC25yrlbGoXhlDja8viH45N0DDF61y2mgjNCaAr3SDUa
dIXQLQhKpduwjxp351TR5UbvFLrSsfTCXWNRi8raBuCY74fwHVzu/jT4jQ==
-----END CERTIFICATE-----