Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5715358-b449-42fe-9031-4085cda2dd36.roa
File:                     c5715358-b449-42fe-9031-4085cda2dd36.roa (raw, json)
Hash identifier:          1mNW2aqf9mPaK60YFSrPqpUtGnJK2vUBx0PxjsMUgRA=
Subject key identifier:   BD:A2:2E:D6:7C:45:8C:6D:61:DC:8B:B8:9A:D2:F7:43:50:18:7C:7B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4235A23B9D835648458C6FD24AB20334867E8A81
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5715358-b449-42fe-9031-4085cda2dd36.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        46.215.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:35:a2:3b:9d:83:56:48:45:8c:6f:d2:4a:b2:03:34:86:7e:8a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=db44a6af7b11c5243088925c6c384dc96fc836487c66d95d3bc079e2dcc9588c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ea:d2:2b:0e:af:04:f7:e5:69:f1:ef:55:a9:
                    a7:f1:e0:17:d1:09:79:bc:f4:d8:6e:d0:9f:2e:92:
                    15:b6:b5:bb:b9:22:00:67:2a:42:3e:e6:1c:32:92:
                    26:dd:81:55:9f:e2:1c:ee:41:94:d1:2d:8d:e9:af:
                    92:58:e1:5a:5d:11:41:8e:cc:ae:4f:0f:1b:56:55:
                    f2:fc:60:02:59:5a:9c:a1:b5:f8:e2:0b:df:f8:e2:
                    ff:52:65:7d:c9:cb:cd:b9:1c:03:1c:e4:14:c5:56:
                    12:7c:51:39:5d:0a:8e:50:e1:fe:d7:ac:45:c2:5c:
                    f4:dc:4f:2a:0e:9e:d7:5b:4f:4e:cf:04:ad:ef:1c:
                    02:41:fc:75:31:6e:e5:1d:88:3c:6d:bc:64:dd:5d:
                    d9:70:93:7e:2f:01:0a:35:1e:e0:16:80:b7:10:20:
                    af:7b:2c:61:7c:04:ff:40:64:c2:1f:cc:17:c1:d2:
                    e5:e6:c5:97:f3:11:b1:9f:e2:c9:6f:08:ce:71:64:
                    19:98:db:ac:d4:44:17:4b:0f:e1:bb:2e:f5:4d:f5:
                    d0:c2:c3:92:33:72:44:c8:17:35:5e:2a:eb:51:f6:
                    99:9d:20:6b:ab:ac:cb:40:ad:3b:09:4e:5d:c0:0f:
                    a2:12:1c:55:c0:6b:9f:02:72:b0:73:22:1a:65:14:
                    b2:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A2:2E:D6:7C:45:8C:6D:61:DC:8B:B8:9A:D2:F7:43:50:18:7C:7B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c5715358-b449-42fe-9031-4085cda2dd36.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.215.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:f3:e8:00:1b:18:ac:e5:4a:9d:eb:71:50:71:d5:c9:2c:f2:
         30:05:e6:2a:01:09:6a:95:c7:ad:d0:69:ab:99:a9:b5:78:38:
         03:88:03:9e:6f:af:ba:dc:05:a3:a5:5a:11:a7:ad:76:53:ca:
         56:97:7f:bf:e7:1a:c2:2e:92:2f:f6:2d:c9:0e:0d:76:97:b7:
         09:8e:b1:eb:ce:f6:6b:4a:4e:34:e8:0a:5b:3d:5e:f0:b0:a5:
         4c:ba:66:08:09:72:bf:c5:ae:63:51:29:57:48:de:b6:1f:75:
         f8:88:04:2b:ab:ac:ba:ad:26:79:ff:be:41:50:20:62:b2:5d:
         b5:18:07:12:c5:d5:cc:5c:0c:d0:1f:48:a7:8b:1e:63:ac:75:
         15:36:05:c4:bd:fb:f3:29:7c:15:a4:fa:64:43:c8:53:df:9c:
         92:5b:41:3b:28:ef:ab:eb:b4:69:67:9e:94:e1:3c:9b:ff:16:
         c0:7a:dc:a7:da:3d:7a:bf:b5:64:c1:73:19:bc:ad:63:d5:22:
         7f:7d:e3:a4:57:f5:8b:ce:30:a7:42:48:cf:fd:ca:05:48:b9:
         0d:83:ca:13:24:de:fd:0b:e2:e2:82:67:a6:f7:ae:1c:38:30:
         58:2c:2c:cb:27:2e:9c:5e:a7:4f:50:44:3c:b8:c1:99:54:64:
         ae:30:24:8a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQjWiO52DVkhFjG/SSrIDNIZ+ioEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYjQ0YTZhZjdiMTFjNTI0MzA4ODkyNWM2YzM4NGRjOTZm
YzgzNjQ4N2M2NmQ5NWQzYmMwNzllMmRjYzk1ODhjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDf6tIrDq8E9+Vp8e9Vqafx4BfRCXm89Nhu0J8ukhW2tbu5
IgBnKkI+5hwykibdgVWf4hzuQZTRLY3pr5JY4VpdEUGOzK5PDxtWVfL8YAJZWpyh
tfjiC9/44v9SZX3Jy825HAMc5BTFVhJ8UTldCo5Q4f7XrEXCXPTcTyoOntdbT07P
BK3vHAJB/HUxbuUdiDxtvGTdXdlwk34vAQo1HuAWgLcQIK97LGF8BP9AZMIfzBfB
0uXmxZfzEbGf4slvCM5xZBmY26zURBdLD+G7LvVN9dDCw5IzckTIFzVeKutR9pmd
IGurrMtArTsJTl3AD6ISHFXAa58CcrBzIhplFLJlAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvaIu1nxFjG1h3Iu4mtL3Q1AYfHswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M1NzE1MzU4LWI0NDktNDJmZS05MDMxLTQwODVjZGEyZGQzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAu1zANBgkqhkiG9w0BAQsFAAOCAQEAJ/PoABsYrOVKnetxUHHVySzyMAXm
KgEJapXHrdBpq5mptXg4A4gDnm+vutwFo6VaEaetdlPKVpd/v+cawi6SL/YtyQ4N
dpe3CY6x6872a0pONOgKWz1e8LClTLpmCAlyv8WuY1EpV0jeth91+IgEK6usuq0m
ef++QVAgYrJdtRgHEsXVzFwM0B9Ip4seY6x1FTYFxL378yl8FaT6ZEPIU9+ckltB
Oyjvq+u0aWeelOE8m/8WwHrcp9o9er+1ZMFzGbytY9Uif33jpFf1i84wp0JIz/3K
BUi5DYPKEyTe/Qvi4oJnpveuHDgwWCwsyycunF6nT1BEPLjBmVRkrjAkig==
-----END CERTIFICATE-----