Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cbc8f4e9-fdf8-4029-9d07-d4d149f26c39.roa
File:                     cbc8f4e9-fdf8-4029-9d07-d4d149f26c39.roa (raw, json)
Hash identifier:          BfEjw8wZ6wo1NpvxC/niZVjpgZ/loKs+VW6GwCZzVgA=
Subject key identifier:   03:5A:B4:EC:36:0E:46:38:36:53:A7:25:30:6E:3E:92:DD:7D:F9:BF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       514C80940B2E131BECAF1DD476AF7D4F69C0C043
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cbc8f4e9-fdf8-4029-9d07-d4d149f26c39.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        135.133.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:4c:80:94:0b:2e:13:1b:ec:af:1d:d4:76:af:7d:4f:69:c0:c0:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: serialNumber=baaacfb3613b355cd268be19aa4ee16c3281f65b55d7b7f9c93d1853df547312, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:89:49:9b:b5:d9:a6:a3:d6:3e:dc:74:68:6f:
                    33:b0:03:2d:4d:88:7c:94:28:0e:1a:ef:ba:e3:e0:
                    35:a2:89:1c:99:0d:b0:4c:30:d4:be:ad:10:57:7b:
                    16:82:8e:42:0d:1e:13:24:be:8f:d6:51:31:90:47:
                    8d:46:6a:7a:b9:f7:f7:69:ba:25:6d:13:e6:cf:d4:
                    b7:04:46:f9:18:b8:e0:78:09:d8:45:b5:37:63:43:
                    ec:14:9d:71:bf:72:82:57:df:56:38:75:7e:1e:78:
                    21:a5:71:55:ec:b4:d9:09:16:9d:e9:75:41:10:32:
                    1f:ed:27:37:31:02:e8:bb:54:e6:3f:1e:41:e6:31:
                    50:89:c5:be:3c:d3:bf:61:a1:4a:45:72:9f:9e:69:
                    6c:12:dd:7c:f0:7f:17:fd:c7:d0:04:ee:42:9f:13:
                    eb:70:a3:21:55:8b:e7:51:17:01:49:ee:b1:a1:e5:
                    ad:32:a5:10:46:74:1c:31:c8:c4:f0:2d:15:1a:e2:
                    c6:48:09:ba:db:ee:e7:8b:c6:c9:45:c0:cd:07:25:
                    82:55:da:4e:01:e1:d7:b3:04:89:28:89:de:c8:b2:
                    aa:8f:b7:4d:2e:3a:80:4f:6a:08:dc:73:4b:76:41:
                    16:9b:74:27:86:a1:6f:fa:79:04:29:83:c1:a7:29:
                    6b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:5A:B4:EC:36:0E:46:38:36:53:A7:25:30:6E:3E:92:DD:7D:F9:BF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cbc8f4e9-fdf8-4029-9d07-d4d149f26c39.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  135.133.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c5:aa:cf:73:c7:89:67:9e:7b:00:07:90:8d:6d:f8:6b:76:22:
         38:6a:21:7d:47:df:28:ff:10:92:3a:62:16:2a:b5:96:69:95:
         61:d9:53:9d:fa:7c:81:8d:7e:e6:31:f5:3f:48:f8:d8:10:fa:
         e6:25:6d:54:dc:37:b0:af:e3:15:b7:65:c8:f6:2e:dd:98:66:
         62:94:9a:70:a9:73:4e:9e:00:b3:bd:68:1d:72:e3:13:10:64:
         e5:7a:54:8c:ba:99:80:67:26:36:97:2d:43:24:f6:58:fc:0a:
         aa:3e:72:ad:24:e7:5f:46:65:96:ce:a4:9a:94:33:3c:ab:e0:
         7e:a9:2d:92:9d:50:b3:b5:eb:18:df:2a:9c:f5:8c:56:18:2b:
         a3:70:52:04:ab:11:a8:10:47:7d:64:57:18:6a:aa:21:09:21:
         22:46:ce:fe:b4:27:17:d2:35:5f:99:d4:ef:8a:c3:89:6b:a5:
         37:ee:98:99:4a:87:db:a9:db:cf:43:37:28:47:3f:5d:28:c2:
         c4:27:2d:71:e8:4b:1d:c9:08:4a:4f:70:6e:19:30:21:76:2c:
         59:55:5f:2a:e9:29:71:32:d9:6d:ef:dd:34:0f:81:bb:c3:b5:
         4b:06:b3:2d:5d:06:06:15:98:54:d5:10:55:f8:96:58:ff:41:
         64:de:28:66
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUUyAlAsuExvsrx3Udq99T2nAwEMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0BiYWFhY2ZiMzYxM2IzNTVjZDI2OGJlMTlhYTRlZTE2YzMy
ODFmNjViNTVkN2I3ZjljOTNkMTg1M2RmNTQ3MzEyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDiUmbtdmmo9Y+3HRobzOwAy1NiHyUKA4a77rj4DWiiRyZ
DbBMMNS+rRBXexaCjkINHhMkvo/WUTGQR41Ganq59/dpuiVtE+bP1LcERvkYuOB4
CdhFtTdjQ+wUnXG/coJX31Y4dX4eeCGlcVXstNkJFp3pdUEQMh/tJzcxAui7VOY/
HkHmMVCJxb48079hoUpFcp+eaWwS3Xzwfxf9x9AE7kKfE+twoyFVi+dRFwFJ7rGh
5a0ypRBGdBwxyMTwLRUa4sZICbrb7ueLxslFwM0HJYJV2k4B4dezBIkoid7IsqqP
t00uOoBPagjcc0t2QRabdCeGoW/6eQQpg8GnKWsBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUA1q07DYORjg2U6clMG4+kt19+b8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NiYzhmNGU5LWZkZjgtNDAyOS05ZDA3LWQ0ZDE0OWYyNmMzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCHhTANBgkqhkiG9w0BAQsFAAOCAQEAxarPc8eJZ557AAeQjW34a3YiOGoh
fUffKP8QkjpiFiq1lmmVYdlTnfp8gY1+5jH1P0j42BD65iVtVNw3sK/jFbdlyPYu
3ZhmYpSacKlzTp4As71oHXLjExBk5XpUjLqZgGcmNpctQyT2WPwKqj5yrSTnX0Zl
ls6kmpQzPKvgfqktkp1Qs7XrGN8qnPWMVhgro3BSBKsRqBBHfWRXGGqqIQkhIkbO
/rQnF9I1X5nU74rDiWulN+6YmUqH26nbz0M3KEc/XSjCxCctcehLHckISk9wbhkw
IXYsWVVfKukpcTLZbe/dNA+Bu8O1SwazLV0GBhWYVNUQVfiWWP9BZN4oZg==
-----END CERTIFICATE-----