Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4410a08-3523-4043-a09d-4fed13f9cf3e.roa
File:                     d4410a08-3523-4043-a09d-4fed13f9cf3e.roa (raw, json)
Hash identifier:          ouYDNiV8y8ckUKpwtkbgQF8cPZD187D0YvMwcDaDy9I=
Subject key identifier:   00:13:86:AD:11:93:34:4F:90:64:12:6A:44:9C:B0:1F:6E:0A:8F:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       49022A3A6013E27C5BE7AD626D856A81598DA034
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4410a08-3523-4043-a09d-4fed13f9cf3e.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        142.4.167.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:02:2a:3a:60:13:e2:7c:5b:e7:ad:62:6d:85:6a:81:59:8d:a0:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=1d961504985a2f27c956a40689ce3464f2ef0edc19ca71691c5dd0c3bad3e3af, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1d:96:05:0c:c7:88:6d:29:27:9f:1e:75:64:
                    5c:bc:04:e4:4b:7a:df:bd:e5:41:68:48:05:f6:d5:
                    a9:33:6a:6a:4c:e2:c8:b8:0d:ed:5c:6c:16:24:50:
                    6f:d1:e2:cc:dd:37:9e:86:11:d4:be:5a:98:ed:78:
                    58:51:5f:f9:80:6c:a9:46:17:ef:20:a2:fe:f8:cc:
                    fe:d8:c4:93:fe:58:3f:8b:a3:c5:19:25:bc:77:b5:
                    e4:1e:7f:23:9c:20:ff:b4:02:0b:ee:6c:e8:80:f5:
                    63:a1:d1:6b:dd:58:0a:24:24:7a:72:48:8e:c9:b4:
                    72:32:ee:45:47:ab:ac:79:29:e1:fe:21:26:98:fc:
                    1f:08:f3:0d:15:6d:61:09:2b:fc:09:33:00:9c:3d:
                    e8:34:c3:e2:a1:d9:90:2d:0d:4a:2c:35:6b:d0:45:
                    ef:4d:cf:bb:44:47:5c:26:89:eb:56:04:3c:ce:ea:
                    2e:bd:3f:c6:6d:ae:d4:d5:35:57:59:b5:59:70:dd:
                    d3:a2:7e:2c:f1:87:aa:12:cf:d8:8c:11:75:8b:60:
                    6a:47:c2:29:3a:a3:51:dc:05:7a:60:32:6d:3e:20:
                    6c:4e:e8:31:97:ad:fa:02:ac:64:f6:72:8c:bc:75:
                    ea:3b:65:80:0e:76:ed:d7:b9:54:34:00:c6:f9:38:
                    cc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:13:86:AD:11:93:34:4F:90:64:12:6A:44:9C:B0:1F:6E:0A:8F:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4410a08-3523-4043-a09d-4fed13f9cf3e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  142.4.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6f:30:5e:e5:2b:1c:a3:93:c9:a1:db:64:73:8e:5f:02:aa:
         41:45:1f:3e:e8:85:f0:58:28:9d:9c:98:ff:90:5c:37:ce:6d:
         5a:17:a8:63:7a:81:75:f9:2e:4e:f6:5d:fa:6e:39:8e:4b:fa:
         78:30:56:9e:43:ff:d9:51:de:76:4c:9e:a3:d9:4a:27:92:2f:
         e5:fc:80:b9:c5:8e:8a:95:c3:95:70:88:a4:4f:92:a4:93:9c:
         75:fe:ef:a5:74:2a:0b:1d:a1:0f:8e:52:99:d0:8c:fb:8e:9b:
         4a:ea:58:2c:ee:7d:02:b7:da:dd:ba:35:f3:8a:94:35:d6:cb:
         b5:6a:3e:a3:ba:65:e3:7b:ec:f4:73:de:52:80:2b:ae:74:71:
         30:c0:74:d7:d2:4f:d9:ff:5b:b1:58:e0:e6:c0:a7:2b:75:ae:
         35:cc:97:9b:11:a2:30:68:65:58:14:18:9d:a4:8b:e8:fb:04:
         ee:93:54:6b:35:10:76:dd:85:63:6c:a3:4a:7c:84:e3:86:84:
         db:77:3d:bf:a2:ec:4c:37:00:8b:b2:d8:00:25:80:00:61:6b:
         01:1d:c4:2a:7f:cb:ac:a8:75:c2:e0:1a:5c:e0:2b:0c:fb:00:
         3e:4e:1a:84:06:b9:a4:5e:08:29:60:6e:33:b0:84:c6:4d:cf:
         40:18:10:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSQIqOmAT4nxb561ibYVqgVmNoDQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZDk2MTUwNDk4NWEyZjI3Yzk1NmE0MDY4OWNlMzQ2NGYy
ZWYwZWRjMTljYTcxNjkxYzVkZDBjM2JhZDNlM2FmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCkHZYFDMeIbSknnx51ZFy8BORLet+95UFoSAX21akzampM
4si4De1cbBYkUG/R4szdN56GEdS+WpjteFhRX/mAbKlGF+8gov74zP7YxJP+WD+L
o8UZJbx3teQefyOcIP+0AgvubOiA9WOh0WvdWAokJHpySI7JtHIy7kVHq6x5KeH+
ISaY/B8I8w0VbWEJK/wJMwCcPeg0w+Kh2ZAtDUosNWvQRe9Nz7tER1wmietWBDzO
6i69P8ZtrtTVNVdZtVlw3dOifizxh6oSz9iMEXWLYGpHwik6o1HcBXpgMm0+IGxO
6DGXrfoCrGT2coy8deo7ZYAOdu3XuVQ0AMb5OMxPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUABOGrRGTNE+QZBJqRJywH24Kj7kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0NDEwYTA4LTM1MjMtNDA0My1hMDlkLTRmZWQxM2Y5Y2YzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACOBKcwDQYJKoZIhvcNAQELBQADggEBABxvMF7lKxyjk8mh22Rzjl8CqkFF
Hz7ohfBYKJ2cmP+QXDfObVoXqGN6gXX5Lk72XfpuOY5L+ngwVp5D/9lR3nZMnqPZ
SieSL+X8gLnFjoqVw5VwiKRPkqSTnHX+76V0KgsdoQ+OUpnQjPuOm0rqWCzufQK3
2t26NfOKlDXWy7VqPqO6ZeN77PRz3lKAK650cTDAdNfST9n/W7FY4ObApyt1rjXM
l5sRojBoZVgUGJ2ki+j7BO6TVGs1EHbdhWNso0p8hOOGhNt3Pb+i7Ew3AIuy2AAl
gABhawEdxCp/y6yodcLgGlzgKwz7AD5OGoQGuaReCClgbjOwhMZNz0AYEMQ=
-----END CERTIFICATE-----