Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4425922-976b-4593-b45d-9da7c30dc49f.roa
File:                     d4425922-976b-4593-b45d-9da7c30dc49f.roa (raw, json)
Hash identifier:          9GcjBODddM5Q5eC/ZmalLuky0mNZGwx/aM+OguB1yic=
Subject key identifier:   1A:7F:53:70:31:3A:CA:EF:A4:86:60:54:23:71:45:89:1E:34:8A:D6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       693D96EAB942449841E1B42F0D2E0982FB8D81DF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4425922-976b-4593-b45d-9da7c30dc49f.roa
Signing time:             Sat 07 Dec 2024 00:00:00 +0000
ROA not before:           Sat 07 Dec 2024 00:00:00 +0000
ROA not after:            Sat 11 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        206.72.209.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:3d:96:ea:b9:42:44:98:41:e1:b4:2f:0d:2e:09:82:fb:8d:81:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  7 00:00:00 2024 GMT
            Not After : Jan 11 23:59:59 2025 GMT
        Subject: serialNumber=dbb5fb4f8ef01d6dfe18611b795bc928167c24f40614dba9238e068e5015155c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:29:2f:e1:b0:a2:8c:ab:42:71:f2:70:76:e9:
                    d4:a6:1a:a8:13:85:51:0f:d4:f3:ab:fb:13:d8:97:
                    fc:75:b0:41:6d:42:e4:15:2f:82:08:23:33:9f:9c:
                    ee:0e:cd:ec:7f:fd:27:1e:3e:72:f7:e6:e5:a9:17:
                    ca:77:d2:1d:b2:5c:41:36:eb:5e:51:7d:17:2c:79:
                    c2:73:c4:83:18:ac:8b:df:1d:02:33:49:21:c3:d6:
                    24:fc:44:82:6c:59:8a:f6:e2:47:75:e8:ad:d9:0f:
                    1d:13:61:70:b9:98:1f:cd:16:03:c9:ee:8d:8c:a3:
                    72:f6:3d:16:d7:f5:92:02:93:6e:c6:65:20:35:c3:
                    00:c6:97:f3:a4:28:92:02:d8:7d:ef:3c:99:f4:d4:
                    f4:76:ad:4f:dc:b8:71:0c:d4:14:2b:8a:42:dc:f8:
                    18:09:a8:68:13:7e:a7:c9:38:3e:14:43:1e:14:83:
                    42:32:49:20:c3:65:0b:e1:00:12:7a:fb:1c:2e:31:
                    f7:e4:65:0b:12:c2:2d:f8:4b:13:8b:e2:a1:f5:80:
                    50:f8:4d:60:44:e6:17:d4:58:e0:a5:08:b8:57:91:
                    dc:ad:40:56:6a:13:d5:5d:87:b0:a0:1a:d2:a4:b1:
                    61:e9:9a:cc:90:bb:95:e4:46:a6:ef:45:5f:58:df:
                    69:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7F:53:70:31:3A:CA:EF:A4:86:60:54:23:71:45:89:1E:34:8A:D6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4425922-976b-4593-b45d-9da7c30dc49f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.72.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:b7:89:12:d0:46:c3:2a:54:7d:7c:af:d4:9e:6c:ed:95:92:
         6b:91:62:e6:46:3f:01:28:31:9b:ea:e8:cd:05:42:3c:10:ca:
         75:13:d0:3e:ba:c8:0d:90:64:83:58:92:3c:39:02:b1:b0:db:
         da:2a:61:ec:36:55:77:03:cf:04:9c:5a:3b:7b:df:74:92:e5:
         55:13:d5:e8:2d:57:2b:71:cc:e7:66:f5:f1:30:c7:08:75:4d:
         af:44:d6:f8:8b:d4:ad:87:e2:0c:43:97:41:56:ef:ed:9f:dc:
         8e:92:cb:53:bd:19:51:99:0f:d7:ec:54:cb:d3:fa:e3:0f:11:
         42:2a:e1:8c:ee:44:db:33:90:d8:f6:44:b3:d1:57:91:ae:e2:
         d3:fb:77:58:36:bd:8d:4b:76:27:9d:97:22:e3:23:e9:0f:48:
         ed:ed:30:f2:9b:36:a7:ce:65:e3:b2:79:bd:61:66:33:64:20:
         70:0f:fb:06:72:ed:6d:d1:2b:4e:82:9c:6d:d9:1f:89:e5:dc:
         ad:a9:75:f1:5f:44:8d:b4:dc:0d:2f:5b:6f:cd:42:c9:1b:0d:
         fa:6b:39:63:94:e6:d5:82:59:58:39:37:a6:5b:0a:61:5c:24:
         8f:9d:92:74:5f:fc:89:ce:f0:8d:a2:3f:2b:2e:e7:1b:ff:15:
         8c:47:8f:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaT2W6rlCRJhB4bQvDS4JgvuNgd8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjA3MDAwMDAwWhcNMjUwMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYmI1ZmI0ZjhlZjAxZDZkZmUxODYxMWI3OTViYzkyODE2
N2MyNGY0MDYxNGRiYTkyMzhlMDY4ZTUwMTUxNTVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCwKS/hsKKMq0Jx8nB26dSmGqgThVEP1POr+xPYl/x1sEFt
QuQVL4IIIzOfnO4Ozex//ScePnL35uWpF8p30h2yXEE2615RfRcsecJzxIMYrIvf
HQIzSSHD1iT8RIJsWYr24kd16K3ZDx0TYXC5mB/NFgPJ7o2Mo3L2PRbX9ZICk27G
ZSA1wwDGl/OkKJIC2H3vPJn01PR2rU/cuHEM1BQrikLc+BgJqGgTfqfJOD4UQx4U
g0IySSDDZQvhABJ6+xwuMffkZQsSwi34SxOL4qH1gFD4TWBE5hfUWOClCLhXkdyt
QFZqE9Vdh7CgGtKksWHpmsyQu5XkRqbvRV9Y32lhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGn9TcDE6yu+khmBUI3FFiR40itYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0NDI1OTIyLTk3NmItNDU5My1iNDVkLTlkYTdjMzBkYzQ5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADOSNEwDQYJKoZIhvcNAQELBQADggEBADm3iRLQRsMqVH18r9SebO2VkmuR
YuZGPwEoMZvq6M0FQjwQynUT0D66yA2QZINYkjw5ArGw29oqYew2VXcDzwScWjt7
33SS5VUT1egtVytxzOdm9fEwxwh1Ta9E1viL1K2H4gxDl0FW7+2f3I6Sy1O9GVGZ
D9fsVMvT+uMPEUIq4YzuRNszkNj2RLPRV5Gu4tP7d1g2vY1LdiedlyLjI+kPSO3t
MPKbNqfOZeOyeb1hZjNkIHAP+wZy7W3RK06CnG3ZH4nl3K2pdfFfRI203A0vW2/N
QskbDfprOWOU5tWCWVg5N6ZbCmFcJI+dknRf/InO8I2iPysu5xv/FYxHj0I=
-----END CERTIFICATE-----