Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feb380ed-b38c-4bbe-b2c1-4f0e602093da.roa
File:                     feb380ed-b38c-4bbe-b2c1-4f0e602093da.roa (raw, json)
Hash identifier:          jwqfwQDk/PV1xvi2KT4rIy5TH58A8bp/qSGaPrrs/HU=
Subject key identifier:   87:79:E1:C0:EB:5E:D3:39:39:0C:C3:16:32:32:D0:F5:6E:5C:21:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B9B3C97453395FB29788FEB2F17DCF2321ECC82
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feb380ed-b38c-4bbe-b2c1-4f0e602093da.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        204.39.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:9b:3c:97:45:33:95:fb:29:78:8f:eb:2f:17:dc:f2:32:1e:cc:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=f1842f3d7378b7a3c2e5296bae1fc55f7e2466711191fcc26f16cd7f58d7b70a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7d:78:2e:8f:9c:46:02:a2:d1:2d:39:d6:6e:
                    1d:c9:05:b3:4c:a8:12:4e:c5:7f:43:83:ec:70:7b:
                    5c:83:20:57:98:48:43:5c:6f:3d:5d:60:ae:27:c5:
                    d4:19:0b:9b:f4:ab:df:5f:d8:c0:a9:9d:72:81:76:
                    31:46:1e:e3:e7:d1:1e:71:8a:56:35:b3:bb:af:f6:
                    8a:af:6b:7c:a8:75:d2:84:5a:9b:d3:53:31:60:9d:
                    b6:4c:e5:d7:36:a3:9c:3c:c6:63:a6:72:18:37:e3:
                    4b:10:39:4a:29:2d:4d:0e:4c:a4:16:64:40:71:70:
                    ea:59:c7:27:9d:04:60:54:25:35:25:88:f5:9f:ab:
                    66:c4:99:b2:43:b7:f9:5b:ae:75:a1:22:a6:50:e3:
                    21:61:92:c3:9c:54:12:dc:62:b0:a2:99:f7:a6:da:
                    d3:34:47:d1:66:df:6f:6c:97:29:5e:3d:75:d1:9e:
                    4e:3a:06:a1:88:d2:ef:63:00:65:22:61:31:6e:88:
                    4f:c6:de:cf:8d:b3:0d:08:e9:fa:8e:5b:47:76:69:
                    bb:b0:b9:e4:d9:29:9a:e7:05:42:b4:78:62:ab:ec:
                    a2:7e:10:46:ae:3d:c5:59:13:da:a9:47:0b:6f:b9:
                    e7:10:f0:89:31:6b:4e:c2:71:06:7c:02:70:c1:d7:
                    3b:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:79:E1:C0:EB:5E:D3:39:39:0C:C3:16:32:32:D0:F5:6E:5C:21:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/feb380ed-b38c-4bbe-b2c1-4f0e602093da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.39.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         ce:5d:bf:b5:88:47:cc:60:13:7c:68:63:87:99:a4:a7:e1:79:
         b2:ca:3e:d1:2a:20:ff:c2:0f:4c:3d:13:ed:24:51:7f:e0:73:
         2d:c8:47:e6:9b:cd:b2:ad:24:b5:af:bf:64:2a:50:51:32:f6:
         ae:b7:7c:78:29:f3:6f:50:b6:42:8c:b1:ea:97:06:81:ac:06:
         da:68:b3:a1:fe:63:71:1c:95:a4:9d:be:3b:78:cf:5b:66:e3:
         a7:b9:f4:39:bf:2a:c2:59:1a:2e:61:c9:06:56:c1:79:5b:82:
         70:15:bf:19:17:71:d7:02:62:e1:c8:c5:a9:50:1d:5b:f9:58:
         d9:7c:5c:8c:74:15:3d:62:af:55:ce:e3:37:36:ef:b3:2e:03:
         40:04:6b:25:ea:81:2d:84:f3:64:1b:8b:4c:f3:0b:90:7b:1d:
         9d:e9:6e:4e:1a:bb:a4:ee:8a:69:67:c4:6b:db:53:b0:76:25:
         9e:86:e3:62:03:60:d1:bf:37:a0:af:97:0c:2d:6b:6e:65:5c:
         90:3b:04:7a:fb:76:da:06:5b:60:71:dc:ac:cf:0c:bd:9c:b4:
         6b:f6:45:3b:ce:00:de:35:ea:5a:76:7a:11:67:e1:b9:94:dd:
         1c:53:3f:5c:07:e4:b6:a5:9d:d8:2d:42:21:41:f4:e7:67:7d:
         60:1d:17:41
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK5s8l0UzlfspeI/rLxfc8jIezIIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTg0MmYzZDczNzhiN2EzYzJlNTI5NmJhZTFmYzU1Zjdl
MjQ2NjcxMTE5MWZjYzI2ZjE2Y2Q3ZjU4ZDdiNzBhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYfXguj5xGAqLRLTnWbh3JBbNMqBJOxX9Dg+xwe1yDIFeY
SENcbz1dYK4nxdQZC5v0q99f2MCpnXKBdjFGHuPn0R5xilY1s7uv9oqva3yoddKE
WpvTUzFgnbZM5dc2o5w8xmOmchg340sQOUopLU0OTKQWZEBxcOpZxyedBGBUJTUl
iPWfq2bEmbJDt/lbrnWhIqZQ4yFhksOcVBLcYrCimfem2tM0R9Fm329slylePXXR
nk46BqGI0u9jAGUiYTFuiE/G3s+Nsw0I6fqOW0d2abuwueTZKZrnBUK0eGKr7KJ+
EEauPcVZE9qpRwtvuecQ8Ikxa07CcQZ8AnDB1ztPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUh3nhwOte0zk5DMMWMjLQ9W5cIS4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZlYjM4MGVkLWIzOGMtNGJiZS1iMmMxLTRmMGU2MDIwOTNkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfMJwAwDQYJKoZIhvcNAQELBQADggEBAM5dv7WIR8xgE3xoY4eZpKfhebLK
PtEqIP/CD0w9E+0kUX/gcy3IR+abzbKtJLWvv2QqUFEy9q63fHgp829QtkKMseqX
BoGsBtpos6H+Y3EclaSdvjt4z1tm46e59Dm/KsJZGi5hyQZWwXlbgnAVvxkXcdcC
YuHIxalQHVv5WNl8XIx0FT1ir1XO4zc277MuA0AEayXqgS2E82Qbi0zzC5B7HZ3p
bk4au6TuimlnxGvbU7B2JZ6G42IDYNG/N6Cvlwwta25lXJA7BHr7dtoGW2Bx3KzP
DL2ctGv2RTvOAN416lp2ehFn4bmU3RxTP1wH5LalndgtQiFB9OdnfWAdF0E=
-----END CERTIFICATE-----