Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/e3c245b9-0844-4ece-b6a0-0aed8003b186.roa
File:                     e3c245b9-0844-4ece-b6a0-0aed8003b186.roa (raw, json)
Hash identifier:          Ck9uUUSUF/XcUqKk2vySW46Bvv+Fq0DfWaxHdtsszOo=
Subject key identifier:   C8:81:5B:03:68:03:3E:2C:35:35:10:E7:74:61:B3:9E:73:C0:17:4A
Certificate issuer:       /CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
Certificate serial:       73D7677A55972FA15E893299B8B891D8B56822DE
Authority key identifier: E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/e3c245b9-0844-4ece-b6a0-0aed8003b186.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        205.251.224.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:d7:67:7a:55:97:2f:a1:5e:89:32:99:b8:b8:91:d8:b5:68:22:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=9f230fa9-aa2f-4020-ae2a-1a60374084b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1e:e4:29:72:de:33:37:4b:10:13:cd:d6:1d:
                    35:01:df:00:8b:82:50:09:e7:a8:1e:01:b3:80:e9:
                    32:ff:ec:3f:46:94:08:dc:7e:61:d1:0e:d5:82:ef:
                    09:04:93:90:13:7d:9b:e3:d2:08:61:ff:ab:3c:53:
                    ff:1b:20:d4:27:fa:8a:e6:13:77:60:f2:7a:3c:9c:
                    0a:e2:73:bd:97:1d:33:8a:9a:3c:c8:df:c3:ae:22:
                    1b:7f:43:0b:0a:71:88:68:e1:e5:79:46:ca:fc:67:
                    15:09:1c:c7:b1:ee:72:a1:08:eb:ab:7a:48:61:54:
                    42:82:16:96:45:88:a5:26:76:31:e3:86:a6:14:ae:
                    60:a7:5d:a7:92:af:32:c0:e9:f7:f5:35:bf:96:c0:
                    ea:6f:60:33:da:3d:89:a6:a1:f0:31:ae:bb:6f:55:
                    d3:73:66:68:c0:34:75:0a:df:18:37:c3:53:36:f2:
                    c9:98:cf:19:08:29:6d:8b:45:82:c4:3a:e4:de:f2:
                    91:64:12:e6:4e:83:8c:67:89:8f:8a:a7:d9:27:72:
                    ce:f9:41:bc:c2:24:f9:a4:b0:7b:6d:35:4c:23:56:
                    00:bc:86:fc:10:8c:4e:ba:00:a1:e8:fb:88:da:27:
                    55:60:1e:89:1c:16:16:34:25:7b:2d:9f:11:e2:c7:
                    4a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:81:5B:03:68:03:3E:2C:35:35:10:E7:74:61:B3:9E:73:C0:17:4A
            X509v3 Authority Key Identifier:
                keyid:E8:F3:C5:20:E2:0E:F2:5D:3A:B7:A2:16:BB:14:04:31:6A:37:38:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/f60c9f32-a87c-4339-a2f3-6299a3b02e29/99f8fed2-292b-4722-b928-fee7bf0a5910/551209027f5e7ad54e04f042e4ac0e9e65c56e55c77478d2ce.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/e3c245b9-0844-4ece-b6a0-0aed8003b186.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e7518af5-a343-428d-bf78-f982b6e60505/XnrVTgTwQuSsDp5lxW5Vx3R40s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.251.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:46:46:34:25:e3:40:4c:c5:38:6c:97:64:80:22:89:09:fb:
         99:30:93:60:71:e1:81:a3:c7:36:b3:15:a6:fd:c4:e2:1b:d7:
         db:1e:6f:46:e4:d3:90:f2:ad:97:3b:7d:ad:f5:ba:db:fd:6c:
         e2:a3:64:92:7f:33:44:c7:19:9d:26:15:a6:f0:b6:35:5f:06:
         e0:b8:2f:37:d0:dd:bf:61:04:ac:fd:43:c9:8c:b3:32:ba:64:
         01:1a:22:c7:d6:e3:57:6b:72:b2:d6:61:45:df:6b:8a:ea:77:
         4b:28:a1:c7:d4:ae:56:8b:7a:43:4a:bd:2e:d8:04:9f:51:35:
         42:81:11:08:be:e9:ca:f4:38:84:36:bd:d9:2c:25:8d:78:c9:
         aa:80:8a:4a:63:34:a7:02:60:43:d2:88:66:11:07:56:c3:69:
         64:74:ad:a5:b4:50:b8:9c:53:b0:87:7a:1c:25:44:90:35:e4:
         92:f7:07:4f:c1:4b:a4:98:be:3e:51:4c:39:6e:ee:29:67:92:
         41:87:6f:90:a9:ca:d0:35:7e:7b:bf:3f:43:9a:11:18:c3:71:
         3e:c3:71:dc:cf:c7:44:a8:2f:dc:16:0f:ea:5f:b1:6a:0a:6d:
         f0:a1:c3:48:4b:72:6a:70:52:c1:58:75:d6:33:df:28:45:40:
         cc:a3:aa:e6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc9dnelWXL6FeiTKZuLiR2LVoIt4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNTUxMjA5MDI3ZjVlN2FkNTRlMDRmMDQyZTRhYzBlOWU2
NWM1NmU1NWM3NzQ3OGQyY2UwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTU2Y2MzNDJkZjYxYmRlNTU2MDJmMjY0ZjRjNGIyMGQ3
MjJmODNlZmU5MGQzMWRhMGQ5M2JlZjYxNGIxNDhiMS0wKwYDVQQDEyQ5ZjIzMGZh
OS1hYTJmLTQwMjAtYWUyYS0xYTYwMzc0MDg0YjgwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDfHuQpct4zN0sQE83WHTUB3wCLglAJ56geAbOA6TL/7D9G
lAjcfmHRDtWC7wkEk5ATfZvj0ghh/6s8U/8bINQn+ormE3dg8no8nAric72XHTOK
mjzI38OuIht/QwsKcYho4eV5Rsr8ZxUJHMex7nKhCOurekhhVEKCFpZFiKUmdjHj
hqYUrmCnXaeSrzLA6ff1Nb+WwOpvYDPaPYmmofAxrrtvVdNzZmjANHUK3xg3w1M2
8smYzxkIKW2LRYLEOuTe8pFkEuZOg4xniY+Kp9kncs75QbzCJPmksHttNUwjVgC8
hvwQjE66AKHo+4jaJ1VgHokcFhY0JXstnxHix0pfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyIFbA2gDPiw1NRDndGGznnPAF0owHwYDVR0jBBgwFoAU6PPFIOIO8l06
t6IWuxQEMWo3OPEwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
L2Y2MGM5ZjMyLWE4N2MtNDMzOS1hMmYzLTYyOTlhM2IwMmUyOS85OWY4ZmVkMi0y
OTJiLTQ3MjItYjkyOC1mZWU3YmYwYTU5MTAvNTUxMjA5MDI3ZjVlN2FkNTRlMDRm
MDQyZTRhYzBlOWU2NWM1NmU1NWM3NzQ3OGQyY2UuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTc1MThhZjUtYTM0My00MjhkLWJmNzgtZjk4
MmI2ZTYwNTA1L2UzYzI0NWI5LTA4NDQtNGVjZS1iNmEwLTBhZWQ4MDAzYjE4Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3NTE4YWY1LWEzNDMtNDI4ZC1iZjc4
LWY5ODJiNmU2MDUwNS9YbnJWVGdUd1F1U3NEcDVseFc1VngzUjQwczQuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADN++AwDQYJKoZIhvcNAQELBQADggEBAGhGRjQl40BMxThsl2SAIokJ+5kw
k2Bx4YGjxzazFab9xOIb19seb0bk05DyrZc7fa31utv9bOKjZJJ/M0THGZ0mFabw
tjVfBuC4LzfQ3b9hBKz9Q8mMszK6ZAEaIsfW41drcrLWYUXfa4rqd0soocfUrlaL
ekNKvS7YBJ9RNUKBEQi+6cr0OIQ2vdksJY14yaqAikpjNKcCYEPSiGYRB1bDaWR0
raW0ULicU7CHehwlRJA15JL3B0/BS6SYvj5RTDlu7ilnkkGHb5CpytA1fnu/P0Oa
ERjDcT7DcdzPx0SoL9wWD+pfsWoKbfChw0hLcmpwUsFYddYz3yhFQMyjquY=
-----END CERTIFICATE-----