Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0364ab8d-ad59-40f9-a140-7bb40cb409fa.roa
File:                     0364ab8d-ad59-40f9-a140-7bb40cb409fa.roa (raw, json)
Hash identifier:          lCOMEVYilyEsIuNOUn+Qjyd47r5uTAuqekKgCKg/2IU=
Subject key identifier:   90:92:C5:24:87:8C:F4:B7:04:61:C6:C9:4E:D5:62:8D:A9:29:93:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77F35E6AC73F684B3C2AE7A7971ACD8A2A794B82
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0364ab8d-ad59-40f9-a140-7bb40cb409fa.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        139.89.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:f3:5e:6a:c7:3f:68:4b:3c:2a:e7:a7:97:1a:cd:8a:2a:79:4b:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=173cb75a80512bdc5ba5bf441f7e9faf5b7fbd5511b27b259c76b4af411c2462, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:0c:cf:9b:66:7b:a3:6c:b2:c2:04:86:d9:05:
                    e9:d4:94:7f:5f:bc:68:7d:f7:64:05:a7:46:1b:c8:
                    95:73:ca:6a:26:37:76:4d:a8:8c:12:4e:24:02:5c:
                    a2:da:aa:ab:d6:31:a3:5b:a8:ec:d2:a9:2f:db:6f:
                    8e:6c:ad:c0:20:51:22:01:e4:9b:2f:5a:27:47:21:
                    3e:b2:14:b8:b2:f6:bb:e9:ae:6f:71:07:c1:be:2f:
                    ac:41:31:e3:1d:fe:1a:27:27:17:ed:0c:da:3c:ac:
                    31:c8:8a:32:31:94:a7:72:81:b6:fc:ad:75:5b:2b:
                    a8:10:5a:16:e2:d3:85:0e:c8:a2:52:d7:f1:9e:37:
                    78:e8:6d:ac:b5:3e:ec:0d:34:11:cc:56:5e:f0:39:
                    19:1d:ed:bb:58:58:15:bd:4c:bb:b4:bf:0d:2f:3f:
                    cd:73:fa:44:fa:f2:6b:62:1d:e1:c7:5b:1a:11:37:
                    51:47:8f:6e:25:db:b4:e4:be:43:4d:9a:10:b4:b6:
                    22:7d:62:f5:73:3e:e1:1b:bc:bf:13:4f:e4:36:a3:
                    f8:04:f1:51:2e:16:8e:86:cd:68:5c:82:4f:dd:0a:
                    e0:a3:ed:95:aa:dd:c8:60:5a:65:62:df:32:a0:3a:
                    26:23:45:25:32:33:0e:ba:86:17:56:88:e9:74:37:
                    85:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:92:C5:24:87:8C:F4:B7:04:61:C6:C9:4E:D5:62:8D:A9:29:93:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0364ab8d-ad59-40f9-a140-7bb40cb409fa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4e:3c:ad:f0:b5:d5:03:3a:fd:3b:3e:af:ae:af:d4:02:42:d3:
         fa:5c:99:f1:bb:e8:f1:f5:26:69:ad:c2:07:81:04:f6:aa:61:
         6a:f9:41:f9:bd:da:ef:b7:d2:d7:22:32:b7:37:d9:4d:81:ad:
         dd:95:b7:09:1d:e7:e9:df:13:6f:cc:d9:79:ef:8e:17:ef:86:
         d2:f9:45:3e:fb:97:9c:5c:da:b7:2e:47:42:26:d1:d1:a8:f3:
         63:c8:5e:dd:6a:65:f3:3f:fc:50:31:ab:e9:19:a6:63:10:21:
         0e:44:ba:a7:fb:42:f3:f9:1b:f3:8a:3d:21:3f:77:64:03:4c:
         e7:cc:b8:a2:d2:cb:e8:43:aa:c2:4c:97:93:fb:da:e5:5f:65:
         c6:9a:3c:db:b7:23:70:c3:a5:0c:fa:3b:d8:46:3a:98:48:2e:
         6e:5d:7d:12:a5:d6:5e:7f:88:53:ae:5d:ad:3a:b4:bc:0a:36:
         31:f6:65:1b:9e:22:27:4d:fb:21:fc:a4:1c:ec:8a:18:f0:86:
         08:e5:0d:a6:6c:5b:f4:fa:69:e7:61:c8:5c:b7:da:56:9a:8c:
         4d:e1:e1:9d:e2:34:8a:cf:c6:03:c0:aa:3b:b0:95:99:ef:bf:
         18:38:af:d5:cf:30:19:fe:9f:e7:8c:91:9e:9b:9f:b4:f0:28:
         2b:39:38:3d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUd/Neasc/aEs8KuenlxrNiip5S4IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNzNjYjc1YTgwNTEyYmRjNWJhNWJmNDQxZjdlOWZhZjVi
N2ZiZDU1MTFiMjdiMjU5Yzc2YjRhZjQxMWMyNDYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClDM+bZnujbLLCBIbZBenUlH9fvGh992QFp0YbyJVzymom
N3ZNqIwSTiQCXKLaqqvWMaNbqOzSqS/bb45srcAgUSIB5JsvWidHIT6yFLiy9rvp
rm9xB8G+L6xBMeMd/honJxftDNo8rDHIijIxlKdygbb8rXVbK6gQWhbi04UOyKJS
1/GeN3jobay1PuwNNBHMVl7wORkd7btYWBW9TLu0vw0vP81z+kT68mtiHeHHWxoR
N1FHj24l27TkvkNNmhC0tiJ9YvVzPuEbvL8TT+Q2o/gE8VEuFo6GzWhcgk/dCuCj
7ZWq3chgWmVi3zKgOiYjRSUyMw66hhdWiOl0N4VtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUkJLFJIeM9LcEYcbJTtVijakpkzcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAzNjRhYjhkLWFkNTktNDBmOS1hMTQwLTdiYjQwY2I0MDlmYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCLWTANBgkqhkiG9w0BAQsFAAOCAQEATjyt8LXVAzr9Oz6vrq/UAkLT+lyZ
8bvo8fUmaa3CB4EE9qphavlB+b3a77fS1yIytzfZTYGt3ZW3CR3n6d8Tb8zZee+O
F++G0vlFPvuXnFzaty5HQibR0ajzY8he3Wpl8z/8UDGr6RmmYxAhDkS6p/tC8/kb
84o9IT93ZANM58y4otLL6EOqwkyXk/va5V9lxpo827cjcMOlDPo72EY6mEgubl19
EqXWXn+IU65drTq0vAo2MfZlG54iJ037IfykHOyKGPCGCOUNpmxb9Ppp52HIXLfa
VpqMTeHhneI0is/GA8CqO7CVme+/GDiv1c8wGf6f54yRnpuftPAoKzk4PQ==
-----END CERTIFICATE-----