Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dd31679-fe85-4b81-8fdf-700ab18fc529.roa
File:                     0dd31679-fe85-4b81-8fdf-700ab18fc529.roa (raw, json)
Hash identifier:          B015mnYdYzwjooO/wtBvhi2lN0AWcdMTcyFrcWH6fAw=
Subject key identifier:   3C:E0:88:30:E8:1E:D2:E1:22:10:29:70:CD:A1:E7:14:5F:F1:30:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79480BF3CA95780406DB2D3141588FD1DCB081A0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dd31679-fe85-4b81-8fdf-700ab18fc529.roa
Signing time:             Fri 14 Mar 2025 00:40:28 +0000
ROA not before:           Fri 14 Mar 2025 00:40:28 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     19047
IP address blocks:        70.130.197.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:48:0b:f3:ca:95:78:04:06:db:2d:31:41:58:8f:d1:dc:b0:81:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:40:28 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=46b85c7b64b3c9ed01f17a3617e451070e886326e71f6bdd04cab178a9d9de37, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a0:c5:0f:c4:ad:cc:1f:eb:49:d6:1e:b7:9f:
                    3d:e8:a7:12:cb:96:c6:70:19:45:7a:7f:f3:cd:4e:
                    aa:bb:e6:74:2a:0a:78:13:3d:a2:8e:d3:6f:91:9c:
                    52:4f:d3:11:df:61:0d:3a:79:cd:d3:15:0c:21:4d:
                    df:fd:40:81:9b:58:a3:9a:6e:a6:36:72:0e:72:4a:
                    01:d2:54:c4:9e:76:ca:a6:37:47:92:d6:57:74:97:
                    f4:8d:24:dd:6e:24:8c:a5:a2:50:99:87:4d:a4:93:
                    17:f8:da:51:93:08:03:ef:1e:33:75:52:d7:f5:bd:
                    4f:5d:a3:f2:83:7e:5a:51:81:b5:3d:66:c8:00:94:
                    07:8f:c8:db:f4:87:8b:30:f1:bb:32:e9:4b:3e:4f:
                    44:39:6a:cc:b4:84:00:a2:6d:7e:aa:28:17:ad:43:
                    95:29:14:8a:8d:0a:83:20:62:37:2d:54:a4:0d:d8:
                    d9:16:eb:fe:4c:8a:69:de:f8:09:54:65:53:61:a2:
                    fe:5f:81:ce:0b:96:76:74:00:c3:78:94:9b:f9:76:
                    ff:a6:2c:70:59:5a:b5:20:dd:5e:76:8d:96:1d:c7:
                    68:40:67:f5:bf:b9:b6:ea:1b:42:93:83:80:6d:e4:
                    a4:bb:7e:5c:90:7f:eb:a0:86:91:dd:12:93:fc:4e:
                    0b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:E0:88:30:E8:1E:D2:E1:22:10:29:70:CD:A1:E7:14:5F:F1:30:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0dd31679-fe85-4b81-8fdf-700ab18fc529.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.130.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:83:15:df:98:88:2b:87:6b:e5:ab:3f:10:fc:bb:e7:53:b5:
         c9:da:f6:dc:ef:01:0d:36:0c:a6:17:bb:08:ec:77:5c:f4:96:
         f7:0a:8d:1c:c7:09:7d:fb:9f:37:4d:8f:f4:0c:a7:ad:e4:d6:
         24:e3:2d:1a:0f:89:61:35:8b:2c:6a:14:55:0a:b2:39:fe:f0:
         57:38:49:29:da:88:23:60:e8:34:b9:00:d6:d6:d8:bb:e1:80:
         b9:f3:e8:12:1f:c2:28:6a:f3:a5:06:91:e1:ac:3c:23:3b:de:
         0d:ee:d1:0d:ef:96:ff:19:68:9e:fa:9c:6a:b2:44:6f:55:42:
         67:c4:24:b5:41:d7:b0:21:01:62:a3:00:00:50:08:b7:12:58:
         7b:eb:ad:d7:93:f7:68:96:9b:60:0f:4e:ad:2d:71:cb:46:8a:
         fc:99:31:44:22:65:28:4d:f3:84:b8:19:2f:d3:66:6b:b0:32:
         45:32:97:8e:5d:87:b4:0d:e3:8a:f4:ea:56:17:79:bf:2d:5e:
         40:38:e1:ff:8a:b9:c5:55:82:ea:81:df:79:c1:61:43:b9:41:
         da:70:1b:85:7e:7a:1f:72:01:28:c1:cd:a5:85:f5:9e:71:f4:
         b1:c5:20:ad:c3:16:5a:b9:76:58:23:2a:ae:86:64:4b:27:5e:
         19:11:5d:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeUgL88qVeAQG2y0xQViP0dywgaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDA0MDI4WhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0NmI4NWM3YjY0YjNjOWVkMDFmMTdhMzYxN2U0NTEwNzBl
ODg2MzI2ZTcxZjZiZGQwNGNhYjE3OGE5ZDlkZTM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZoMUPxK3MH+tJ1h63nz3opxLLlsZwGUV6f/PNTqq75nQq
CngTPaKO02+RnFJP0xHfYQ06ec3TFQwhTd/9QIGbWKOabqY2cg5ySgHSVMSedsqm
N0eS1ld0l/SNJN1uJIylolCZh02kkxf42lGTCAPvHjN1Utf1vU9do/KDflpRgbU9
ZsgAlAePyNv0h4sw8bsy6Us+T0Q5asy0hACibX6qKBetQ5UpFIqNCoMgYjctVKQN
2NkW6/5Mimne+AlUZVNhov5fgc4LlnZ0AMN4lJv5dv+mLHBZWrUg3V52jZYdx2hA
Z/W/ubbqG0KTg4Bt5KS7flyQf+ughpHdEpP8Tgs5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPOCIMOge0uEiEClwzaHnFF/xMIAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkZDMxNjc5LWZlODUtNGI4MS04ZmRmLTcwMGFiMThmYzUyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGgsUwDQYJKoZIhvcNAQELBQADggEBAL+DFd+YiCuHa+WrPxD8u+dTtcna
9tzvAQ02DKYXuwjsd1z0lvcKjRzHCX37nzdNj/QMp63k1iTjLRoPiWE1iyxqFFUK
sjn+8Fc4SSnaiCNg6DS5ANbW2LvhgLnz6BIfwihq86UGkeGsPCM73g3u0Q3vlv8Z
aJ76nGqyRG9VQmfEJLVB17AhAWKjAABQCLcSWHvrrdeT92iWm2APTq0tcctGivyZ
MUQiZShN84S4GS/TZmuwMkUyl45dh7QN44r06lYXeb8tXkA44f+KucVVguqB33nB
YUO5QdpwG4V+eh9yASjBzaWF9Z5x9LHFIK3DFlq5dlgjKq6GZEsnXhkRXeU=
-----END CERTIFICATE-----