Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/18315d43-e5f2-42a3-9f2b-da2bf5b05d92.roa
File:                     18315d43-e5f2-42a3-9f2b-da2bf5b05d92.roa (raw, json)
Hash identifier:          quW11n8upCW0MrOOrHTEAlV7tYN1xuxdgNeZYub3ADU=
Subject key identifier:   4C:D3:E8:5C:0B:EC:64:C6:34:E1:B0:47:80:0B:FD:C2:26:06:A2:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0B5218B4B23804907C802970D306129DA89BEA43
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/18315d43-e5f2-42a3-9f2b-da2bf5b05d92.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        168.203.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:52:18:b4:b2:38:04:90:7c:80:29:70:d3:06:12:9d:a8:9b:ea:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=05b3f34e53714bdbce241e7dee71bf9538f01d6222468fcad10b1d2c000f0fca, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1b:bc:5b:ac:91:c8:0f:cb:67:9d:47:dc:2d:
                    7b:3f:60:b8:ac:32:57:8f:4c:ad:3c:76:cb:2b:6b:
                    31:32:d7:64:05:1a:34:0d:60:b2:aa:34:f3:f1:ff:
                    48:2f:e5:aa:c9:c6:70:58:c6:c9:0e:a5:50:02:c0:
                    82:ce:03:cf:e2:ff:86:d5:20:f2:a9:31:b4:38:39:
                    a3:50:fa:34:a0:82:e2:2a:15:b9:ef:1f:ff:17:ae:
                    c0:cb:48:22:a5:4c:04:17:58:c1:f7:0f:44:71:e1:
                    95:8c:93:33:76:91:00:bf:41:e2:ac:d2:e7:d8:2c:
                    56:52:f2:4e:df:29:9a:eb:1e:ba:1e:e9:df:98:db:
                    40:8b:d5:d4:20:8d:db:d3:43:85:72:35:b5:ae:34:
                    37:f7:1c:85:8e:f6:c6:a1:6c:ff:1d:76:7a:00:e8:
                    e3:e7:88:0f:a3:95:d0:db:d7:6d:1f:c7:ed:d7:c9:
                    33:89:8c:58:b1:49:1c:10:9b:f5:02:0d:cc:88:34:
                    b9:64:ef:7a:bd:d1:80:bc:5f:c9:0c:d1:01:1f:c2:
                    23:ea:29:7d:5c:7a:7c:ca:ab:41:bc:24:19:4d:08:
                    15:8a:0f:26:7d:57:25:52:b6:4b:f4:2a:c8:68:eb:
                    97:4a:8e:ee:20:cb:fd:d4:f4:26:0e:8f:13:41:0b:
                    cb:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:D3:E8:5C:0B:EC:64:C6:34:E1:B0:47:80:0B:FD:C2:26:06:A2:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/18315d43-e5f2-42a3-9f2b-da2bf5b05d92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.203.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ba:7e:d3:96:7d:7f:27:f1:42:c6:93:86:bf:a3:cd:e9:1f:a9:
         2c:2e:f6:02:84:e6:3f:8b:bd:30:c1:32:94:da:34:03:b7:7a:
         0a:cd:18:68:bf:da:3d:f5:03:6b:59:5a:29:07:b2:75:5c:6f:
         6f:2a:6e:2a:00:eb:da:1e:46:67:8e:96:83:ce:04:07:e9:c0:
         9d:4d:4c:ae:3a:c5:8d:e0:85:0d:19:d0:27:7d:37:ca:70:7d:
         bc:05:d4:3c:6b:6f:fd:4a:f1:4f:c6:ca:35:44:3f:00:07:3f:
         51:6c:21:fe:fd:5c:5a:37:8c:12:ee:26:fa:cd:6f:79:51:76:
         2d:7c:6d:57:7b:ea:10:0b:c8:c0:68:b1:6f:dc:88:f9:f6:9b:
         23:a9:d6:46:c0:01:33:c2:cf:fb:49:27:21:c7:11:83:49:c2:
         06:24:9f:36:ed:9c:29:ae:cd:b7:b9:2d:00:e6:36:f4:6e:97:
         f8:05:d7:10:7c:ce:ea:4d:fd:fd:e9:cb:9d:10:a2:5a:c9:a8:
         50:b7:c3:6c:a6:d6:61:81:e1:0a:b4:f0:ec:59:64:ca:7c:45:
         4b:cd:4f:67:12:83:16:7b:48:5b:88:57:b9:bd:d0:87:8c:41:
         d1:71:bc:8c:38:69:11:85:16:e3:34:49:25:96:76:7a:0d:39:
         bf:5c:5e:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC1IYtLI4BJB8gClw0wYSnaib6kMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWIzZjM0ZTUzNzE0YmRiY2UyNDFlN2RlZTcxYmY5NTM4
ZjAxZDYyMjI0NjhmY2FkMTBiMWQyYzAwMGYwZmNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8G7xbrJHID8tnnUfcLXs/YLisMlePTK08dssrazEy12QF
GjQNYLKqNPPx/0gv5arJxnBYxskOpVACwILOA8/i/4bVIPKpMbQ4OaNQ+jSgguIq
FbnvH/8XrsDLSCKlTAQXWMH3D0Rx4ZWMkzN2kQC/QeKs0ufYLFZS8k7fKZrrHroe
6d+Y20CL1dQgjdvTQ4VyNbWuNDf3HIWO9sahbP8ddnoA6OPniA+jldDb120fx+3X
yTOJjFixSRwQm/UCDcyINLlk73q90YC8X8kM0QEfwiPqKX1cenzKq0G8JBlNCBWK
DyZ9VyVStkv0Ksho65dKju4gy/3U9CYOjxNBC8uJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTNPoXAvsZMY04bBHgAv9wiYGoqYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE4MzE1ZDQzLWU1ZjItNDJhMy05ZjJiLWRhMmJmNWIwNWQ5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAaoy0AwDQYJKoZIhvcNAQELBQADggEBALp+05Z9fyfxQsaThr+jzekfqSwu
9gKE5j+LvTDBMpTaNAO3egrNGGi/2j31A2tZWikHsnVcb28qbioA69oeRmeOloPO
BAfpwJ1NTK46xY3ghQ0Z0Cd9N8pwfbwF1Dxrb/1K8U/GyjVEPwAHP1FsIf79XFo3
jBLuJvrNb3lRdi18bVd76hALyMBosW/ciPn2myOp1kbAATPCz/tJJyHHEYNJwgYk
nzbtnCmuzbe5LQDmNvRul/gF1xB8zupN/f3py50QolrJqFC3w2ym1mGB4Qq08OxZ
ZMp8RUvNT2cSgxZ7SFuIV7m90IeMQdFxvIw4aRGFFuM0SSWWdnoNOb9cXhk=
-----END CERTIFICATE-----