Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5286bca3-1d01-42a2-b99d-a5e5d69f216c.roa
File:                     5286bca3-1d01-42a2-b99d-a5e5d69f216c.roa (raw, json)
Hash identifier:          MODp5tdAhOVne63KiK2KFzd6u2yX2XsufaI6NrU0PZU=
Subject key identifier:   28:35:F8:F9:6E:13:18:5B:68:A7:FB:04:CA:D1:C3:35:2C:0B:69:98
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32792160F901B133C2A97B97C7CBF339F5B5B447
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5286bca3-1d01-42a2-b99d-a5e5d69f216c.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.8.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:79:21:60:f9:01:b1:33:c2:a9:7b:97:c7:cb:f3:39:f5:b5:b4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=2582bce96bbb44c8dc44be9ba8c7aab426744f6a97d73dee7afbff9b1867a1e7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b8:4e:f7:5a:67:aa:09:da:24:fc:32:42:81:
                    6d:03:f2:60:f4:c0:ae:d8:d8:71:d0:9a:24:63:4e:
                    73:34:61:a2:0f:54:60:ed:c4:f6:8d:4d:94:b4:79:
                    98:e6:a0:3e:f5:3d:c7:43:93:67:4a:57:b7:21:3f:
                    88:71:f5:40:83:ec:2c:7e:60:04:a9:74:7c:54:fc:
                    c9:5e:d4:69:de:c3:6f:80:49:44:f6:a5:1a:6c:0a:
                    65:f9:c0:ea:52:35:85:42:d0:0d:ed:b1:06:c5:08:
                    15:ce:73:9a:f5:ba:d7:67:cb:ad:f8:20:6d:7e:20:
                    a8:b1:1b:27:36:d7:40:96:74:97:ee:e3:1a:bf:4f:
                    7f:ed:07:18:02:68:4e:e0:7c:30:45:ed:ff:77:f6:
                    86:b7:b7:a2:ec:fe:7e:55:39:41:d6:0e:cf:d1:fd:
                    e7:48:16:9f:10:6d:b9:1e:2f:47:95:7c:f0:17:82:
                    bc:bf:ca:4f:3e:e8:e8:39:cd:b8:ce:3d:72:b6:10:
                    49:40:21:39:ef:6a:9f:0a:5b:6d:0d:fc:d6:18:24:
                    b1:8f:c1:ca:b0:d5:fe:43:17:79:a7:f0:65:af:c1:
                    a7:5c:d9:be:87:2b:a8:51:3e:32:1d:1a:2f:d2:09:
                    61:df:3d:c3:2f:66:0e:1b:4a:d5:e8:f7:0f:48:d6:
                    27:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:35:F8:F9:6E:13:18:5B:68:A7:FB:04:CA:D1:C3:35:2C:0B:69:98
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5286bca3-1d01-42a2-b99d-a5e5d69f216c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.8.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c8:54:b2:f9:8e:5c:b2:62:e4:cd:07:42:1e:b7:fd:7f:9d:7e:
         ef:09:be:43:d4:ff:2a:a8:ac:90:7a:9d:78:9f:cc:3b:62:86:
         5e:c9:29:b5:97:1a:97:47:a8:fd:b6:cd:e4:81:c7:c7:20:33:
         fb:68:1c:7c:4b:d1:dc:79:3a:34:1b:15:25:27:5d:7a:dd:68:
         c9:5c:69:88:8d:b8:ec:4c:a3:84:b3:ed:18:4a:12:73:26:ba:
         b3:15:e4:55:b3:4f:02:a1:4b:52:16:d0:46:ad:a1:27:22:54:
         e2:d1:3e:21:03:43:15:04:5c:4c:05:ea:42:17:7d:af:ba:3e:
         3f:62:87:90:47:b7:09:13:16:59:4e:04:8c:58:b7:1d:bd:bc:
         b7:ac:ea:2b:60:80:b6:bb:de:83:f3:19:3d:68:e1:d5:2a:62:
         71:0f:ae:05:1f:5b:0d:b1:3a:3f:63:09:ca:f7:db:9f:cb:d5:
         74:08:35:f4:f9:48:22:c6:49:eb:a3:38:2a:40:f0:f9:91:ec:
         21:ad:8b:e4:09:45:72:c8:97:a2:19:cd:9c:87:d1:2d:4f:d4:
         e9:f1:4d:fa:b6:8d:2b:99:cc:66:11:ab:c4:03:00:78:5e:0a:
         4c:76:d8:a9:31:de:3f:24:c6:d6:e3:bf:80:35:72:92:e7:f0:
         af:d9:6d:ce
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMnkhYPkBsTPCqXuXx8vzOfW1tEcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTgyYmNlOTZiYmI0NGM4ZGM0NGJlOWJhOGM3YWFiNDI2
NzQ0ZjZhOTdkNzNkZWU3YWZiZmY5YjE4NjdhMWU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPuE73WmeqCdok/DJCgW0D8mD0wK7Y2HHQmiRjTnM0YaIP
VGDtxPaNTZS0eZjmoD71PcdDk2dKV7chP4hx9UCD7Cx+YASpdHxU/Mle1Gnew2+A
SUT2pRpsCmX5wOpSNYVC0A3tsQbFCBXOc5r1utdny634IG1+IKixGyc210CWdJfu
4xq/T3/tBxgCaE7gfDBF7f939oa3t6Ls/n5VOUHWDs/R/edIFp8QbbkeL0eVfPAX
gry/yk8+6Og5zbjOPXK2EElAITnvap8KW20N/NYYJLGPwcqw1f5DF3mn8GWvwadc
2b6HK6hRPjIdGi/SCWHfPcMvZg4bStXo9w9I1ichAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKDX4+W4TGFtop/sEytHDNSwLaZgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyODZiY2EzLTFkMDEtNDJhMi1iOTlkLWE1ZTVkNjlmMjE2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2CDANBgkqhkiG9w0BAQsFAAOCAQEAyFSy+Y5csmLkzQdCHrf9f51+7wm+
Q9T/KqiskHqdeJ/MO2KGXskptZcal0eo/bbN5IHHxyAz+2gcfEvR3Hk6NBsVJSdd
et1oyVxpiI247EyjhLPtGEoScya6sxXkVbNPAqFLUhbQRq2hJyJU4tE+IQNDFQRc
TAXqQhd9r7o+P2KHkEe3CRMWWU4EjFi3Hb28t6zqK2CAtrveg/MZPWjh1SpicQ+u
BR9bDbE6P2MJyvfbn8vVdAg19PlIIsZJ66M4KkDw+ZHsIa2L5AlFcsiXohnNnIfR
LU/U6fFN+raNK5nMZhGrxAMAeF4KTHbYqTHePyTG1uO/gDVykufwr9ltzg==
-----END CERTIFICATE-----