Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64774dbf-a434-4d8b-accd-7ccc36d56b22.roa
File:                     64774dbf-a434-4d8b-accd-7ccc36d56b22.roa (raw, json)
Hash identifier:          0HCVugsX3u7PV11ElRGhwDL+lwfSIKUAGlQ1PSIXdrU=
Subject key identifier:   62:2A:0D:36:7A:EA:47:91:29:E6:7B:F8:9F:04:38:D0:02:89:4D:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F38C2FF0CDE088628C761AB1B7CB1132F05ADCF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64774dbf-a434-4d8b-accd-7ccc36d56b22.roa
Signing time:             Wed 04 Dec 2024 00:00:00 +0000
ROA not before:           Wed 04 Dec 2024 00:00:00 +0000
ROA not after:            Wed 08 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:38:c2:ff:0c:de:08:86:28:c7:61:ab:1b:7c:b1:13:2f:05:ad:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  4 00:00:00 2024 GMT
            Not After : Jan  8 23:59:59 2025 GMT
        Subject: serialNumber=0110b1dc0219b4ce85c0f16172535500310c37229c21bbc84b6a28bd3400031b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:81:86:d2:03:d4:bb:86:1c:d8:ef:07:62:2d:
                    57:1c:a1:39:34:69:e2:83:af:1c:5d:db:7a:10:9b:
                    7c:6e:09:a3:93:0f:11:a3:32:b7:c0:31:5b:a3:9f:
                    4a:90:cf:98:3b:14:10:2e:77:b6:e4:6b:d4:40:7d:
                    f4:ed:4f:90:5b:60:51:0e:9a:22:1a:2e:a2:9e:cb:
                    4a:6c:4d:c7:44:a0:37:da:08:54:79:25:71:ac:1b:
                    9c:f4:c6:86:f0:97:14:54:a6:8a:3a:9f:5a:9b:eb:
                    02:25:e3:a6:a8:88:e4:67:c4:5d:05:49:41:cb:3d:
                    b5:b2:f4:5c:b3:b1:3f:19:54:28:d6:83:7b:a7:d5:
                    fd:37:11:c4:db:be:bf:8f:d8:a9:ae:9d:1e:80:d8:
                    89:da:a9:ab:a9:ac:6e:a9:63:38:ca:d7:e3:5c:36:
                    1b:90:9f:ee:68:1e:70:86:f5:8d:33:47:28:9b:ba:
                    97:a3:e2:b1:ae:81:2e:b1:48:d8:d5:24:40:e0:67:
                    40:b1:a9:81:63:ad:d7:a2:68:da:2a:df:71:f2:e5:
                    24:a0:e2:2f:6f:81:8f:2c:cb:e1:03:86:63:e3:6b:
                    af:3d:18:6b:3d:68:31:7a:6b:82:36:09:05:7c:6f:
                    c3:95:8b:17:e0:cf:a8:c3:80:fb:04:89:6d:ab:b4:
                    e0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:2A:0D:36:7A:EA:47:91:29:E6:7B:F8:9F:04:38:D0:02:89:4D:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64774dbf-a434-4d8b-accd-7ccc36d56b22.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         d0:a3:7f:02:0a:60:6a:a7:58:11:a7:b8:e3:a4:72:aa:03:78:
         14:c8:30:ad:fc:55:94:af:e9:61:f7:05:33:02:5d:90:7f:3e:
         be:73:fc:98:b1:81:03:db:7c:1c:d5:8b:a6:57:cf:44:4c:3e:
         ea:52:8d:a5:1c:9d:1c:5e:0f:ab:96:35:54:97:30:90:a4:07:
         ae:02:aa:39:f1:49:1c:6b:cd:aa:2c:47:ae:43:9b:56:b1:67:
         a4:7b:2c:1f:73:50:8e:81:dc:37:38:d8:ad:25:f2:9b:be:10:
         e5:c6:94:4f:ce:89:5d:70:55:97:eb:d7:ad:6d:b9:1e:b1:4d:
         b7:07:f9:2c:4f:95:c3:f5:e0:23:15:c3:2d:eb:86:6c:04:80:
         b9:5f:8c:ce:fb:57:7d:b3:63:5e:f5:39:bc:c9:d4:45:eb:3e:
         57:af:64:3c:29:2b:de:53:75:4c:3c:b4:7d:5b:e9:4e:f2:9e:
         47:da:27:a2:50:c2:d0:52:48:74:ec:64:56:95:52:a8:68:45:
         8d:38:0f:a4:31:23:40:42:c3:a6:4c:c5:8e:e9:8c:cf:56:b9:
         9a:63:5f:1f:52:b9:ed:e9:1a:65:de:ac:f1:5f:f8:b8:ca:8a:
         87:d6:3d:5d:c0:44:9b:be:46:68:68:67:d1:1c:05:12:80:f0:
         ab:e8:e9:2e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULzjC/wzeCIYox2GrG3yxEy8Frc8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjA0MDAwMDAwWhcNMjUwMTA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwMTEwYjFkYzAyMTliNGNlODVjMGYxNjE3MjUzNTUwMDMx
MGMzNzIyOWMyMWJiYzg0YjZhMjhiZDM0MDAwMzFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIgYbSA9S7hhzY7wdiLVccoTk0aeKDrxxd23oQm3xuCaOT
DxGjMrfAMVujn0qQz5g7FBAud7bka9RAffTtT5BbYFEOmiIaLqKey0psTcdEoDfa
CFR5JXGsG5z0xobwlxRUpoo6n1qb6wIl46aoiORnxF0FSUHLPbWy9FyzsT8ZVCjW
g3un1f03EcTbvr+P2KmunR6A2InaqauprG6pYzjK1+NcNhuQn+5oHnCG9Y0zRyib
upej4rGugS6xSNjVJEDgZ0CxqYFjrdeiaNoq33Hy5SSg4i9vgY8sy+EDhmPja689
GGs9aDF6a4I2CQV8b8OVixfgz6jDgPsEiW2rtODjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYioNNnrqR5Ep5nv4nwQ40AKJTRowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0Nzc0ZGJmLWE0MzQtNGQ4Yi1hY2NkLTdjY2MzNmQ1NmIyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdyOIAwDQYJKoZIhvcNAQELBQADggEBANCjfwIKYGqnWBGnuOOkcqoDeBTI
MK38VZSv6WH3BTMCXZB/Pr5z/JixgQPbfBzVi6ZXz0RMPupSjaUcnRxeD6uWNVSX
MJCkB64CqjnxSRxrzaosR65Dm1axZ6R7LB9zUI6B3Dc42K0l8pu+EOXGlE/OiV1w
VZfr161tuR6xTbcH+SxPlcP14CMVwy3rhmwEgLlfjM77V32zY171ObzJ1EXrPlev
ZDwpK95TdUw8tH1b6U7ynkfaJ6JQwtBSSHTsZFaVUqhoRY04D6QxI0BCw6ZMxY7p
jM9WuZpjXx9Sue3pGmXerPFf+LjKiofWPV3ARJu+RmhoZ9EcBRKA8Kvo6S4=
-----END CERTIFICATE-----