Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69239de3-fa8b-43ea-ae77-0f4d84bdafa3.roa
File:                     69239de3-fa8b-43ea-ae77-0f4d84bdafa3.roa (raw, json)
Hash identifier:          RfGdeG3U5CYVBl0elIQ09Ng3um0QWZi/0+/MzcR2K64=
Subject key identifier:   DA:06:BA:9D:D6:A8:B3:70:07:79:CB:50:2A:C0:7F:26:A0:C0:00:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       354BE903700B5351913CC874E355DE4A0EB6B053
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69239de3-fa8b-43ea-ae77-0f4d84bdafa3.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        206.133.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:4b:e9:03:70:0b:53:51:91:3c:c8:74:e3:55:de:4a:0e:b6:b0:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=12a1cdecfec7ea6293a4dec6029da718f7bf9c5406bf106eb7b7a6183d3c3ed3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ce:3c:bd:5e:a0:f8:50:b5:a8:7d:48:cf:59:
                    09:0c:90:28:3a:15:97:22:b7:5a:cb:50:5b:20:8f:
                    0c:71:2f:e2:4a:60:7e:3e:89:aa:97:ac:5f:e0:28:
                    fc:19:c3:c4:cf:dd:f6:4d:f8:f2:bc:91:ba:50:f9:
                    16:b5:aa:83:8a:eb:12:86:a4:66:3e:8b:7e:46:73:
                    1d:5e:38:01:df:70:f2:0a:fb:a9:e0:5a:2d:c8:68:
                    ad:ff:37:04:f1:21:10:ba:4e:13:13:3d:2b:f4:dd:
                    cf:a0:58:09:48:b5:bd:40:c6:25:c6:5a:84:a8:26:
                    45:5f:ed:af:4d:a9:69:9b:93:25:e8:5f:e8:d0:c9:
                    fa:f5:83:c6:2f:df:78:dc:4d:e9:e9:c1:2b:1a:f9:
                    2b:aa:18:55:7d:49:a3:cf:48:4f:75:97:a4:87:5d:
                    1c:95:98:2d:37:ce:31:ec:25:4c:f7:cb:54:04:a9:
                    29:0c:12:7e:32:ff:fa:e9:27:86:1c:6a:07:d9:2f:
                    e7:5c:88:b7:02:22:8d:e4:67:d2:30:e4:b7:6b:2f:
                    76:29:4b:76:b1:b4:a1:a8:b5:40:36:43:86:26:2a:
                    62:cf:fc:64:28:3e:dc:79:23:94:40:fb:32:c7:46:
                    7d:83:42:dd:3e:8b:c9:e2:cc:54:4a:2a:3a:7f:c9:
                    f8:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:06:BA:9D:D6:A8:B3:70:07:79:CB:50:2A:C0:7F:26:A0:C0:00:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/69239de3-fa8b-43ea-ae77-0f4d84bdafa3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  206.133.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         68:29:16:b3:23:96:3d:c5:e1:e1:28:1c:9c:4b:bb:e0:16:ea:
         06:5e:61:11:36:c2:b5:d4:95:4f:2b:c3:65:4a:47:ba:5b:90:
         51:3b:f4:06:d9:7a:31:18:64:f5:13:c9:f5:de:c9:b2:bd:73:
         47:8e:9d:ea:63:63:51:a7:29:32:03:ac:99:1e:2a:7e:7b:f8:
         df:bc:1b:1c:b0:86:2d:57:c0:79:01:30:70:91:cc:b3:0e:82:
         e1:24:e4:f9:90:87:53:55:7e:c0:16:1f:db:28:09:58:04:b1:
         ea:25:97:0a:d6:3b:19:33:9a:08:f6:83:c0:64:99:3f:e1:2e:
         b7:0f:44:dd:58:45:68:a3:34:cc:0f:e8:4b:66:b1:98:ba:1b:
         ad:0e:1c:10:60:ea:9e:09:78:03:7e:ef:89:53:16:8c:eb:c6:
         d0:c4:43:14:83:1a:8d:2d:aa:79:fc:d1:a5:0e:53:5b:95:8c:
         78:4e:00:5b:98:d3:2f:b9:67:db:0b:fe:f9:82:eb:a8:76:ab:
         a8:d5:76:30:6c:fb:c8:87:2a:1b:7c:2c:6f:fb:70:b2:e8:09:
         71:74:51:13:ca:6b:2f:8d:3f:4c:0c:6f:59:bf:20:b9:e6:2f:
         77:dd:b5:52:ff:06:77:24:8c:ae:68:84:79:e5:1f:54:ae:41:
         a2:7f:86:54
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNUvpA3ALU1GRPMh041XeSg62sFMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMmExY2RlY2ZlYzdlYTYyOTNhNGRlYzYwMjlkYTcxOGY3
YmY5YzU0MDZiZjEwNmViN2I3YTYxODNkM2MzZWQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5zjy9XqD4ULWofUjPWQkMkCg6FZcit1rLUFsgjwxxL+JK
YH4+iaqXrF/gKPwZw8TP3fZN+PK8kbpQ+Ra1qoOK6xKGpGY+i35Gcx1eOAHfcPIK
+6ngWi3IaK3/NwTxIRC6ThMTPSv03c+gWAlItb1AxiXGWoSoJkVf7a9NqWmbkyXo
X+jQyfr1g8Yv33jcTenpwSsa+SuqGFV9SaPPSE91l6SHXRyVmC03zjHsJUz3y1QE
qSkMEn4y//rpJ4YcagfZL+dciLcCIo3kZ9Iw5LdrL3YpS3axtKGotUA2Q4YmKmLP
/GQoPtx5I5RA+zLHRn2DQt0+i8nizFRKKjp/yfgLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2ga6ndaos3AHectQKsB/JqDAADgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY5MjM5ZGUzLWZhOGItNDNlYS1hZTc3LTBmNGQ4NGJkYWZhMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDOhTANBgkqhkiG9w0BAQsFAAOCAQEAaCkWsyOWPcXh4SgcnEu74BbqBl5h
ETbCtdSVTyvDZUpHuluQUTv0Btl6MRhk9RPJ9d7Jsr1zR46d6mNjUacpMgOsmR4q
fnv437wbHLCGLVfAeQEwcJHMsw6C4STk+ZCHU1V+wBYf2ygJWASx6iWXCtY7GTOa
CPaDwGSZP+Eutw9E3VhFaKM0zA/oS2axmLobrQ4cEGDqngl4A37viVMWjOvG0MRD
FIMajS2qefzRpQ5TW5WMeE4AW5jTL7ln2wv++YLrqHarqNV2MGz7yIcqG3wsb/tw
sugJcXRRE8prL40/TAxvWb8gueYvd921Uv8GdySMrmiEeeUfVK5Bon+GVA==
-----END CERTIFICATE-----