Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7fb07e9-d2e2-446d-a184-ce9aa7425456.roa
File:                     a7fb07e9-d2e2-446d-a184-ce9aa7425456.roa (raw, json)
Hash identifier:          vYLi8doCuUPXklikGD+2JIYlUfNBRj45HHIuv1fff68=
Subject key identifier:   A4:14:98:8A:6A:5D:01:CA:43:C2:06:8B:D0:09:2A:92:2A:77:26:D4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37871E0492710C34FB195A00501045496419A414
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7fb07e9-d2e2-446d-a184-ce9aa7425456.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        5.60.64.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:87:1e:04:92:71:0c:34:fb:19:5a:00:50:10:45:49:64:19:a4:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: serialNumber=14b2e42e91aa213df1e509930488be896a335c9e6ddae81d9a87fd42144e4707, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:f0:4e:93:dc:d6:94:4c:e7:1a:b9:3e:72:80:
                    c8:72:a4:07:2d:d3:b5:1c:c1:16:b2:8f:e0:49:26:
                    fa:8c:2e:a5:9b:af:99:c5:39:64:83:f3:b8:d0:d1:
                    fc:a0:02:5a:d5:72:56:90:dd:ab:70:a3:52:ee:1d:
                    3f:4f:ec:e6:6d:df:af:cd:95:78:87:49:9e:88:77:
                    55:dd:54:a4:25:0d:ed:b2:ac:7c:18:48:0c:0c:a7:
                    80:d5:12:19:16:e1:61:3c:83:0d:0b:08:35:f5:5c:
                    9d:31:e6:a9:e0:bf:90:9f:2c:e7:e1:78:3e:05:26:
                    c9:e0:d3:9a:9b:d0:4a:a0:80:96:9c:fb:24:27:02:
                    cb:c0:25:ec:89:6d:f2:d2:8f:34:1b:e2:a2:d4:6d:
                    91:ad:e2:1e:23:2c:72:94:33:00:8b:ce:08:f3:99:
                    fd:04:39:54:9c:47:59:06:2d:78:26:47:a9:20:48:
                    1a:99:ce:9a:2d:55:77:6b:5e:45:23:0d:cf:14:5b:
                    f8:a1:0e:26:df:d9:6a:68:e9:d3:31:37:86:dd:5a:
                    ac:55:73:28:e6:c4:cc:73:0e:6e:78:03:d8:b6:52:
                    aa:62:fc:34:14:ef:b8:b3:f5:f2:70:4e:f5:43:1a:
                    8b:fd:1e:7d:e7:f0:43:eb:cd:f4:cf:b7:50:45:5f:
                    1f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:14:98:8A:6A:5D:01:CA:43:C2:06:8B:D0:09:2A:92:2A:77:26:D4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a7fb07e9-d2e2-446d-a184-ce9aa7425456.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:ef:e7:9c:ab:82:08:30:08:7a:1d:24:04:4e:cc:28:23:49:
         3c:5a:d9:fb:54:7c:f7:6b:de:bf:0d:1d:30:e9:7e:ec:b4:30:
         a0:0a:18:46:b1:eb:e5:8f:5a:7d:5b:cf:09:79:c5:e1:3e:0e:
         a6:aa:dc:6c:dd:67:1c:dc:7e:3f:5f:8e:6d:a8:05:1e:0c:c7:
         5d:a5:f5:64:3c:f2:7f:bc:b1:dd:b9:4c:f2:c1:a6:db:43:13:
         46:8d:79:11:0e:09:a6:8e:8f:77:6e:e1:3c:ad:68:8b:fd:75:
         65:ff:82:d3:10:6c:23:35:08:83:a1:c6:7d:4d:c7:4b:5d:23:
         18:10:35:f8:45:d0:3b:4f:d4:2f:a4:c0:a4:f9:1c:bd:6d:07:
         9c:ad:08:68:f5:49:81:a1:4c:32:8e:b4:6a:77:84:77:f9:98:
         3c:1e:4a:b1:b7:8b:ce:d6:10:a1:f4:9f:ac:e2:1a:de:bf:0f:
         9f:59:3e:a9:2d:b5:1c:a5:2d:bf:0c:a3:d6:4e:54:e5:58:4f:
         7b:d8:be:44:eb:c7:86:3a:67:9b:b0:40:67:7f:01:53:28:a7:
         2d:b2:29:31:ad:56:c4:27:f3:cd:e5:77:7b:01:06:07:0b:bd:
         97:af:5d:3a:47:32:a4:b3:33:b0:4d:f8:7e:ca:9e:90:5a:ba:
         5e:8d:fc:76
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN4ceBJJxDDT7GVoAUBBFSWQZpBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNGIyZTQyZTkxYWEyMTNkZjFlNTA5OTMwNDg4YmU4OTZh
MzM1YzllNmRkYWU4MWQ5YTg3ZmQ0MjE0NGU0NzA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC28E6T3NaUTOcauT5ygMhypAct07UcwRayj+BJJvqMLqWb
r5nFOWSD87jQ0fygAlrVclaQ3atwo1LuHT9P7OZt36/NlXiHSZ6Id1XdVKQlDe2y
rHwYSAwMp4DVEhkW4WE8gw0LCDX1XJ0x5qngv5CfLOfheD4FJsng05qb0EqggJac
+yQnAsvAJeyJbfLSjzQb4qLUbZGt4h4jLHKUMwCLzgjzmf0EOVScR1kGLXgmR6kg
SBqZzpotVXdrXkUjDc8UW/ihDibf2Wpo6dMxN4bdWqxVcyjmxMxzDm54A9i2Uqpi
/DQU77iz9fJwTvVDGov9Hn3n8EPrzfTPt1BFXx85AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpBSYimpdAcpDwgaL0Akqkip3JtQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3ZmIwN2U5LWQyZTItNDQ2ZC1hMTg0LWNlOWFhNzQyNTQ1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPEAwDQYJKoZIhvcNAQELBQADggEBAFTv55yrgggwCHodJAROzCgjSTxa
2ftUfPdr3r8NHTDpfuy0MKAKGEax6+WPWn1bzwl5xeE+Dqaq3GzdZxzcfj9fjm2o
BR4Mx12l9WQ88n+8sd25TPLBpttDE0aNeREOCaaOj3du4TytaIv9dWX/gtMQbCM1
CIOhxn1Nx0tdIxgQNfhF0DtP1C+kwKT5HL1tB5ytCGj1SYGhTDKOtGp3hHf5mDwe
SrG3i87WEKH0n6ziGt6/D59ZPqkttRylLb8Mo9ZOVOVYT3vYvkTrx4Y6Z5uwQGd/
AVMopy2yKTGtVsQn883ld3sBBgcLvZevXTpHMqSzM7BN+H7KnpBaul6N/HY=
-----END CERTIFICATE-----