Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4dfac91-2a48-4e4a-84ce-8765e9881c38.roa
File:                     f4dfac91-2a48-4e4a-84ce-8765e9881c38.roa (raw, json)
Hash identifier:          oCV5tT3v3TJgBajSwtMoTM/cpcmpv7koPpURzCQhQLw=
Subject key identifier:   FA:27:96:BA:00:3B:83:BE:0C:CE:47:55:E6:D2:B2:2B:1F:9F:89:DB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       714B417C18814681DA2E645F565EC2075B331C17
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4dfac91-2a48-4e4a-84ce-8765e9881c38.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.22.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:4b:41:7c:18:81:46:81:da:2e:64:5f:56:5e:c2:07:5b:33:1c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=c623a85b500105efdf46594d4f3198ad7fc64b7d2722f808e2521fee974ca13b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bb:dd:9f:34:01:cd:2c:d4:94:90:e0:42:14:
                    6c:f2:ef:34:7c:35:7f:33:f9:02:18:e1:5e:98:90:
                    6c:3e:18:6c:52:71:09:fd:76:ee:64:08:86:d9:9a:
                    01:73:34:d8:87:ba:3f:3f:2d:94:f3:ef:fa:d8:c9:
                    c2:8a:91:86:da:9a:ba:85:43:8a:17:0e:f4:ef:3d:
                    3f:b1:5c:32:96:f9:69:94:26:7b:14:23:f4:43:2e:
                    70:44:a6:81:9a:24:28:38:28:11:13:57:f9:f1:7f:
                    6b:e5:85:63:69:91:b0:1c:be:73:ec:ea:94:c5:00:
                    3e:57:16:d3:43:27:93:73:29:25:f6:c0:e9:33:74:
                    0b:cb:ce:1d:b3:24:d4:e9:a7:bb:bf:ce:c8:da:75:
                    cb:53:ec:f4:a1:b8:6a:44:38:04:25:52:6e:3f:4a:
                    cb:cc:42:76:2f:3d:f3:17:80:27:47:51:30:85:f2:
                    05:7e:40:02:dc:16:da:53:be:3d:90:11:84:9d:95:
                    83:87:58:fa:a4:b8:6e:a3:ef:20:6b:3f:ef:6c:18:
                    c8:80:e4:06:63:21:96:5b:15:84:a5:8b:ee:dd:a3:
                    00:46:3c:f1:28:d7:57:14:8f:b4:ef:59:f6:20:c9:
                    f0:55:ca:de:79:5d:bb:11:b1:0d:35:89:e2:42:93:
                    82:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:27:96:BA:00:3B:83:BE:0C:CE:47:55:E6:D2:B2:2B:1F:9F:89:DB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f4dfac91-2a48-4e4a-84ce-8765e9881c38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.22.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d8:01:b1:e2:13:73:51:f4:1c:f1:1e:08:f1:9b:cb:e1:59:ac:
         93:5a:9d:cb:5a:44:1b:fe:7d:4d:c1:66:b6:40:3f:65:8d:7f:
         5c:33:51:f3:19:8e:0e:a2:74:d8:31:79:8d:07:a8:de:0a:16:
         07:4a:54:49:e1:17:00:6e:b2:33:74:10:bf:94:29:d9:b5:ab:
         35:09:c3:64:07:de:ca:13:13:22:88:88:32:d8:ed:36:0a:8b:
         57:a9:c5:53:56:10:77:0c:30:15:5c:7b:ca:f1:47:a1:6a:cb:
         d3:fe:3e:60:de:e5:f4:39:51:ff:9d:b8:76:9e:9d:de:7f:46:
         d2:b3:9e:cc:de:8d:90:75:e2:da:da:75:83:c8:07:c7:03:1d:
         61:4f:31:41:ca:c9:2a:36:54:cf:e2:8d:eb:cc:e3:62:5f:7e:
         01:df:47:e5:4e:81:90:cb:1f:7e:9b:be:7d:01:0c:ca:89:82:
         8d:1b:e2:94:35:e3:b2:3f:04:8a:e3:57:7b:64:ac:13:b6:e7:
         02:7c:c5:a7:38:84:f8:25:08:3c:64:aa:ad:81:0d:00:63:e9:
         1f:80:3f:5e:27:e3:72:37:f4:57:e7:9b:8e:38:8c:03:04:99:
         1f:d3:24:2c:8c:f1:a2:44:41:f8:ee:8f:1e:f6:55:47:5b:28:
         92:38:c7:38
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcUtBfBiBRoHaLmRfVl7CB1szHBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNjIzYTg1YjUwMDEwNWVmZGY0NjU5NGQ0ZjMxOThhZDdm
YzY0YjdkMjcyMmY4MDhlMjUyMWZlZTk3NGNhMTNiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDNu92fNAHNLNSUkOBCFGzy7zR8NX8z+QIY4V6YkGw+GGxS
cQn9du5kCIbZmgFzNNiHuj8/LZTz7/rYycKKkYbamrqFQ4oXDvTvPT+xXDKW+WmU
JnsUI/RDLnBEpoGaJCg4KBETV/nxf2vlhWNpkbAcvnPs6pTFAD5XFtNDJ5NzKSX2
wOkzdAvLzh2zJNTpp7u/zsjadctT7PShuGpEOAQlUm4/SsvMQnYvPfMXgCdHUTCF
8gV+QALcFtpTvj2QEYSdlYOHWPqkuG6j7yBrP+9sGMiA5AZjIZZbFYSli+7dowBG
PPEo11cUj7TvWfYgyfBVyt55XbsRsQ01ieJCk4KLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+ieWugA7g74MzkdV5tKyKx+fidswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y0ZGZhYzkxLTJhNDgtNGU0YS04NGNlLTg3NjVlOTg4MWMzOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2FjANBgkqhkiG9w0BAQsFAAOCAQEA2AGx4hNzUfQc8R4I8ZvL4Vmsk1qd
y1pEG/59TcFmtkA/ZY1/XDNR8xmODqJ02DF5jQeo3goWB0pUSeEXAG6yM3QQv5Qp
2bWrNQnDZAfeyhMTIoiIMtjtNgqLV6nFU1YQdwwwFVx7yvFHoWrL0/4+YN7l9DlR
/524dp6d3n9G0rOezN6NkHXi2tp1g8gHxwMdYU8xQcrJKjZUz+KN68zjYl9+Ad9H
5U6BkMsffpu+fQEMyomCjRvilDXjsj8EiuNXe2SsE7bnAnzFpziE+CUIPGSqrYEN
AGPpH4A/Xifjcjf0V+ebjjiMAwSZH9MkLIzxokRB+O6PHvZVR1sokjjHOA==
-----END CERTIFICATE-----