Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f59a3df2-e873-4381-9b20-46fb411078e2.roa
File:                     f59a3df2-e873-4381-9b20-46fb411078e2.roa (raw, json)
Hash identifier:          iWSy0OM4QIMuhQsA9K4shqzvaB5oGbLQJnS7dAa6KnE=
Subject key identifier:   CF:EC:2A:C1:A7:49:1F:CC:9D:8D:0D:A8:1C:7B:68:04:C9:9D:D2:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       02F4746A4F1265CCB14994C866C80818771F5880
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f59a3df2-e873-4381-9b20-46fb411078e2.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        89.48.0.0/13 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:f4:74:6a:4f:12:65:cc:b1:49:94:c8:66:c8:08:18:77:1f:58:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=3f5c3a7b8e9f3e03926d4c729c472ca99a5ae7018f7ca81c7fb36a6c878a6dd5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:67:e3:f1:43:ff:d6:ca:9b:c6:dd:16:49:8d:
                    40:40:44:89:21:cf:85:c2:71:40:5a:e6:39:be:74:
                    b2:9a:de:a2:4e:a8:38:33:3b:4e:5b:54:b9:fd:e5:
                    b3:df:0d:c6:42:08:38:d6:4a:44:6b:0b:02:48:1e:
                    6a:b1:fa:3a:c9:a7:fa:2a:43:c5:7e:40:e5:c1:0d:
                    b5:94:c1:8b:45:c6:ba:b1:10:e4:91:51:5a:d3:b8:
                    f2:f8:7a:48:85:7e:cf:06:c7:6d:1c:a7:97:59:00:
                    58:17:8f:07:8b:5a:11:bd:1d:68:70:f0:16:c8:2a:
                    b7:23:c0:2c:ea:36:db:79:98:c6:84:8f:4c:f1:5a:
                    7d:ab:e7:d9:2b:44:69:3d:06:85:a7:b5:25:cf:a9:
                    8d:89:37:d0:83:d9:18:01:29:5f:c8:ab:ed:e1:af:
                    15:87:26:1b:f8:2b:ce:03:f5:07:7d:06:3b:1a:44:
                    26:e8:5a:1b:f7:3c:90:ae:1c:27:e8:d2:d2:37:50:
                    c8:f6:dc:83:17:70:e7:75:cf:51:e2:97:54:9d:28:
                    99:a3:4a:9d:a2:cc:88:3c:69:24:9d:11:5c:c8:f1:
                    80:19:80:9a:53:04:0e:03:09:6a:24:0e:38:74:f7:
                    a6:45:fc:34:17:fd:7e:38:d4:6d:e4:a4:03:5c:a1:
                    ec:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:EC:2A:C1:A7:49:1F:CC:9D:8D:0D:A8:1C:7B:68:04:C9:9D:D2:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f59a3df2-e873-4381-9b20-46fb411078e2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.48.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         5f:c0:c5:92:4d:00:72:3d:78:1e:87:44:ae:b8:9c:9e:02:b3:
         49:a5:85:a2:8f:22:52:b3:99:ab:b0:04:a1:f8:72:44:11:eb:
         de:51:2b:fb:ad:68:f0:95:4a:b3:4f:4e:92:b9:d8:e7:44:d7:
         64:51:4f:54:bf:4b:9d:69:89:22:d5:62:b4:57:28:d0:d4:02:
         cc:35:d5:84:5e:fe:c6:09:17:ed:08:49:39:f1:36:ae:ae:cf:
         d8:4e:29:09:2f:8e:c3:d1:07:a3:3c:59:00:fb:26:e4:6d:f1:
         51:ff:fd:58:3b:c1:c7:30:22:4c:62:fc:9b:25:04:5f:98:8a:
         ba:ef:87:54:05:49:67:01:2c:c3:cd:de:b0:8f:70:8b:03:3d:
         7f:8a:46:7e:d2:b5:a9:8b:ae:78:cc:96:26:88:65:57:76:71:
         31:ab:d4:8e:b1:70:ba:1d:a2:c8:21:e9:d5:0e:b5:4b:e7:d0:
         be:74:57:b3:9a:ee:f1:2b:ac:db:87:a0:ae:f9:6b:75:35:41:
         13:03:b6:9d:9a:cd:a5:03:48:07:37:43:ce:19:4d:a0:8f:e8:
         dd:10:e5:2e:97:20:01:68:b1:a7:eb:29:03:b1:c6:23:ea:41:
         f4:8d:6a:0f:c7:d0:06:5e:78:9e:30:c0:5c:09:cf:25:db:e8:
         12:9a:24:53
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAvR0ak8SZcyxSZTIZsgIGHcfWIAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZjVjM2E3YjhlOWYzZTAzOTI2ZDRjNzI5YzQ3MmNhOTlh
NWFlNzAxOGY3Y2E4MWM3ZmIzNmE2Yzg3OGE2ZGQ1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgZ+PxQ//WypvG3RZJjUBARIkhz4XCcUBa5jm+dLKa3qJO
qDgzO05bVLn95bPfDcZCCDjWSkRrCwJIHmqx+jrJp/oqQ8V+QOXBDbWUwYtFxrqx
EOSRUVrTuPL4ekiFfs8Gx20cp5dZAFgXjweLWhG9HWhw8BbIKrcjwCzqNtt5mMaE
j0zxWn2r59krRGk9BoWntSXPqY2JN9CD2RgBKV/Iq+3hrxWHJhv4K84D9Qd9Bjsa
RCboWhv3PJCuHCfo0tI3UMj23IMXcOd1z1Hil1SdKJmjSp2izIg8aSSdEVzI8YAZ
gJpTBA4DCWokDjh096ZF/DQX/X441G3kpANcoewbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUz+wqwadJH8ydjQ2oHHtoBMmd0lIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y1OWEzZGYyLWU4NzMtNDM4MS05YjIwLTQ2ZmI0MTEwNzhlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwNZMDANBgkqhkiG9w0BAQsFAAOCAQEAX8DFkk0Acj14HodErricngKzSaWF
oo8iUrOZq7AEofhyRBHr3lEr+61o8JVKs09OkrnY50TXZFFPVL9LnWmJItVitFco
0NQCzDXVhF7+xgkX7QhJOfE2rq7P2E4pCS+Ow9EHozxZAPsm5G3xUf/9WDvBxzAi
TGL8myUEX5iKuu+HVAVJZwEsw83esI9wiwM9f4pGftK1qYuueMyWJohlV3ZxMavU
jrFwuh2iyCHp1Q61S+fQvnRXs5ru8Sus24egrvlrdTVBEwO2nZrNpQNIBzdDzhlN
oI/o3RDlLpcgAWixp+spA7HGI+pB9I1qD8fQBl54njDAXAnPJdvoEpokUw==
-----END CERTIFICATE-----