Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa
File:                     f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa (raw, json)
Hash identifier:          rXXunhLcIiFb/fO0k466bvELdifF2um1oTWCX/OHaz4=
Subject key identifier:   2C:E3:B7:8A:89:C8:6E:C3:AE:8C:0F:44:92:25:C6:6C:A8:70:3C:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5BADB17EA178707CA08FE15A4059B4C6D60F3E55
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        66.219.64.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ad:b1:7e:a1:78:70:7c:a0:8f:e1:5a:40:59:b4:c6:d6:0f:3e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=a34559fe527572605bdee9a6d11a5bf257837e242e5b90b38be2ae058131967d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:6c:e5:12:c8:31:83:7b:24:04:96:52:68:ba:
                    43:28:0d:71:4f:23:18:24:fb:2b:d9:ce:dd:2d:18:
                    c6:ce:58:4b:45:9f:1d:fa:53:8c:42:8d:9b:0a:8e:
                    b7:16:7f:9b:48:e8:13:60:af:77:67:5f:f0:ce:67:
                    58:6e:56:d4:6e:17:6d:3b:ec:a1:54:78:da:70:02:
                    ce:05:51:03:de:2f:02:cb:35:81:b1:30:e1:24:fa:
                    37:63:5b:02:1f:10:d0:ad:e7:a8:d8:4d:0a:78:e9:
                    a9:33:5f:40:78:02:36:b1:f1:4e:c3:aa:b7:93:ab:
                    80:8b:71:6b:14:82:37:6c:d9:29:48:3f:72:99:42:
                    d4:1a:00:2a:a5:73:56:6f:31:34:79:ef:b0:75:4c:
                    bd:10:e4:2e:09:c7:11:9f:f0:5c:5f:31:b8:cc:39:
                    fe:5e:80:6c:19:ae:5c:3f:e6:c1:c6:50:05:3e:4e:
                    5e:36:87:eb:05:dc:4d:c0:a5:0d:37:28:c9:02:68:
                    1f:06:f2:c9:8c:b6:a6:83:29:e5:56:64:f5:6a:0b:
                    82:3f:f2:af:88:ee:0e:2a:20:77:7b:7f:f6:03:17:
                    d9:6d:73:5a:bc:f5:5e:3e:8c:cd:92:48:90:05:59:
                    82:d1:11:bb:f5:72:db:a2:01:df:66:71:8a:e4:36:
                    f8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E3:B7:8A:89:C8:6E:C3:AE:8C:0F:44:92:25:C6:6C:A8:70:3C:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f638fc9e-fe40-4ee4-8146-e6ba65dda13d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.219.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         35:ae:58:85:6c:e9:f6:8e:8e:b9:fa:0e:23:c0:43:3e:74:c5:
         a8:78:5c:d9:0b:0d:1f:76:61:78:67:eb:6c:e6:6d:6b:75:7f:
         84:3e:8c:f1:dd:80:17:73:9b:a4:49:f3:d4:41:32:9a:47:9f:
         09:66:15:c6:dc:6b:50:f4:f2:16:d1:22:3d:6c:f8:66:a1:9e:
         0a:89:4b:e0:35:5a:52:aa:8f:1f:56:2e:37:c8:26:d0:48:84:
         29:da:c1:20:dc:3c:7e:a3:e0:0b:68:e7:89:4b:ba:13:70:26:
         b5:84:c6:2b:77:c4:1a:9a:f1:34:c6:58:18:c4:db:48:8c:50:
         98:68:86:91:98:70:df:21:15:a8:48:a5:78:d3:4d:07:6a:1e:
         ef:fa:d5:4b:c2:bd:2d:eb:82:72:e8:53:20:6c:ed:c7:08:69:
         bb:39:d3:5d:ee:02:b5:c6:f4:d7:e3:d8:30:f4:44:9b:35:5f:
         9b:eb:aa:66:85:7e:f8:e7:f4:63:59:d5:41:21:dd:ea:be:e5:
         2b:94:90:3f:aa:d4:c7:39:f4:b7:f3:f2:13:98:ac:fd:9b:82:
         49:47:51:13:26:62:a5:33:29:70:a4:93:0a:d5:08:51:a9:3d:
         fa:f9:c2:ba:44:1f:97:f5:81:c2:bf:8b:4f:74:3f:d6:c6:d4:
         ec:65:b3:19
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW62xfqF4cHygj+FaQFm0xtYPPlUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzQ1NTlmZTUyNzU3MjYwNWJkZWU5YTZkMTFhNWJmMjU3
ODM3ZTI0MmU1YjkwYjM4YmUyYWUwNTgxMzE5NjdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCYbOUSyDGDeyQEllJoukMoDXFPIxgk+yvZzt0tGMbOWEtF
nx36U4xCjZsKjrcWf5tI6BNgr3dnX/DOZ1huVtRuF2077KFUeNpwAs4FUQPeLwLL
NYGxMOEk+jdjWwIfENCt56jYTQp46akzX0B4Ajax8U7DqreTq4CLcWsUgjds2SlI
P3KZQtQaACqlc1ZvMTR577B1TL0Q5C4JxxGf8FxfMbjMOf5egGwZrlw/5sHGUAU+
Tl42h+sF3E3ApQ03KMkCaB8G8smMtqaDKeVWZPVqC4I/8q+I7g4qIHd7f/YDF9lt
c1q89V4+jM2SSJAFWYLREbv1ctuiAd9mcYrkNvgfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULOO3ionIbsOujA9EkiXGbKhwPJAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y2MzhmYzllLWZlNDAtNGVlNC04MTQ2LWU2YmE2NWRkYTEzZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVC20AwDQYJKoZIhvcNAQELBQADggEBADWuWIVs6faOjrn6DiPAQz50xah4
XNkLDR92YXhn62zmbWt1f4Q+jPHdgBdzm6RJ89RBMppHnwlmFcbca1D08hbRIj1s
+GahngqJS+A1WlKqjx9WLjfIJtBIhCnawSDcPH6j4Ato54lLuhNwJrWExit3xBqa
8TTGWBjE20iMUJhohpGYcN8hFahIpXjTTQdqHu/61UvCvS3rgnLoUyBs7ccIabs5
013uArXG9Nfj2DD0RJs1X5vrqmaFfvjn9GNZ1UEh3eq+5SuUkD+q1Mc59Lfz8hOY
rP2bgklHURMmYqUzKXCkkwrVCFGpPfr5wrpEH5f1gcK/i090P9bG1Oxlsxk=
-----END CERTIFICATE-----