Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/010dc324-5a7b-4365-990a-e7161a6c5473.roa
File:                     010dc324-5a7b-4365-990a-e7161a6c5473.roa (raw, json)
Hash identifier:          eS2smcALNcOm4oT18XupAV+pthxL4uIVlWomUuKXVkg=
Subject key identifier:   42:E8:4A:A8:05:09:30:59:27:FC:2E:77:83:2A:7D:10:E1:53:B3:46
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7950D254EA4A1C6655D56C43B426F5B2F7FB4749
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/010dc324-5a7b-4365-990a-e7161a6c5473.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        75.47.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:50:d2:54:ea:4a:1c:66:55:d5:6c:43:b4:26:f5:b2:f7:fb:47:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:47:f8:45:e0:15:26:5f:7c:fa:2d:de:3e:35:
                    90:2f:0a:eb:ea:4d:b3:d0:2b:a3:97:08:cb:71:cc:
                    86:76:a1:f9:e5:7c:51:62:ab:e7:ef:6d:b0:90:4c:
                    c9:61:70:ea:aa:17:95:39:cd:7d:34:05:33:6b:11:
                    ad:04:c7:01:99:6c:c7:fb:a9:17:7e:26:9a:64:2b:
                    a7:23:8a:4b:22:7f:a7:d9:42:7a:d1:11:95:d5:dd:
                    fe:be:88:8a:2e:64:77:85:cc:4e:51:f5:f9:65:d0:
                    45:36:9a:fa:e6:d2:db:1d:cb:c5:c6:0c:c4:8a:fc:
                    40:ac:35:58:c0:25:f1:39:6a:36:c2:82:11:a7:b5:
                    01:ed:b1:cd:9c:9f:98:d2:bf:fd:b8:f0:da:42:2b:
                    67:60:58:0c:d1:17:98:8b:b0:39:f2:8e:9a:40:24:
                    c5:21:8d:2e:a4:28:d9:5f:43:8a:05:51:58:8d:ae:
                    47:89:52:46:ee:1b:02:0d:76:65:42:27:4e:23:11:
                    db:24:00:a3:23:f0:75:17:8d:ce:31:08:e7:e1:e4:
                    83:2c:ab:67:92:8f:fa:05:23:e7:49:32:99:1e:0e:
                    3a:15:d1:e0:b3:4b:46:a9:8a:36:48:63:76:1a:09:
                    98:df:f5:95:1d:4e:a9:95:8b:c5:1f:f2:76:be:0e:
                    5b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E8:4A:A8:05:09:30:59:27:FC:2E:77:83:2A:7D:10:E1:53:B3:46
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/010dc324-5a7b-4365-990a-e7161a6c5473.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  75.47.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         d5:7b:7c:af:78:b3:ca:65:ee:45:aa:df:a6:b9:7f:85:11:1c:
         54:0d:b3:7b:af:d2:fe:dd:7c:c0:be:8e:c9:37:46:b0:6b:9b:
         97:69:f5:27:79:bd:5d:b9:da:df:3e:a8:bd:61:da:27:e9:61:
         cb:e6:7c:9a:6f:c8:1a:4b:66:1e:3d:09:2a:c3:bf:97:a9:90:
         c8:c7:e9:21:e8:f7:3a:c2:df:ef:65:3d:e5:f5:04:ff:a0:bc:
         87:35:81:6b:1d:a2:44:9d:dc:5e:0b:14:7f:65:31:cc:88:0e:
         04:b7:cb:24:bd:fc:88:17:be:76:d2:28:92:97:5b:ca:18:64:
         c5:3a:33:98:2f:03:13:1d:26:c4:1e:5f:87:01:f0:8b:c9:ce:
         be:75:b4:f5:d1:1b:f0:b5:29:2e:f3:d9:7a:7c:23:c2:dd:ea:
         bf:60:de:74:a9:2f:80:a7:d7:50:98:51:d1:7f:20:f9:07:34:
         71:0c:36:e8:d7:64:1b:b6:ba:05:d5:71:43:f2:d8:53:a0:0b:
         f3:e9:7d:50:94:8f:5c:db:81:4b:1c:25:77:57:df:c0:f9:27:
         45:05:4c:6f:55:6a:23:22:ab:c5:dd:d1:53:77:81:6e:5c:72:
         41:b7:04:59:66:5f:a9:88:fc:ef:70:fe:ee:91:50:60:6b:fe:
         30:e5:43:49
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeVDSVOpKHGZV1WxDtCb1svf7R0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZmYzNTc3Mzc4Zjg2MDc5ZmY5YzEyOTM4YWNlMDkyMDll
MDk1NzkzYmVmYzA3YTk1MWVmNTliMTQ4OTU2NzI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDJR/hF4BUmX3z6Ld4+NZAvCuvqTbPQK6OXCMtxzIZ2ofnl
fFFiq+fvbbCQTMlhcOqqF5U5zX00BTNrEa0ExwGZbMf7qRd+JppkK6cjiksif6fZ
QnrREZXV3f6+iIouZHeFzE5R9fll0EU2mvrm0tsdy8XGDMSK/ECsNVjAJfE5ajbC
ghGntQHtsc2cn5jSv/248NpCK2dgWAzRF5iLsDnyjppAJMUhjS6kKNlfQ4oFUViN
rkeJUkbuGwINdmVCJ04jEdskAKMj8HUXjc4xCOfh5IMsq2eSj/oFI+dJMpkeDjoV
0eCzS0apijZIY3YaCZjf9ZUdTqmVi8Uf8na+DlubAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQuhKqAUJMFkn/C53gyp9EOFTs0YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzAxMGRjMzI0LTVhN2ItNDM2NS05OTBhLWU3MTYxYTZjNTQ3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZLLwAwDQYJKoZIhvcNAQELBQADggEBANV7fK94s8pl7kWq36a5f4URHFQN
s3uv0v7dfMC+jsk3RrBrm5dp9Sd5vV252t8+qL1h2ifpYcvmfJpvyBpLZh49CSrD
v5epkMjH6SHo9zrC3+9lPeX1BP+gvIc1gWsdokSd3F4LFH9lMcyIDgS3yyS9/IgX
vnbSKJKXW8oYZMU6M5gvAxMdJsQeX4cB8IvJzr51tPXRG/C1KS7z2Xp8I8Ld6r9g
3nSpL4Cn11CYUdF/IPkHNHEMNujXZBu2ugXVcUPy2FOgC/PpfVCUj1zbgUscJXdX
38D5J0UFTG9VaiMiq8Xd0VN3gW5cckG3BFlmX6mI/O9w/u6RUGBr/jDlQ0k=
-----END CERTIFICATE-----