Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b641b96-dc64-4855-ad6f-63652168491b.roa
File:                     0b641b96-dc64-4855-ad6f-63652168491b.roa (raw, json)
Hash identifier:          C/sc8k9AFneBIo8hVU4jmK5thPWjhQaXZnr2yFv8brU=
Subject key identifier:   71:C6:26:CF:4B:A2:DE:EA:54:15:A6:34:C7:66:A7:B4:91:09:11:27
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       419BF11B0F1D5AE53D211D10D4A5A34420E20CA4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b641b96-dc64-4855-ad6f-63652168491b.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        166.74.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:9b:f1:1b:0f:1d:5a:e5:3d:21:1d:10:d4:a5:a3:44:20:e2:0c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b9:db:27:cb:5b:dc:1a:5f:9d:77:a2:c3:85:
                    3b:d8:14:f2:3f:fe:4c:91:93:32:f1:64:ff:b1:d9:
                    64:88:8b:cf:b2:b0:06:4e:05:b3:a9:23:b2:a5:04:
                    42:e3:0f:a1:42:7c:af:b2:97:69:e0:17:00:6e:33:
                    cc:92:54:d5:21:26:a7:07:05:76:a4:dd:95:ce:69:
                    08:50:87:ab:8d:4c:60:04:93:bd:5e:15:7a:77:60:
                    53:c9:dd:60:03:96:bd:f7:49:1c:f0:bf:59:21:45:
                    c3:83:be:cd:1e:c5:80:88:6a:cd:90:8e:ed:07:64:
                    49:7b:22:8e:4e:d3:d0:00:12:3b:ea:18:34:b8:dd:
                    69:a7:bb:32:e6:15:cf:78:c0:be:6e:fb:a1:44:b4:
                    3c:a5:ec:dc:0f:3d:58:0a:b2:80:5f:5a:2d:44:8e:
                    33:dc:61:bb:71:0a:88:ad:d7:73:20:ef:d5:14:22:
                    0e:2b:3c:a8:8d:19:d4:d6:2b:b1:33:27:db:f3:f2:
                    84:2e:53:be:fb:75:81:41:38:7e:28:78:7e:bb:7a:
                    4d:c0:ee:3b:e7:e9:5b:2d:03:46:88:80:d6:d6:93:
                    df:45:ed:f3:46:67:e9:b3:d3:67:71:e0:52:f3:ba:
                    1b:86:a4:8c:a7:e0:b5:65:48:0c:9d:13:de:ff:a0:
                    b5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:C6:26:CF:4B:A2:DE:EA:54:15:A6:34:C7:66:A7:B4:91:09:11:27
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0b641b96-dc64-4855-ad6f-63652168491b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.74.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8c:c4:93:d8:0c:ee:15:9e:d9:d9:5e:13:67:4b:71:2f:b7:84:
         28:f9:fd:9a:db:3a:de:c8:8a:2d:6a:3d:d2:31:ed:0f:63:5b:
         f8:28:0b:80:a7:79:fd:3b:94:f8:a1:07:e6:e1:2a:04:d2:ee:
         b5:b5:fa:5b:da:48:ba:94:7d:8b:0f:e1:7f:84:90:f3:ed:d1:
         71:77:e9:58:9d:54:8a:2c:6d:74:7d:fc:10:95:e7:e7:62:d2:
         0e:fd:31:9d:d9:82:f0:7a:b3:d4:37:c7:8c:d3:aa:15:64:82:
         84:75:05:7b:62:97:c1:25:ed:09:dc:c8:a1:9d:ae:6e:56:64:
         f5:8b:b4:48:60:b4:e0:4e:a3:f7:a2:bf:a5:61:6f:46:28:f5:
         2c:66:01:f3:76:da:15:b9:0c:d3:dd:c1:ec:0e:82:4f:b8:37:
         21:f7:29:a8:08:c4:79:9f:41:e5:be:e7:d1:e9:b4:20:00:94:
         31:56:79:40:bc:da:e2:ac:a7:c1:83:36:05:1f:76:39:08:1b:
         73:f0:a1:5d:ff:3a:a6:fb:f9:c9:ca:e4:01:1d:79:58:9e:43:
         bc:46:88:24:1e:22:bb:88:56:86:11:a6:ed:a5:67:2f:4e:7d:
         fd:7b:92:5f:c8:b8:57:a9:d7:0d:a9:13:08:60:52:bc:88:3a:
         7b:5b:a8:ef
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQZvxGw8dWuU9IR0Q1KWjRCDiDKQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOTdkMTAwN2NhOTRmZTNlMjYzNzExYTY2ZjQ0N2M4MWY4
YTRkNGE5YmIwZmU2NzNjODgyZmJlYmFhYzM4NmVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDhudsny1vcGl+dd6LDhTvYFPI//kyRkzLxZP+x2WSIi8+y
sAZOBbOpI7KlBELjD6FCfK+yl2ngFwBuM8ySVNUhJqcHBXak3ZXOaQhQh6uNTGAE
k71eFXp3YFPJ3WADlr33SRzwv1khRcODvs0exYCIas2Qju0HZEl7Io5O09AAEjvq
GDS43WmnuzLmFc94wL5u+6FEtDyl7NwPPVgKsoBfWi1EjjPcYbtxCoit13Mg79UU
Ig4rPKiNGdTWK7EzJ9vz8oQuU777dYFBOH4oeH67ek3A7jvn6VstA0aIgNbWk99F
7fNGZ+mz02dx4FLzuhuGpIyn4LVlSAydE97/oLWfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUccYmz0ui3upUFaY0x2antJEJEScwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBiNjQxYjk2LWRjNjQtNDg1NS1hZDZmLTYzNjUyMTY4NDkxYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCmSjANBgkqhkiG9w0BAQsFAAOCAQEAjMST2AzuFZ7Z2V4TZ0txL7eEKPn9
mts63siKLWo90jHtD2Nb+CgLgKd5/TuU+KEH5uEqBNLutbX6W9pIupR9iw/hf4SQ
8+3RcXfpWJ1UiixtdH38EJXn52LSDv0xndmC8Hqz1DfHjNOqFWSChHUFe2KXwSXt
CdzIoZ2ublZk9Yu0SGC04E6j96K/pWFvRij1LGYB83baFbkM093B7A6CT7g3Ifcp
qAjEeZ9B5b7n0em0IACUMVZ5QLza4qynwYM2BR92OQgbc/ChXf86pvv5ycrkAR15
WJ5DvEaIJB4iu4hWhhGm7aVnL059/XuSX8i4V6nXDakTCGBSvIg6e1uo7w==
-----END CERTIFICATE-----