Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/423308a5-20c2-47d9-92bf-059eab892199.roa
File:                     423308a5-20c2-47d9-92bf-059eab892199.roa (raw, json)
Hash identifier:          bKMSa/3GN+AbUCVk1qEEb+K0bTvFJm8RBoAQXiPSmqk=
Subject key identifier:   E8:9A:91:B4:AD:5B:7D:ED:B4:04:A5:31:EA:34:F6:FD:9B:CE:7C:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       19CB1537D586193F4916EDC66141F300FC41ED7C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/423308a5-20c2-47d9-92bf-059eab892199.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     7224
IP address blocks:        173.83.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:cb:15:37:d5:86:19:3f:49:16:ed:c6:61:41:f3:00:fc:41:ed:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=4de596ef0a2d3550ef83a03b0fc90cec439362ced7c0a676e66ac80ae3497556, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:10:1a:47:bf:50:75:34:7c:9f:0a:42:ed:ec:
                    a9:f7:e1:02:92:1e:2c:48:a7:e8:90:a2:09:3a:88:
                    bf:2d:6c:0f:f8:90:38:5a:f6:88:1c:f4:2b:82:e9:
                    cc:a4:84:80:e8:e5:72:2b:ab:48:6f:62:b0:a1:20:
                    d3:3d:55:be:0b:b3:f8:f7:dc:eb:ef:fc:39:8e:e9:
                    13:71:e0:aa:36:7b:4b:44:3f:b4:84:49:78:63:af:
                    03:96:0e:55:2d:2f:47:57:a8:db:27:94:ba:a8:02:
                    ae:9e:c9:de:85:dd:61:5a:60:f9:90:20:fb:12:03:
                    f6:29:b6:a7:8d:7d:0c:06:fe:ea:ae:39:de:39:20:
                    7d:76:37:74:d4:8e:fa:fe:b8:6e:16:0a:84:19:b1:
                    f1:81:1f:57:c1:75:72:57:5a:00:b5:2c:d1:b8:f6:
                    3b:f8:2e:0b:f2:c0:d2:f6:5c:28:29:8b:fc:ab:73:
                    2d:2c:69:8a:3b:b4:d8:38:b0:f2:ef:b4:a0:f8:2f:
                    ba:1a:a6:b5:90:2c:88:c9:5e:5a:80:28:4f:44:d9:
                    1a:41:4e:bd:20:a8:a6:e4:43:05:98:05:b9:40:b1:
                    d9:ba:3a:be:18:4e:9d:27:52:62:8f:b7:cf:90:b0:
                    91:a4:13:96:0f:98:37:2a:61:51:45:2e:f4:91:55:
                    c0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:9A:91:B4:AD:5B:7D:ED:B4:04:A5:31:EA:34:F6:FD:9B:CE:7C:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/423308a5-20c2-47d9-92bf-059eab892199.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.83.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         b3:74:ee:a2:8b:a5:87:1e:eb:5d:4c:6f:9a:1e:01:c8:8e:36:
         3f:f7:d8:92:b6:b5:25:76:fd:f5:58:1b:51:8d:8b:55:6f:cf:
         48:67:44:13:c7:32:6d:29:e0:bc:98:ef:de:eb:b7:32:d2:9b:
         9c:7a:ec:fd:58:8a:ab:54:0f:56:4a:c9:3e:b9:5d:56:e5:6e:
         34:a0:ea:7e:89:73:b2:5b:54:b4:25:32:c3:ea:76:d1:f6:50:
         80:4a:5d:2c:e4:15:ea:83:ca:03:64:04:61:3f:29:19:32:fd:
         e2:21:2e:f5:4b:ab:e3:9d:50:45:c3:8f:ac:5e:4d:42:2f:6b:
         27:13:6e:bb:3d:4a:49:4b:bd:c5:4e:08:9b:e3:ac:42:33:ca:
         57:db:59:f2:b0:55:f3:56:ed:da:fd:cd:17:ee:17:40:08:5a:
         a7:59:7b:73:b8:41:7c:36:06:49:f5:6b:74:e9:3a:a5:bf:b3:
         ec:1c:38:67:4a:87:af:54:c8:a8:22:a0:6b:59:44:1e:d6:54:
         9c:80:b6:fd:0e:b9:b9:ff:cc:05:d7:4f:01:62:ad:5c:90:4e:
         cd:66:3e:74:f4:8d:26:9f:9d:72:6b:23:9b:ba:6c:88:98:b8:
         10:d3:11:30:ed:c1:d7:21:e8:56:c9:de:bd:fb:7e:36:5c:6a:
         45:d9:55:b6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGcsVN9WGGT9JFu3GYUHzAPxB7XwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGU1OTZlZjBhMmQzNTUwZWY4M2EwM2IwZmM5MGNlYzQz
OTM2MmNlZDdjMGE2NzZlNjZhYzgwYWUzNDk3NTU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6EBpHv1B1NHyfCkLt7Kn34QKSHixIp+iQogk6iL8tbA/4
kDha9ogc9CuC6cykhIDo5XIrq0hvYrChINM9Vb4Ls/j33Ovv/DmO6RNx4Ko2e0tE
P7SESXhjrwOWDlUtL0dXqNsnlLqoAq6eyd6F3WFaYPmQIPsSA/YptqeNfQwG/uqu
Od45IH12N3TUjvr+uG4WCoQZsfGBH1fBdXJXWgC1LNG49jv4LgvywNL2XCgpi/yr
cy0saYo7tNg4sPLvtKD4L7oaprWQLIjJXlqAKE9E2RpBTr0gqKbkQwWYBblAsdm6
Or4YTp0nUmKPt8+QsJGkE5YPmDcqYVFFLvSRVcBDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6JqRtK1bfe20BKUx6jT2/ZvOfE4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQyMzMwOGE1LTIwYzItNDdkOS05MmJmLTA1OWVhYjg5MjE5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAatU4AwDQYJKoZIhvcNAQELBQADggEBALN07qKLpYce611Mb5oeAciONj/3
2JK2tSV2/fVYG1GNi1Vvz0hnRBPHMm0p4LyY797rtzLSm5x67P1YiqtUD1ZKyT65
XVblbjSg6n6Jc7JbVLQlMsPqdtH2UIBKXSzkFeqDygNkBGE/KRky/eIhLvVLq+Od
UEXDj6xeTUIvaycTbrs9SklLvcVOCJvjrEIzylfbWfKwVfNW7dr9zRfuF0AIWqdZ
e3O4QXw2Bkn1a3TpOqW/s+wcOGdKh69UyKgioGtZRB7WVJyAtv0Oubn/zAXXTwFi
rVyQTs1mPnT0jSafnXJrI5u6bIiYuBDTETDtwdch6FbJ3r37fjZcakXZVbY=
-----END CERTIFICATE-----