Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68fb6455-21a4-4044-923b-37ddc9951312.roa
File:                     68fb6455-21a4-4044-923b-37ddc9951312.roa (raw, json)
Hash identifier:          YQjKz/0kxSR6T872emKKGoQXXhtIpYe3RN/VXxnhgxs=
Subject key identifier:   11:D1:09:95:85:CD:DB:63:74:14:60:BE:73:7C:E2:A8:2F:51:D6:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       052DDC6FBA02491D2FF4D0C8C6FE4AD5872A5CFC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68fb6455-21a4-4044-923b-37ddc9951312.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        79.73.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:2d:dc:6f:ba:02:49:1d:2f:f4:d0:c8:c6:fe:4a:d5:87:2a:5c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=c40110d86dc46347e2a909cb106ad09db985d693f91c30e3153097875b3c3f70, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:33:90:73:95:e8:49:3e:a9:b7:4a:a8:14:35:
                    33:13:ff:cc:f3:a7:fc:10:c8:21:2b:59:d3:e3:16:
                    30:f9:d6:9d:4c:50:e6:86:2b:50:b2:0a:58:84:17:
                    9f:67:c9:79:7c:6e:cb:1d:5c:41:a5:d0:b4:50:51:
                    ac:68:9c:40:66:9d:c6:f8:eb:21:0e:b8:3c:f9:4e:
                    cb:34:e2:71:24:f5:86:15:3a:4a:42:32:57:c0:66:
                    f9:e6:93:d4:4e:7d:08:46:ce:8b:dc:ff:50:81:ec:
                    ac:b1:cb:de:11:36:b2:fa:6a:de:a0:51:9f:44:cf:
                    62:e3:31:fe:55:43:2c:f6:28:02:42:9b:08:86:7f:
                    15:4b:b7:b5:ad:08:00:1c:2e:e6:c9:37:62:e9:a9:
                    cc:a5:df:8f:f1:7b:87:a5:7b:54:42:3f:52:ee:ce:
                    88:68:87:9b:17:0d:23:c6:9d:ed:ba:71:76:bb:6b:
                    0f:96:cd:96:81:f7:1e:6d:fb:b7:67:65:7f:8a:ab:
                    57:73:81:48:fe:bb:4f:0e:24:4f:62:8c:a0:59:b9:
                    b9:c3:ae:41:76:64:b3:bf:d5:51:57:d8:17:e8:f5:
                    03:0d:90:21:21:5f:a2:d1:8f:db:0a:28:ee:73:8d:
                    d2:f2:9c:54:18:62:34:01:e8:ba:2b:fd:ee:2b:14:
                    ba:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D1:09:95:85:CD:DB:63:74:14:60:BE:73:7C:E2:A8:2F:51:D6:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68fb6455-21a4-4044-923b-37ddc9951312.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.73.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         92:f3:a7:8f:49:8f:68:97:5c:c2:9c:97:3d:12:97:52:02:90:
         75:5d:7c:6b:82:df:35:b4:fc:cf:89:98:91:f8:89:6b:14:cb:
         2d:41:45:b3:d0:da:1c:a0:b2:d5:d7:a3:13:4a:62:60:85:43:
         07:1e:21:7f:d5:54:48:22:1b:1f:66:e5:9e:69:61:04:cb:96:
         64:10:70:84:03:b0:67:56:9e:13:d2:22:5a:37:5a:bf:65:a3:
         d1:02:7b:ae:db:32:12:cf:fe:67:2c:f5:89:2d:e4:1e:49:ca:
         29:64:86:ae:2a:63:b7:44:f2:76:ea:44:ba:96:b7:eb:bb:b7:
         b4:66:96:26:79:77:ed:c2:33:c5:45:4f:c3:8a:52:6f:19:1b:
         78:d8:3c:e0:44:94:a3:d1:f3:05:26:53:8d:c3:d5:71:73:3d:
         67:57:61:42:3c:44:b4:fe:00:0a:2f:c4:62:84:21:98:f5:49:
         cb:96:c5:50:63:6e:63:a7:c0:c6:9b:99:62:c8:9c:a1:b4:3b:
         7d:95:2f:b0:e7:c5:6e:06:8e:ab:39:c8:e4:00:c2:3b:95:1c:
         71:39:61:62:b8:79:bb:3e:2d:ac:0b:e7:41:9d:2d:4b:ea:a1:
         dd:ac:ee:4a:5f:6d:d0:e9:b2:ea:45:b7:74:a5:20:c1:9c:09:
         c9:ca:b6:99
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBS3cb7oCSR0v9NDIxv5K1YcqXPwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNDAxMTBkODZkYzQ2MzQ3ZTJhOTA5Y2IxMDZhZDA5ZGI5
ODVkNjkzZjkxYzMwZTMxNTMwOTc4NzViM2MzZjcwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXM5BzlehJPqm3SqgUNTMT/8zzp/wQyCErWdPjFjD51p1M
UOaGK1CyCliEF59nyXl8bssdXEGl0LRQUaxonEBmncb46yEOuDz5Tss04nEk9YYV
OkpCMlfAZvnmk9ROfQhGzovc/1CB7Kyxy94RNrL6at6gUZ9Ez2LjMf5VQyz2KAJC
mwiGfxVLt7WtCAAcLubJN2Lpqcyl34/xe4ele1RCP1Luzohoh5sXDSPGne26cXa7
aw+WzZaB9x5t+7dnZX+Kq1dzgUj+u08OJE9ijKBZubnDrkF2ZLO/1VFX2Bfo9QMN
kCEhX6LRj9sKKO5zjdLynFQYYjQB6Lor/e4rFLpLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUEdEJlYXN22N0FGC+c3ziqC9R1i4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4ZmI2NDU1LTIxYTQtNDA0NC05MjNiLTM3ZGRjOTk1MTMxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdPSYAwDQYJKoZIhvcNAQELBQADggEBAJLzp49Jj2iXXMKclz0Sl1ICkHVd
fGuC3zW0/M+JmJH4iWsUyy1BRbPQ2hygstXXoxNKYmCFQwceIX/VVEgiGx9m5Z5p
YQTLlmQQcIQDsGdWnhPSIlo3Wr9lo9ECe67bMhLP/mcs9Ykt5B5Jyilkhq4qY7dE
8nbqRLqWt+u7t7RmliZ5d+3CM8VFT8OKUm8ZG3jYPOBElKPR8wUmU43D1XFzPWdX
YUI8RLT+AAovxGKEIZj1ScuWxVBjbmOnwMabmWLInKG0O32VL7DnxW4Gjqs5yOQA
wjuVHHE5YWK4ebs+LawL50GdLUvqod2s7kpfbdDpsupFt3SlIMGcCcnKtpk=
-----END CERTIFICATE-----