Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73ecc6c9-fd4b-41b2-ae63-85f852614b8f.roa
File:                     73ecc6c9-fd4b-41b2-ae63-85f852614b8f.roa (raw, json)
Hash identifier:          YMRDb6+SsRTvesbBrCJ9exiCcNMIFssKfKoB20ruPZo=
Subject key identifier:   36:DE:0A:9F:6B:BB:C2:61:D9:6B:23:C6:8C:5C:D2:BE:61:B1:E9:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6048D195C7980F80A30F7C7E7B23B64D73ED224A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73ecc6c9-fd4b-41b2-ae63-85f852614b8f.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        74.190.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:48:d1:95:c7:98:0f:80:a3:0f:7c:7e:7b:23:b6:4d:73:ed:22:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:af:92:86:fe:7b:66:24:97:f1:d4:68:47:e0:
                    ad:e9:14:13:7d:ba:d0:1c:92:a2:94:2b:3e:9e:9f:
                    a1:2d:0e:71:52:ca:7a:ee:32:40:28:4b:e5:27:0a:
                    0c:30:3b:8e:98:0a:f2:01:5e:ea:3e:a7:50:40:38:
                    bc:7c:6a:bd:37:8e:89:9b:e9:dc:94:6e:fa:76:37:
                    aa:06:c7:52:86:64:f6:6a:ae:12:64:06:d5:08:ff:
                    34:9f:34:0c:13:eb:cd:a1:8d:b2:7e:ca:af:0e:59:
                    cd:cd:17:9d:10:65:0a:c4:ab:f5:a0:08:1a:44:8c:
                    2e:d7:fb:d4:27:05:5c:f7:c0:f1:ef:e8:b4:17:15:
                    d1:79:c4:13:24:52:d6:ed:be:6a:f7:41:27:f2:22:
                    03:bd:77:eb:2b:bb:5a:64:2e:78:ee:0a:5b:40:84:
                    72:9f:07:30:f2:47:f8:52:e0:41:8c:32:63:61:27:
                    64:b7:33:3e:aa:e9:22:5b:9f:c9:74:60:b6:4b:b9:
                    11:cf:52:96:0a:76:21:56:1a:66:02:74:c3:81:e6:
                    fc:43:41:d8:78:66:0e:3b:6f:ff:87:62:45:03:63:
                    92:55:1e:6c:cf:69:33:0a:04:35:40:bc:41:c2:0a:
                    09:e4:8a:d4:3c:ea:31:b6:ab:7c:cc:d8:5b:bf:57:
                    97:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:DE:0A:9F:6B:BB:C2:61:D9:6B:23:C6:8C:5C:D2:BE:61:B1:E9:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/73ecc6c9-fd4b-41b2-ae63-85f852614b8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:55:9b:40:23:24:3d:03:c5:85:e7:9a:be:04:eb:6f:a2:9a:
         a5:02:bd:22:6d:2a:48:1a:7e:ca:3a:26:97:84:1c:dc:b4:88:
         3a:54:46:58:35:0f:91:b6:c3:d4:61:29:32:6a:22:ce:c0:f2:
         f9:b5:c1:45:65:34:78:be:f0:24:83:88:4a:c4:a7:80:7e:0d:
         67:6e:3d:e3:4b:8e:da:69:08:18:f9:f7:78:95:1d:45:39:5f:
         ab:7d:91:7c:dc:32:bf:55:47:55:ea:45:a3:87:75:fc:7f:72:
         9f:32:f0:ec:3b:b8:65:f3:1c:1f:00:06:88:3b:b2:8c:ab:13:
         52:a7:b0:a2:2a:9c:37:c4:00:b3:c5:83:3c:0c:99:b2:0d:f3:
         6d:e6:2d:71:1c:84:e3:b5:a2:c9:7b:65:4b:04:7d:77:12:a8:
         9c:b4:0c:20:56:d1:2d:63:1f:d9:07:47:28:bf:72:a7:5c:da:
         b5:86:e9:a5:34:98:ac:86:66:83:3b:ec:f7:87:8c:c5:d6:52:
         42:0d:26:1f:9a:30:14:59:1f:54:c2:e3:b4:ae:fe:88:4c:4e:
         bf:86:ca:38:02:02:38:08:0d:15:74:6d:5c:7c:08:85:79:31:
         5f:d6:35:ed:64:6b:e6:79:4e:7b:57:40:34:b8:1f:e5:57:80:
         32:82:57:5c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYEjRlceYD4CjD3x+eyO2TXPtIkowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyODVkOGFkMDY1MzM5NzgxMWE3NDk1ZDI2YWY1NTVhOWM1
ZTFmMTA3MmFiNDI3YTlmMGYyM2NkMGYxMjM4ODIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrr5KG/ntmJJfx1GhH4K3pFBN9utAckqKUKz6en6EtDnFS
ynruMkAoS+UnCgwwO46YCvIBXuo+p1BAOLx8ar03jomb6dyUbvp2N6oGx1KGZPZq
rhJkBtUI/zSfNAwT682hjbJ+yq8OWc3NF50QZQrEq/WgCBpEjC7X+9QnBVz3wPHv
6LQXFdF5xBMkUtbtvmr3QSfyIgO9d+sru1pkLnjuCltAhHKfBzDyR/hS4EGMMmNh
J2S3Mz6q6SJbn8l0YLZLuRHPUpYKdiFWGmYCdMOB5vxDQdh4Zg47b/+HYkUDY5JV
HmzPaTMKBDVAvEHCCgnkitQ86jG2q3zM2Fu/V5evAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNt4Kn2u7wmHZayPGjFzSvmGx6XMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzczZWNjNmM5LWZkNGItNDFiMi1hZTYzLTg1Zjg1MjYxNGI4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBKvjANBgkqhkiG9w0BAQsFAAOCAQEAQlWbQCMkPQPFheeavgTrb6KapQK9
Im0qSBp+yjoml4Qc3LSIOlRGWDUPkbbD1GEpMmoizsDy+bXBRWU0eL7wJIOISsSn
gH4NZ24940uO2mkIGPn3eJUdRTlfq32RfNwyv1VHVepFo4d1/H9ynzLw7Du4ZfMc
HwAGiDuyjKsTUqewoiqcN8QAs8WDPAyZsg3zbeYtcRyE47WiyXtlSwR9dxKonLQM
IFbRLWMf2QdHKL9yp1zatYbppTSYrIZmgzvs94eMxdZSQg0mH5owFFkfVMLjtK7+
iExOv4bKOAICOAgNFXRtXHwIhXkxX9Y17WRr5nlOe1dANLgf5VeAMoJXXA==
-----END CERTIFICATE-----