Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b5ff42b-0c4c-4e12-81ae-d20339842141.roa
File:                     7b5ff42b-0c4c-4e12-81ae-d20339842141.roa (raw, json)
Hash identifier:          vyTnl3JyVy2t7IxeTBA6HHW4MwqHgKBNsYC5/8FzDC4=
Subject key identifier:   6F:0C:AD:44:69:0F:18:9F:86:E6:F5:D3:6D:01:50:65:51:F2:F7:2B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       79CAD0770A00F617D7B22919A2B626EA83CB96EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b5ff42b-0c4c-4e12-81ae-d20339842141.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        209.177.24.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:ca:d0:77:0a:00:f6:17:d7:b2:29:19:a2:b6:26:ea:83:cb:96:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=acf4a04845ab26a3425c12bdfc2412fab515c2bb040af090b81a8be07b436e1a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e4:b9:9f:2d:45:11:b9:a8:f2:50:95:d1:ca:
                    63:28:ee:56:65:55:f8:d7:db:d7:d2:42:19:13:6d:
                    9e:b0:1c:f9:51:c2:fa:54:cc:df:55:f2:fc:79:36:
                    60:a9:6e:77:20:aa:20:50:44:28:29:d5:6e:65:e1:
                    c2:e0:9a:7e:d6:1d:05:c0:6b:2f:ee:fb:64:14:00:
                    64:29:1e:0b:2d:55:36:24:b1:0d:8b:c9:07:3f:a1:
                    7f:4f:d6:12:64:c6:b9:97:00:1c:85:34:4c:a9:7d:
                    4a:bf:a9:d8:50:a7:57:bc:bb:4f:55:24:7b:86:aa:
                    0f:1c:02:ef:39:e5:12:d0:5f:e2:32:2a:92:ec:a7:
                    cf:15:8d:9e:e9:bf:db:d7:c7:4b:c4:36:69:7c:6d:
                    f9:28:74:89:2b:4d:ef:37:cd:8a:d3:2e:60:3b:91:
                    6a:17:c5:7f:02:dc:c7:c5:08:56:2a:62:58:dd:55:
                    0f:8b:f2:59:46:c2:0e:9b:51:20:ed:33:f8:3e:1f:
                    66:2d:74:7d:63:56:46:38:e2:24:45:8d:2d:10:ae:
                    08:f9:b8:69:29:2a:2c:e2:f9:e5:e1:11:eb:3e:8b:
                    06:f3:1b:6d:50:13:a5:55:a9:4a:a9:c9:2a:d7:84:
                    46:72:2b:77:b0:9c:32:c7:a4:e8:7c:73:9c:8d:07:
                    6f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:0C:AD:44:69:0F:18:9F:86:E6:F5:D3:6D:01:50:65:51:F2:F7:2B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b5ff42b-0c4c-4e12-81ae-d20339842141.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.177.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7d:48:a0:7f:d1:a6:6a:67:1a:0d:8a:9c:d4:50:44:29:f1:4e:
         18:7a:d8:c6:be:fb:14:21:c4:a2:f3:0f:7a:e3:e9:29:5b:cb:
         c0:d1:e0:50:d3:e7:43:99:c1:9d:7a:1c:af:2e:60:3b:e5:03:
         c0:66:31:ec:76:65:c6:50:28:cc:4d:cd:88:c4:a9:74:49:d2:
         bb:f2:40:e4:8c:09:d0:49:48:50:4b:79:6e:1c:fe:c6:73:54:
         90:28:2f:16:76:8c:18:64:e1:66:c7:81:0a:eb:b9:3a:55:01:
         6a:e2:e9:79:46:59:93:e5:36:6a:ca:20:43:d5:97:fb:02:f2:
         89:9c:a3:68:9e:75:be:d0:cc:74:df:e2:99:3b:b7:fc:b8:01:
         65:75:64:54:6e:cf:29:2f:5e:80:c2:d0:95:e7:b4:9c:c7:22:
         13:06:d3:41:e7:1c:17:a3:2f:96:be:20:2e:52:cb:c7:d0:b9:
         ae:f8:b8:92:79:33:a2:c3:1a:95:1a:0d:6a:9d:8b:05:76:60:
         f0:ab:ae:4a:fb:58:80:c1:9d:d3:28:3e:26:19:a5:b9:1a:67:
         00:da:18:d6:cb:ed:f1:24:39:64:f7:e1:22:1d:3e:c9:70:3a:
         77:b1:35:a3:66:89:1c:9d:87:66:9e:e1:92:8c:ad:5c:53:e7:
         3a:16:43:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUecrQdwoA9hfXsikZorYm6oPLluswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhY2Y0YTA0ODQ1YWIyNmEzNDI1YzEyYmRmYzI0MTJmYWI1
MTVjMmJiMDQwYWYwOTBiODFhOGJlMDdiNDM2ZTFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCn5LmfLUURuajyUJXRymMo7lZlVfjX29fSQhkTbZ6wHPlR
wvpUzN9V8vx5NmCpbncgqiBQRCgp1W5l4cLgmn7WHQXAay/u+2QUAGQpHgstVTYk
sQ2LyQc/oX9P1hJkxrmXAByFNEypfUq/qdhQp1e8u09VJHuGqg8cAu855RLQX+Iy
KpLsp88VjZ7pv9vXx0vENml8bfkodIkrTe83zYrTLmA7kWoXxX8C3MfFCFYqYljd
VQ+L8llGwg6bUSDtM/g+H2YtdH1jVkY44iRFjS0Qrgj5uGkpKizi+eXhEes+iwbz
G21QE6VVqUqpySrXhEZyK3ewnDLHpOh8c5yNB2+ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbwytRGkPGJ+G5vXTbQFQZVHy9yswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiNWZmNDJiLTBjNGMtNGUxMi04MWFlLWQyMDMzOTg0MjE0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPRsRgwDQYJKoZIhvcNAQELBQADggEBAH1IoH/RpmpnGg2KnNRQRCnxThh6
2Ma++xQhxKLzD3rj6Slby8DR4FDT50OZwZ16HK8uYDvlA8BmMex2ZcZQKMxNzYjE
qXRJ0rvyQOSMCdBJSFBLeW4c/sZzVJAoLxZ2jBhk4WbHgQrruTpVAWri6XlGWZPl
NmrKIEPVl/sC8omco2iedb7QzHTf4pk7t/y4AWV1ZFRuzykvXoDC0JXntJzHIhMG
00HnHBejL5a+IC5Sy8fQua74uJJ5M6LDGpUaDWqdiwV2YPCrrkr7WIDBndMoPiYZ
pbkaZwDaGNbL7fEkOWT34SIdPslwOnexNaNmiRydh2ae4ZKMrVxT5zoWQ/k=
-----END CERTIFICATE-----