Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4cd15fa-81ee-4976-b600-934f1f36a677.roa
File:                     a4cd15fa-81ee-4976-b600-934f1f36a677.roa (raw, json)
Hash identifier:          GywgW4WY6NxVJlp0Cl+fYNCMk9Vfrd7gvy1R7o89xgw=
Subject key identifier:   76:29:4B:74:F8:BE:B5:7F:FB:A5:25:71:00:42:74:66:96:B1:C4:7F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57CD8F17437EA1D19C9A9D383E8499333F7D26E1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4cd15fa-81ee-4976-b600-934f1f36a677.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        148.73.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:cd:8f:17:43:7e:a1:d1:9c:9a:9d:38:3e:84:99:33:3f:7d:26:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=384d95142896d95a44b655f4f2e5e589674f0821a418776a0a4be2f8d0f98282, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:84:6a:ae:af:14:a5:bc:d4:31:11:92:e7:01:
                    32:ee:8a:d5:da:3a:9f:01:fe:3a:7a:73:e6:da:7d:
                    1d:16:53:35:76:f5:8b:e1:a3:5a:94:33:85:d3:c4:
                    a6:5f:ac:e9:a9:73:9c:81:6d:d7:7a:c3:fd:03:bd:
                    bd:63:b2:88:d9:08:ee:e6:5a:82:c5:7d:fb:53:db:
                    84:c1:f3:aa:18:c5:6b:db:2c:1d:e8:0e:05:ff:0e:
                    b7:b8:82:10:a7:ce:58:bb:aa:66:d2:23:8e:e3:36:
                    bd:ab:79:cd:0d:ea:7a:8b:1a:96:ad:76:9a:a0:a6:
                    71:96:34:64:2c:db:62:0c:7a:78:01:5b:d5:30:da:
                    e9:31:14:a7:43:88:85:47:0f:f9:2f:ec:c9:19:49:
                    b2:f2:82:7d:fa:85:b8:0e:3d:55:3f:96:e3:19:39:
                    00:fc:92:e4:05:d1:ca:a5:b6:d5:f4:12:c7:6b:2e:
                    c8:c3:2f:fe:92:ec:dc:42:4b:6d:1c:d1:17:4a:60:
                    2c:73:18:4c:03:ae:4c:b1:41:9c:d6:6b:87:6f:87:
                    ea:4d:76:f8:83:2c:d0:b5:27:a9:ed:da:da:3e:06:
                    92:59:30:fd:6f:a0:2f:fe:56:77:13:de:10:42:2c:
                    ea:08:7c:45:fd:3d:80:5c:b0:0f:9b:16:db:fa:6d:
                    5d:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:29:4B:74:F8:BE:B5:7F:FB:A5:25:71:00:42:74:66:96:B1:C4:7F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4cd15fa-81ee-4976-b600-934f1f36a677.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8a:4c:6c:ad:28:69:df:cf:45:e2:7a:65:aa:55:78:ce:33:24:
         7a:d1:26:04:83:95:f9:4a:79:c2:29:b5:e7:55:4f:bc:43:fa:
         67:51:21:cc:a9:07:f0:29:99:47:42:8f:5b:f6:98:17:55:9e:
         53:6d:72:bd:89:fd:67:21:fc:9c:49:38:6f:43:06:f4:8b:3a:
         a8:16:d1:8c:21:ef:8a:e4:0e:70:aa:05:d5:c5:0e:d8:10:71:
         78:f6:9b:41:17:d9:44:23:96:00:f7:3a:2d:38:3c:c5:12:3f:
         27:86:89:32:c5:e7:20:56:74:5a:2b:13:a4:01:93:6d:30:46:
         56:55:48:c7:95:df:29:08:32:aa:e0:06:a1:8c:e0:8a:76:4a:
         9a:f5:4b:43:fb:a8:27:2e:12:90:01:38:ef:af:30:3f:73:bb:
         ef:90:81:ca:b4:6f:83:3f:70:a2:7b:cc:6a:3e:d4:cf:e1:25:
         2a:fd:d4:c0:55:a2:8d:e5:5f:8d:f4:aa:b6:f8:46:56:7b:07:
         27:2f:05:62:7f:d2:ef:01:15:f8:e5:89:10:f2:76:9b:21:76:
         4e:26:44:be:02:fa:c1:5b:78:be:65:c9:c3:ed:e0:94:c9:4c:
         3c:38:b2:a0:7f:b8:c0:db:d4:ff:f4:42:a1:36:91:7a:0f:82:
         ef:99:4c:85
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUV82PF0N+odGcmp04PoSZMz99JuEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzODRkOTUxNDI4OTZkOTVhNDRiNjU1ZjRmMmU1ZTU4OTY3
NGYwODIxYTQxODc3NmEwYTRiZTJmOGQwZjk4MjgyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2hGqurxSlvNQxEZLnATLuitXaOp8B/jp6c+bafR0WUzV2
9Yvho1qUM4XTxKZfrOmpc5yBbdd6w/0Dvb1jsojZCO7mWoLFfftT24TB86oYxWvb
LB3oDgX/Dre4ghCnzli7qmbSI47jNr2rec0N6nqLGpatdpqgpnGWNGQs22IMengB
W9Uw2ukxFKdDiIVHD/kv7MkZSbLygn36hbgOPVU/luMZOQD8kuQF0cqlttX0Esdr
LsjDL/6S7NxCS20c0RdKYCxzGEwDrkyxQZzWa4dvh+pNdviDLNC1J6nt2to+BpJZ
MP1voC/+VncT3hBCLOoIfEX9PYBcsA+bFtv6bV15AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdilLdPi+tX/7pSVxAEJ0ZpaxxH8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0Y2QxNWZhLTgxZWUtNDk3Ni1iNjAwLTkzNGYxZjM2YTY3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCUSTANBgkqhkiG9w0BAQsFAAOCAQEAikxsrShp389F4nplqlV4zjMketEm
BIOV+Up5wim151VPvEP6Z1EhzKkH8CmZR0KPW/aYF1WeU21yvYn9ZyH8nEk4b0MG
9Is6qBbRjCHviuQOcKoF1cUO2BBxePabQRfZRCOWAPc6LTg8xRI/J4aJMsXnIFZ0
WisTpAGTbTBGVlVIx5XfKQgyquAGoYzginZKmvVLQ/uoJy4SkAE4768wP3O775CB
yrRvgz9wonvMaj7Uz+ElKv3UwFWijeVfjfSqtvhGVnsHJy8FYn/S7wEV+OWJEPJ2
myF2TiZEvgL6wVt4vmXJw+3glMlMPDiyoH+4wNvU//RCoTaReg+C75lMhQ==
-----END CERTIFICATE-----