Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c416af2b-ba98-4a16-8089-6f9fa9a25132.roa
File:                     c416af2b-ba98-4a16-8089-6f9fa9a25132.roa (raw, json)
Hash identifier:          36e5Rns++fF7/RMYa9oTAvd8p0yG9ALcDKhRgUe7sm8=
Subject key identifier:   E4:43:AA:49:EE:B1:92:B9:12:77:3C:67:76:7B:21:25:3A:5D:BF:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3909D4CC604ECFD9441CEDC48382DA88306B8727
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c416af2b-ba98-4a16-8089-6f9fa9a25132.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        93.77.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:09:d4:cc:60:4e:cf:d9:44:1c:ed:c4:83:82:da:88:30:6b:87:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=dba2fc60a2ec2b202284858056245360c00297561368269677ee499bf9749825, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a6:ac:ac:66:fb:db:3a:bd:2b:c7:7d:5b:98:
                    43:3a:b5:56:0a:4c:c6:24:a7:a6:2d:27:74:2c:66:
                    9e:40:63:d2:5b:fd:d5:db:96:c7:62:7d:0f:b5:f7:
                    45:33:48:60:98:bd:34:e6:f9:b5:fa:87:f1:85:e7:
                    25:cb:4b:0c:21:06:13:94:b8:cb:9b:ed:5d:c1:eb:
                    26:9c:e0:19:91:cc:95:7a:4e:3a:5e:da:ab:5f:5b:
                    b7:8d:26:a4:fa:fb:0a:b4:55:13:13:2a:a8:08:31:
                    da:b1:b1:b9:fd:16:a8:de:c4:bb:62:b1:93:09:f8:
                    72:4e:0a:1a:93:b3:4a:4b:7f:89:a4:81:14:a9:fb:
                    d0:cb:34:7c:3c:62:6e:6f:ea:16:47:da:b8:c4:0e:
                    51:1d:2e:a0:16:02:8f:c4:05:29:6e:e6:c2:ae:6a:
                    2b:8b:6d:0f:88:ce:1d:e3:06:69:66:5f:a5:bd:05:
                    2e:ca:20:a7:4f:73:07:12:a2:ac:a6:ac:6d:e2:bb:
                    c1:6b:9e:d3:11:49:55:9f:f5:5b:40:30:e2:76:05:
                    71:03:5f:db:0a:5e:93:b3:ad:b6:f5:32:f6:de:4f:
                    26:0d:68:16:73:c4:7d:4f:0b:15:13:3c:54:bf:6a:
                    26:ab:97:dd:66:10:b1:f6:2a:82:ff:25:d4:f4:14:
                    f2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:43:AA:49:EE:B1:92:B9:12:77:3C:67:76:7B:21:25:3A:5D:BF:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c416af2b-ba98-4a16-8089-6f9fa9a25132.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.77.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         37:23:61:23:1d:8c:2b:17:fa:4b:64:d9:0d:87:08:a4:be:83:
         82:10:12:c8:08:c6:ee:53:83:4b:9a:31:5f:dd:4c:3f:6a:63:
         03:31:34:7d:7c:e7:68:63:84:e9:ed:04:45:50:71:e6:b4:76:
         df:84:ae:2a:70:c5:3a:37:81:a9:09:bf:7d:3e:e1:b6:a1:ed:
         9a:b4:05:66:8a:54:b5:e9:0d:1d:11:c1:ca:9d:a1:c1:72:5b:
         99:e5:e9:0a:06:8d:15:6d:98:d2:40:a3:3e:58:fd:25:51:73:
         e0:c0:51:b0:69:1c:61:29:cf:e9:fb:a3:a5:b9:ab:42:0d:23:
         bb:19:98:8d:4d:48:ec:c1:58:2d:14:18:56:a9:a6:ec:b6:89:
         43:34:17:c5:c4:c3:e4:1d:38:a5:f3:ce:ac:64:9e:24:a5:78:
         e6:3e:01:5d:14:af:49:09:ff:b1:5f:7a:95:be:62:95:17:ea:
         91:8c:a2:41:96:80:20:9a:07:cd:c0:74:e1:e2:97:9a:9b:ed:
         fa:2f:92:20:d8:09:47:26:5c:bb:9b:49:4a:e7:a1:5f:c0:26:
         eb:55:b9:58:19:b8:47:58:11:29:a5:0d:d4:2f:0a:99:84:7f:
         c1:36:81:67:32:20:ac:6c:62:71:12:e0:b8:18:89:f3:dc:35:
         17:a5:63:46
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOQnUzGBOz9lEHO3Eg4LaiDBrhycwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYmEyZmM2MGEyZWMyYjIwMjI4NDg1ODA1NjI0NTM2MGMw
MDI5NzU2MTM2ODI2OTY3N2VlNDk5YmY5NzQ5ODI1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvpqysZvvbOr0rx31bmEM6tVYKTMYkp6YtJ3QsZp5AY9Jb
/dXblsdifQ+190UzSGCYvTTm+bX6h/GF5yXLSwwhBhOUuMub7V3B6yac4BmRzJV6
Tjpe2qtfW7eNJqT6+wq0VRMTKqgIMdqxsbn9FqjexLtisZMJ+HJOChqTs0pLf4mk
gRSp+9DLNHw8Ym5v6hZH2rjEDlEdLqAWAo/EBSlu5sKuaiuLbQ+Izh3jBmlmX6W9
BS7KIKdPcwcSoqymrG3iu8FrntMRSVWf9VtAMOJ2BXEDX9sKXpOzrbb1MvbeTyYN
aBZzxH1PCxUTPFS/aiarl91mELH2KoL/JdT0FPJXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5EOqSe6xkrkSdzxndnshJTpdv28wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M0MTZhZjJiLWJhOTgtNGExNi04MDg5LTZmOWZhOWEyNTEzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAddTQAwDQYJKoZIhvcNAQELBQADggEBADcjYSMdjCsX+ktk2Q2HCKS+g4IQ
EsgIxu5Tg0uaMV/dTD9qYwMxNH1852hjhOntBEVQcea0dt+EripwxTo3gakJv30+
4bah7Zq0BWaKVLXpDR0RwcqdocFyW5nl6QoGjRVtmNJAoz5Y/SVRc+DAUbBpHGEp
z+n7o6W5q0INI7sZmI1NSOzBWC0UGFappuy2iUM0F8XEw+QdOKXzzqxkniSleOY+
AV0Ur0kJ/7FfepW+YpUX6pGMokGWgCCaB83AdOHil5qb7fovkiDYCUcmXLubSUrn
oV/AJutVuVgZuEdYESmlDdQvCpmEf8E2gWcyIKxsYnES4LgYifPcNRelY0Y=
-----END CERTIFICATE-----