Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da8ed365-577c-4762-845a-c8539dcb95d5.roa
File:                     da8ed365-577c-4762-845a-c8539dcb95d5.roa (raw, json)
Hash identifier:          Bq87MEEOQRd3C4fHH9rxIVzhpTB+orup8U5SY/JaNsM=
Subject key identifier:   2C:F1:0A:0D:9D:76:61:C2:7C:01:01:C9:2C:FC:89:8A:E3:63:26:C3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       143C780CE657C24126A77BBC7BB83554991EEB65
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da8ed365-577c-4762-845a-c8539dcb95d5.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        77.123.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:3c:78:0c:e6:57:c2:41:26:a7:7b:bc:7b:b8:35:54:99:1e:eb:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ed:58:1f:13:6b:cd:ea:75:35:38:60:d9:04:
                    9c:5c:0c:ce:bb:18:1d:f7:01:b3:2c:32:0f:c0:6c:
                    cd:6c:31:f1:fd:aa:c4:b5:23:05:58:2b:e3:7a:ba:
                    ae:ae:0c:f3:b4:2e:c9:72:72:19:13:fe:22:85:75:
                    35:94:7e:53:96:03:c1:32:ed:a9:e7:c7:7f:e0:89:
                    68:9b:ca:4a:1b:c9:ea:c0:53:d6:0e:7a:f9:20:69:
                    c0:db:f7:27:72:6f:e7:39:63:76:29:1d:8f:dc:9a:
                    80:03:a2:d7:e5:bb:fb:ae:36:6f:63:65:a7:3a:71:
                    bb:2b:dc:bc:44:ee:02:b4:3e:69:05:78:bc:1c:63:
                    07:77:72:6c:5b:e9:da:d3:b5:89:85:0e:34:85:f5:
                    7d:a4:94:cc:53:b1:a8:42:33:37:54:55:39:d4:1e:
                    29:b8:09:46:1f:18:f6:5f:78:66:2b:ad:10:13:ad:
                    7b:e2:4e:3c:bf:c2:21:a6:7a:8c:ba:55:32:d3:14:
                    23:e8:aa:24:69:e3:8c:fe:a4:9e:fb:87:c4:f8:04:
                    d2:f1:71:3d:30:24:ff:b5:24:f1:f8:38:23:a2:1f:
                    2b:03:5c:93:46:6c:41:80:e3:5a:c5:38:9b:6b:0f:
                    02:9f:74:71:63:82:d4:62:ce:d9:fa:b7:65:d3:20:
                    71:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F1:0A:0D:9D:76:61:C2:7C:01:01:C9:2C:FC:89:8A:E3:63:26:C3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/da8ed365-577c-4762-845a-c8539dcb95d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.123.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         91:33:07:8a:ab:20:02:d4:17:15:34:ae:07:f2:69:c8:f4:14:
         0e:66:40:6d:21:3f:de:1b:9f:3a:3f:d7:63:96:be:a4:15:a7:
         03:77:ba:63:6b:07:b8:56:60:c0:7a:9a:2c:df:c7:f7:78:b6:
         61:1c:70:4b:d1:3a:86:f6:ea:b8:44:d1:1a:6d:21:24:d7:09:
         fb:4f:76:13:68:9c:95:93:af:f4:ea:68:49:05:e3:2e:e3:ce:
         71:0f:ff:2b:61:9c:72:fa:44:aa:47:ca:87:f1:e7:56:82:d4:
         a2:96:da:26:7e:cc:a4:1d:ea:57:93:c2:3a:e9:85:49:c3:42:
         7d:72:b7:b0:b7:42:72:a3:31:9d:f1:86:96:03:cc:66:ae:1c:
         3d:f1:1f:15:20:5c:ed:cf:f7:87:c4:eb:f3:a2:49:ef:cf:e3:
         a3:40:e6:d8:7f:bc:3a:a6:63:45:62:d5:7e:38:e1:9c:8d:25:
         41:72:f4:e2:b4:40:73:5e:b3:79:ea:17:d7:4c:ee:af:e7:2b:
         28:bb:4a:be:31:ae:30:c9:e6:79:93:cf:33:66:04:38:af:12:
         a6:e4:e7:85:6b:e3:66:6c:69:8e:a3:3d:3f:94:a6:4d:88:85:
         c1:02:84:78:08:e4:33:a6:8e:b4:9f:3d:85:f8:50:41:af:ec:
         bf:94:1c:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFDx4DOZXwkEmp3u8e7g1VJke62UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzhkYmU5MzBjYmJiMTczNGYwNjMyMmJhZDEyMzVkZTVi
YWI3ZmUzZGQ2YzRhMWYyMTg0NzBiNGU0YmNmYWJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC7VgfE2vN6nU1OGDZBJxcDM67GB33AbMsMg/AbM1sMfH9
qsS1IwVYK+N6uq6uDPO0LslychkT/iKFdTWUflOWA8Ey7annx3/giWibykobyerA
U9YOevkgacDb9ydyb+c5Y3YpHY/cmoADotflu/uuNm9jZac6cbsr3LxE7gK0PmkF
eLwcYwd3cmxb6drTtYmFDjSF9X2klMxTsahCMzdUVTnUHim4CUYfGPZfeGYrrRAT
rXviTjy/wiGmeoy6VTLTFCPoqiRp44z+pJ77h8T4BNLxcT0wJP+1JPH4OCOiHysD
XJNGbEGA41rFOJtrDwKfdHFjgtRiztn6t2XTIHFNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULPEKDZ12YcJ8AQHJLPyJiuNjJsMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhOGVkMzY1LTU3N2MtNDc2Mi04NDVhLWM4NTM5ZGNiOTVkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdNewAwDQYJKoZIhvcNAQELBQADggEBAJEzB4qrIALUFxU0rgfyacj0FA5m
QG0hP94bnzo/12OWvqQVpwN3umNrB7hWYMB6mizfx/d4tmEccEvROob26rhE0Rpt
ISTXCftPdhNonJWTr/TqaEkF4y7jznEP/ythnHL6RKpHyofx51aC1KKW2iZ+zKQd
6leTwjrphUnDQn1yt7C3QnKjMZ3xhpYDzGauHD3xHxUgXO3P94fE6/OiSe/P46NA
5th/vDqmY0Vi1X444ZyNJUFy9OK0QHNes3nqF9dM7q/nKyi7Sr4xrjDJ5nmTzzNm
BDivEqbk54Vr42ZsaY6jPT+Upk2IhcEChHgI5DOmjrSfPYX4UEGv7L+UHAE=
-----END CERTIFICATE-----