Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de215d32-3cf7-4146-b264-f996ff25bcd8.roa
File:                     de215d32-3cf7-4146-b264-f996ff25bcd8.roa (raw, json)
Hash identifier:          jUSrRk++yoUOJJJF4TXCd8UIZkiA0ZFi304O/NIcd/c=
Subject key identifier:   91:65:26:FD:01:FC:30:12:E5:B9:31:E3:3D:16:2D:3A:9F:AE:FD:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7D9C91502FD054D4DF07DA6A4FB3CA3464C65CAA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de215d32-3cf7-4146-b264-f996ff25bcd8.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        93.79.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:9c:91:50:2f:d0:54:d4:df:07:da:6a:4f:b3:ca:34:64:c6:5c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:44:87:44:40:42:37:b3:d4:c0:39:eb:83:a4:
                    09:ae:58:d1:17:cd:c2:d7:c6:1e:c4:ac:ad:34:96:
                    c9:7f:fd:a3:18:a2:5f:f8:21:19:79:40:d8:dd:8d:
                    0b:04:32:2e:f3:dd:1a:59:bc:a7:75:8f:f2:52:75:
                    61:73:b2:2d:ce:9d:fe:ae:a4:1d:63:ab:00:75:f4:
                    b4:d9:37:3c:8f:77:81:93:ec:20:4d:de:24:fa:64:
                    b4:35:e9:98:86:b3:28:cb:83:be:13:cc:58:a9:eb:
                    c6:36:11:f8:ef:16:32:cf:47:b7:bd:81:94:a8:f7:
                    41:3d:1b:37:9e:73:37:ea:38:87:61:39:0b:bf:94:
                    ec:0c:50:81:ac:19:df:81:91:07:75:95:e1:63:70:
                    34:2a:ab:19:b1:e9:7f:98:ce:00:c4:2f:ca:5b:65:
                    81:d9:8e:6c:91:34:35:df:fd:b9:6b:e1:1f:c8:04:
                    47:c8:8f:97:74:3e:da:36:e9:23:56:bc:db:40:2a:
                    4d:0d:6f:a0:e6:c4:ca:73:1d:17:00:9d:62:04:14:
                    e7:2f:e3:30:f4:e3:47:96:be:14:4c:8d:1b:a5:e6:
                    da:0e:d9:ee:82:31:4b:b4:ce:48:71:17:11:91:bd:
                    37:66:22:a3:7b:ad:7e:f3:83:22:6a:15:66:8c:15:
                    43:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:65:26:FD:01:FC:30:12:E5:B9:31:E3:3D:16:2D:3A:9F:AE:FD:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de215d32-3cf7-4146-b264-f996ff25bcd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.79.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         18:0c:50:5f:7b:57:37:b3:bb:c8:5d:d4:9a:4e:de:14:3e:a6:
         a1:d9:2d:a0:33:02:8d:36:41:47:60:7d:03:92:c3:c4:3a:4d:
         e8:eb:a0:ba:3a:7e:a5:61:33:13:4c:25:2a:03:bc:86:8b:bc:
         52:4a:02:e6:dd:ff:06:fb:b2:57:5c:32:8f:66:cc:2b:f4:81:
         30:38:95:48:ad:f7:3e:ce:b3:bb:66:67:7c:14:b8:71:69:fa:
         20:f9:0f:a0:51:d3:af:c4:57:91:68:fe:3e:22:a3:29:36:04:
         b3:29:da:c4:d2:3d:15:59:9c:ac:d6:8d:50:1b:6a:20:fe:45:
         c5:bb:53:fc:b4:2e:ea:46:a0:c2:cb:f7:b1:f6:86:7b:5a:1e:
         b8:4f:92:a1:11:b4:63:fb:c9:0c:fb:fa:79:31:c4:48:15:25:
         7d:8c:65:3a:f2:fd:bd:94:e1:05:fb:d7:f8:d5:80:26:84:d8:
         02:46:8a:ca:20:28:91:fb:20:34:2f:ef:71:9f:d0:cd:e5:94:
         08:99:17:0a:56:a0:7f:4e:64:23:ae:de:03:eb:8c:8c:62:ca:
         ee:62:37:be:8b:8e:a7:52:21:74:e1:01:e0:32:57:7e:5e:17:
         7c:5b:80:6a:7e:c8:57:be:7b:a0:63:5f:0a:ea:9a:c9:58:1a:
         10:ba:dd:f7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfZyRUC/QVNTfB9pqT7PKNGTGXKowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjFhNGJjMThkZGRkYWI2NDVjMWVhM2Y1MzVmMjU5ZGQ1
MzkwNGVhODBhOTdkYTQ0MDIwYmNiNmJjM2Y4MzQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnRIdEQEI3s9TAOeuDpAmuWNEXzcLXxh7ErK00lsl//aMY
ol/4IRl5QNjdjQsEMi7z3RpZvKd1j/JSdWFzsi3Onf6upB1jqwB19LTZNzyPd4GT
7CBN3iT6ZLQ16ZiGsyjLg74TzFip68Y2EfjvFjLPR7e9gZSo90E9GzeeczfqOIdh
OQu/lOwMUIGsGd+BkQd1leFjcDQqqxmx6X+YzgDEL8pbZYHZjmyRNDXf/blr4R/I
BEfIj5d0Pto26SNWvNtAKk0Nb6DmxMpzHRcAnWIEFOcv4zD040eWvhRMjRul5toO
2e6CMUu0zkhxFxGRvTdmIqN7rX7zgyJqFWaMFUP7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUkWUm/QH8MBLluTHjPRYtOp+u/eUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlMjE1ZDMyLTNjZjctNDE0Ni1iMjY0LWY5OTZmZjI1YmNkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAddT4AwDQYJKoZIhvcNAQELBQADggEBABgMUF97Vzezu8hd1JpO3hQ+pqHZ
LaAzAo02QUdgfQOSw8Q6TejroLo6fqVhMxNMJSoDvIaLvFJKAubd/wb7sldcMo9m
zCv0gTA4lUit9z7Os7tmZ3wUuHFp+iD5D6BR06/EV5Fo/j4ioyk2BLMp2sTSPRVZ
nKzWjVAbaiD+RcW7U/y0LupGoMLL97H2hntaHrhPkqERtGP7yQz7+nkxxEgVJX2M
ZTry/b2U4QX71/jVgCaE2AJGisogKJH7IDQv73Gf0M3llAiZFwpWoH9OZCOu3gPr
jIxiyu5iN76LjqdSIXThAeAyV35eF3xbgGp+yFe+e6BjXwrqmslYGhC63fc=
-----END CERTIFICATE-----