Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff38221d-2351-4a15-9031-39197749cbf2.roa
File:                     ff38221d-2351-4a15-9031-39197749cbf2.roa (raw, json)
Hash identifier:          nZ1PrANKQ4Kex7ytb8ecoUhHctT8TaFIIqaFuw2WAic=
Subject key identifier:   44:43:A9:ED:A5:32:7D:02:FC:CD:85:7F:8A:11:FB:9C:41:85:1A:B7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2AADB6E4B61B169E061E53F22F7645831186A4BC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff38221d-2351-4a15-9031-39197749cbf2.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        93.77.128.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:ad:b6:e4:b6:1b:16:9e:06:1e:53:f2:2f:76:45:83:11:86:a4:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=3c2820d4bb1d9db1bb22bbea900fbf31e2a99fe8a5d95773e97af0d31f2d4d2c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9e:d5:e7:bb:eb:29:c0:76:de:10:a4:fe:1c:
                    6e:5d:19:d7:27:5a:2d:c8:4e:40:84:e6:85:ee:57:
                    f5:12:cd:ce:2d:c9:bb:16:5c:92:ef:7a:92:f5:80:
                    65:93:87:1d:e0:e4:d0:01:d4:d3:0e:b6:86:87:63:
                    0e:7e:10:52:31:d4:be:0f:20:72:0a:73:c5:ce:a6:
                    72:2c:1b:62:cf:0a:51:c4:6d:8c:f8:d2:ea:f6:3a:
                    49:93:a0:c9:9d:2d:02:a6:12:96:b9:33:f4:3e:d9:
                    51:61:93:da:7f:e7:a1:cf:08:b9:e5:2b:f3:7b:6b:
                    ce:6f:ab:ef:46:eb:49:cf:14:d9:a7:02:40:fc:7f:
                    70:0f:3c:52:3d:5a:54:8e:ae:b6:28:1b:82:e2:23:
                    68:a9:89:30:cd:0d:fa:76:e6:65:69:10:2e:b8:7b:
                    29:8b:8c:61:4a:c3:be:47:5b:c9:a7:16:7c:64:29:
                    23:6d:43:fa:69:20:59:7f:23:b0:5a:af:12:81:bf:
                    9c:45:a0:6e:cd:bc:5d:15:6e:47:d8:a3:f9:c7:d1:
                    62:ae:35:14:7c:b3:ce:ca:2e:50:15:52:cc:bd:db:
                    40:0e:a3:b2:2f:08:c0:d2:8e:ee:e9:5a:b6:29:92:
                    c1:0b:31:ee:6e:bf:77:99:a8:4e:f2:20:b9:cd:88:
                    b7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:43:A9:ED:A5:32:7D:02:FC:CD:85:7F:8A:11:FB:9C:41:85:1A:B7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ff38221d-2351-4a15-9031-39197749cbf2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.77.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         81:09:77:19:9c:2c:f2:da:7d:df:0c:89:5d:4f:8b:eb:f1:19:
         ef:e1:e5:e2:b5:97:c2:ee:ee:bf:93:4e:de:52:81:72:04:c8:
         48:2b:0a:63:49:54:08:90:85:56:8f:c0:5f:a7:04:56:c4:1e:
         8a:f2:b8:e2:4e:e0:8b:da:44:05:ec:2f:40:ea:7d:47:0f:3b:
         b9:94:88:23:6a:21:f1:19:73:b8:e0:35:f8:ca:83:1b:c6:bf:
         d7:98:80:c1:55:18:4d:09:2c:73:f6:6f:9a:19:25:da:44:68:
         30:bf:40:bc:ad:9a:42:96:80:35:14:26:4e:4f:d8:88:a5:5a:
         13:ad:43:3f:63:e0:5b:5e:ff:4c:bd:35:0c:d0:1d:9b:e4:52:
         81:c8:34:cb:0f:ee:e0:a2:73:10:d2:09:4f:93:ee:c2:e1:f8:
         14:26:47:85:c8:a0:a6:bb:b9:c1:d8:1c:42:ec:56:2b:a0:f9:
         56:2c:ca:b5:9e:d3:fe:e8:3f:76:f7:65:47:61:36:b7:d3:e8:
         ac:be:00:1e:11:f1:77:a2:93:82:af:9e:35:7d:0b:0e:87:35:
         93:5f:1d:93:7a:41:3b:71:00:ee:46:77:76:e9:20:60:65:50:
         6d:6e:23:b4:63:77:03:0c:e3:7c:59:c4:82:e6:8f:ce:b5:0d:
         43:45:66:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKq225LYbFp4GHlPyL3ZFgxGGpLwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzYzI4MjBkNGJiMWQ5ZGIxYmIyMmJiZWE5MDBmYmYzMWUy
YTk5ZmU4YTVkOTU3NzNlOTdhZjBkMzFmMmQ0ZDJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4ntXnu+spwHbeEKT+HG5dGdcnWi3ITkCE5oXuV/USzc4t
ybsWXJLvepL1gGWThx3g5NAB1NMOtoaHYw5+EFIx1L4PIHIKc8XOpnIsG2LPClHE
bYz40ur2OkmToMmdLQKmEpa5M/Q+2VFhk9p/56HPCLnlK/N7a85vq+9G60nPFNmn
AkD8f3APPFI9WlSOrrYoG4LiI2ipiTDNDfp25mVpEC64eymLjGFKw75HW8mnFnxk
KSNtQ/ppIFl/I7BarxKBv5xFoG7NvF0VbkfYo/nH0WKuNRR8s87KLlAVUsy920AO
o7IvCMDSju7pWrYpksELMe5uv3eZqE7yILnNiLeBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUREOp7aUyfQL8zYV/ihH7nEGFGrcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ZmMzgyMjFkLTIzNTEtNGExNS05MDMxLTM5MTk3NzQ5Y2JmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAVdTYAwDQYJKoZIhvcNAQELBQADggEBAIEJdxmcLPLafd8MiV1Pi+vxGe/h
5eK1l8Lu7r+TTt5SgXIEyEgrCmNJVAiQhVaPwF+nBFbEHoryuOJO4IvaRAXsL0Dq
fUcPO7mUiCNqIfEZc7jgNfjKgxvGv9eYgMFVGE0JLHP2b5oZJdpEaDC/QLytmkKW
gDUUJk5P2IilWhOtQz9j4Fte/0y9NQzQHZvkUoHINMsP7uCicxDSCU+T7sLh+BQm
R4XIoKa7ucHYHELsViug+VYsyrWe0/7oP3b3ZUdhNrfT6Ky+AB4R8Xeik4KvnjV9
Cw6HNZNfHZN6QTtxAO5Gd3bpIGBlUG1uI7RjdwMM43xZxILmj861DUNFZqw=
-----END CERTIFICATE-----