Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/5b71e83d-2828-4f34-ba3e-648d01ef173a/aa7086fc-c3e5-33f5-9ced-8bd134d7527f.roa
File:                     aa7086fc-c3e5-33f5-9ced-8bd134d7527f.roa (raw, json)
Hash identifier:          80ztg3MN43R0ARqrzw3aBUh+whnqkkxwiHfVW2O/E+0=
Subject key identifier:   C3:E9:7D:6A:1C:6C:1D:99:8B:21:64:14:3A:6E:57:17:50:34:69:68
Certificate issuer:       /CN=5b71e83d-2828-4f34-ba3e-648d01ef173a
Certificate serial:       010D0C9F43285843DA8437138236E94087F4C480
Authority key identifier: 0A:B2:B2:C1:81:24:D9:53:89:B1:0C:7A:4C:20:C6:28:78:53:BF:9E
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/5b71e83d-2828-4f34-ba3e-648d01ef173a.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/5b71e83d-2828-4f34-ba3e-648d01ef173a/aa7086fc-c3e5-33f5-9ced-8bd134d7527f.roa
Signing time:             Sat 11 Nov 2023 14:44:49 +0000
ROA not before:           Sat 11 Nov 2023 14:44:49 +0000
ROA not after:            Fri 09 Feb 2024 14:44:49 +0000
asID:                     21221
IP address blocks:        64.64.127.0/24 maxlen: 24
                          173.239.221.0/24 maxlen: 24
                          98.159.47.0/24 maxlen: 24
                          98.159.225.0/24 maxlen: 24
                          173.244.41.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:da:84:37:13:82:36:e9:40:87:f4:c4:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b71e83d-2828-4f34-ba3e-648d01ef173a
        Validity
            Not Before: Nov 11 14:44:49 2023 GMT
            Not After : Feb  9 14:44:49 2024 GMT
        Subject: CN=f0516aa4-7f59-44d2-864d-6809d759c514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:33:27:80:f5:04:29:e8:82:24:d0:64:b0:b1:
                    6c:e8:21:1b:00:e8:f2:89:70:ec:28:04:45:d9:09:
                    2a:ec:d8:0a:42:20:14:a4:7d:1a:73:d4:7f:6a:91:
                    b8:4c:26:c7:b4:b1:9b:76:9f:ae:d4:f2:5e:85:7f:
                    7e:23:06:43:5b:9b:53:b0:88:e1:66:be:e4:98:27:
                    ac:fe:5c:af:86:53:1e:5a:f1:d0:fc:64:cf:8e:47:
                    0b:6f:2b:5c:a5:d3:5a:4a:5b:3c:58:7b:39:de:88:
                    cf:56:a0:fe:77:0b:d1:ab:7f:a8:ef:f8:ab:86:52:
                    c1:b1:40:a0:08:b7:1e:d2:15:7f:e4:99:ce:6e:60:
                    9d:3b:d7:78:9f:13:52:c9:52:e0:72:80:dd:bd:13:
                    3f:24:1b:96:81:65:9f:b8:09:be:88:04:53:4d:49:
                    dc:bc:5f:7f:49:e1:59:49:4f:f7:a1:29:f7:eb:13:
                    97:01:8b:b6:2d:3e:02:6b:05:7a:32:8e:1c:7f:d4:
                    55:53:7b:6a:2f:5b:de:e8:0f:2d:d5:c9:43:33:dd:
                    10:57:95:c0:ad:bc:37:b7:0a:8c:de:9f:07:78:c0:
                    85:0f:f2:2d:81:17:7d:46:1c:21:fe:28:d9:6a:1d:
                    48:0b:b9:32:27:e7:f4:78:25:38:f1:01:fc:c9:85:
                    b3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:E9:7D:6A:1C:6C:1D:99:8B:21:64:14:3A:6E:57:17:50:34:69:68
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/5b71e83d-2828-4f34-ba3e-648d01ef173a/aa7086fc-c3e5-33f5-9ced-8bd134d7527f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/5b71e83d-2828-4f34-ba3e-648d01ef173a/5b71e83d-2828-4f34-ba3e-648d01ef173a.crl

            X509v3 Authority Key Identifier:
                keyid:0A:B2:B2:C1:81:24:D9:53:89:B1:0C:7A:4C:20:C6:28:78:53:BF:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/5b71e83d-2828-4f34-ba3e-648d01ef173a.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.64.127.0/24
                  98.159.47.0/24
                  98.159.225.0/24
                  173.239.221.0/24
                  173.244.41.0/24

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         cb:aa:5c:d8:f9:bf:cd:78:67:ab:20:aa:75:45:77:6b:00:51:
         49:97:0a:91:9d:ad:96:3f:2c:9b:2c:ca:0d:bf:64:9a:41:2c:
         6b:a7:79:4c:63:f1:d6:96:b3:0f:63:62:8c:c1:aa:4c:3f:30:
         dd:67:87:af:31:f5:5f:7e:4b:0e:4b:ca:40:d4:41:44:b7:34:
         82:e7:0c:1b:79:4d:8a:cc:21:53:d1:7a:1c:f6:27:ed:04:9d:
         00:af:5e:7d:bd:25:ee:ee:b8:90:42:18:cf:e5:03:35:ca:8a:
         00:6f:ad:e7:c6:48:43:cc:8f:d2:0a:29:48:d5:a9:e7:26:ba:
         f3:8c:73:a9:13:61:ab:a6:dc:7b:14:d4:e0:40:1b:49:33:f7:
         8b:a1:53:53:f4:2a:27:c8:f8:26:e6:05:a5:19:80:a1:65:32:
         68:80:0b:25:85:16:86:6e:ae:a4:71:90:e4:66:59:51:71:9a:
         74:12:bf:c2:ec:f4:bf:1f:23:7c:5e:19:72:52:bd:e6:60:7a:
         c8:a4:07:d9:e2:c8:40:cc:bd:58:3c:ec:a0:9c:ac:ce:ca:2a:
         c6:16:44:56:7a:44:9c:5b:d8:b4:b3:a6:39:5d:fa:7e:37:7a:
         ca:db:2b:1f:7f:b4:40:ef:17:14:8f:fe:98:40:ad:5d:a5:7a:
         55:3f:d0:63
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIUAQ0Mn0MoWEPahDcTgjbpQIf0xIAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNWI3MWU4M2QtMjgyOC00ZjM0LWJhM2UtNjQ4ZDAxZWYx
NzNhMB4XDTIzMTExMTE0NDQ0OVoXDTI0MDIwOTE0NDQ0OVowLzEtMCsGA1UEAxMk
ZjA1MTZhYTQtN2Y1OS00NGQyLTg2NGQtNjgwOWQ3NTljNTE0MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjMngPUEKeiCJNBksLFs6CEbAOjyiXDsKARF
2Qkq7NgKQiAUpH0ac9R/apG4TCbHtLGbdp+u1PJehX9+IwZDW5tTsIjhZr7kmCes
/lyvhlMeWvHQ/GTPjkcLbytcpdNaSls8WHs53ojPVqD+dwvRq3+o7/irhlLBsUCg
CLce0hV/5JnObmCdO9d4nxNSyVLgcoDdvRM/JBuWgWWfuAm+iARTTUncvF9/SeFZ
SU/3oSn36xOXAYu2LT4CawV6Mo4cf9RVU3tqL1ve6A8t1clDM90QV5XArbw3twqM
3p8HeMCFD/ItgRd9Rhwh/ijZah1IC7kyJ+f0eCU48QH8yYWzUQIDAQABo4IDbTCC
A2kwHQYDVR0OBBYEFMPpfWocbB2ZiyFkFDpuVxdQNGloMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi81Yjcx
ZTgzZC0yODI4LTRmMzQtYmEzZS02NDhkMDFlZjE3M2EvYWE3MDg2ZmMtYzNlNS0z
M2Y1LTljZWQtOGJkMTM0ZDc1MjdmLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy8yYTI0Njk0Ny0y
ZDYyLTRhNmMtYmEwNS04NzE4N2YwMDk5YjIvNWI3MWU4M2QtMjgyOC00ZjM0LWJh
M2UtNjQ4ZDAxZWYxNzNhLzViNzFlODNkLTI4MjgtNGYzNC1iYTNlLTY0OGQwMWVm
MTczYS5jcmwwHwYDVR0jBBgwFoAUCrKywYEk2VOJsQx6TCDGKHhTv54wDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzJhMjQ2OTQ3LTJkNjItNGE2
Yy1iYTA1LTg3MTg3ZjAwOTliMi81YjcxZTgzZC0yODI4LTRmMzQtYmEzZS02NDhk
MDFlZjE3M2EuY2VyMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAQEB/AwQA
Yp8vAwQAYp/hAwQAre/dAwQArfQpMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUHDgIw
OjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2VzL3Jw
a2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAMuqXNj5v814Z6sgqnVFd2sA
UUmXCpGdrZY/LJssyg2/ZJpBLGuneUxj8daWsw9jYozBqkw/MN1nh68x9V9+Sw5L
ykDUQUS3NILnDBt5TYrMIVPRehz2J+0EnQCvXn29Je7uuJBCGM/lAzXKigBvrefG
SEPMj9IKKUjVqecmuvOMc6kTYaum3HsU1OBAG0kz94uhU1P0KifI+CbmBaUZgKFl
MmiACyWFFoZurqRxkORmWVFxmnQSv8Ls9L8fI3xeGXJSveZgesikB9niyEDMvVg8
7KCcrM7KKsYWRFZ6RJxb2LSzpjld+n43esrbKx9/tEDvFxSP/phArV2lelU/0GM=
-----END CERTIFICATE-----