Route Origin Authorization

$ rpki-client -vvf rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/6ea4077d-c1f0-46d2-b575-7da368923370/dd04a277-8dfb-3ba3-b328-d27e3c767c03.roa
File:                     dd04a277-8dfb-3ba3-b328-d27e3c767c03.roa (raw, json)
Hash identifier:          /ZvLY9sgYCVAs/YWsir5IJt++5SDWphDtlCm8ZYB3Go=
Subject key identifier:   CA:30:7D:92:D8:8F:4A:05:B1:FC:AF:35:34:C7:51:96:C4:40:BF:1C
Certificate issuer:       /CN=6ea4077d-c1f0-46d2-b575-7da368923370
Certificate serial:       010D0C9F432858435B7C5FB3F30DCEA61713F880
Authority key identifier: 69:ED:46:13:6B:C9:9E:A9:F8:F1:2E:36:8C:B6:D8:0C:F1:AA:52:2B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/6ea4077d-c1f0-46d2-b575-7da368923370.cer
Subject info access:      rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/6ea4077d-c1f0-46d2-b575-7da368923370/dd04a277-8dfb-3ba3-b328-d27e3c767c03.roa
Signing time:             Wed 27 Sep 2023 02:41:21 +0000
ROA not before:           Wed 27 Sep 2023 02:41:21 +0000
ROA not after:            Tue 26 Dec 2023 03:41:21 +0000
asID:                     397427
IP address blocks:        23.145.224.0/24 maxlen: 24
                          23.145.225.0/24 maxlen: 24
                          142.202.206.0/23 maxlen: 23
                          66.245.160.0/22 maxlen: 22
                          2602:fe4c::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:0d:0c:9f:43:28:58:43:5b:7c:5f:b3:f3:0d:ce:a6:17:13:f8:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ea4077d-c1f0-46d2-b575-7da368923370
        Validity
            Not Before: Sep 27 02:41:21 2023 GMT
            Not After : Dec 26 03:41:21 2023 GMT
        Subject: CN=82bf9bf2-babd-4985-bcf2-2a8ccdb967d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4c:e2:77:cf:19:91:62:bd:06:d2:e5:d9:02:
                    9a:14:8b:e8:c9:f5:f0:67:bc:5d:7f:e5:a9:b1:24:
                    eb:68:87:f0:c1:3c:55:0d:73:6e:d0:43:26:95:bf:
                    e1:a6:79:b0:d6:9e:52:67:c0:55:36:97:94:9c:fb:
                    69:6d:15:2b:a5:5e:2d:d3:6d:c2:70:a4:09:f3:e4:
                    11:20:1d:52:95:40:00:54:4a:52:46:8a:2d:1a:09:
                    f7:c2:34:ca:1b:4d:4c:55:07:d7:2c:e5:aa:b1:b1:
                    5d:3b:50:1f:9a:2b:50:f8:5b:66:db:9a:78:d8:e0:
                    90:0a:52:c9:99:02:fa:5b:a6:93:57:3c:88:4e:92:
                    0a:2b:39:fe:4b:fb:d5:37:ef:ea:48:93:04:93:6c:
                    27:4a:3f:9a:69:51:ac:88:82:f6:fe:c2:00:2e:83:
                    24:e1:33:19:14:ea:0c:c7:a5:76:7c:e3:80:30:a8:
                    ef:61:e3:33:7d:5f:60:a9:3b:05:cd:9d:9c:76:ef:
                    78:ab:be:bb:41:f9:f4:47:83:34:77:c6:4e:24:03:
                    17:d2:54:2e:18:f2:c0:89:b2:6d:fb:11:a9:d4:34:
                    84:0f:93:3d:4c:93:b0:cd:65:f5:70:60:77:71:c1:
                    6c:bd:ed:a7:1b:26:f1:1e:08:8d:ba:95:1c:d6:b3:
                    2b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:30:7D:92:D8:8F:4A:05:B1:FC:AF:35:34:C7:51:96:C4:40:BF:1C
            Subject Information Access:
                Signed Object - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/6ea4077d-c1f0-46d2-b575-7da368923370/dd04a277-8dfb-3ba3-b328-d27e3c767c03.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/6ea4077d-c1f0-46d2-b575-7da368923370/6ea4077d-c1f0-46d2-b575-7da368923370.crl

            X509v3 Authority Key Identifier:
                keyid:69:ED:46:13:6B:C9:9E:A9:F8:F1:2E:36:8C:B6:D8:0C:F1:AA:52:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/a73420cb-b3cc-4b03-bda7-1be204933ae5/6ea4077d-c1f0-46d2-b575-7da368923370.cer

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.145.224.0/23
                  66.245.160.0/22
                  142.202.206.0/23
                IPv6:
                  2602:fe4c::/32

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.arin.net/resources/rpki/cps.html

    Signature Algorithm: sha256WithRSAEncryption
         02:ee:65:1d:63:84:67:1b:53:97:92:c9:42:4e:b3:86:4f:70:
         98:26:91:da:e0:4b:4b:ae:da:e3:28:35:4c:6c:8f:5d:ed:01:
         96:c7:57:77:20:d8:51:d9:8d:31:7b:05:47:a0:d1:c4:f9:4d:
         d1:d0:1b:06:fe:03:32:82:ab:3b:b0:5c:db:d6:e1:1d:5c:1f:
         f4:b3:d8:60:14:91:20:09:8b:e9:2a:78:e7:bb:b7:b0:3a:05:
         51:c3:d5:4a:9b:6f:79:62:55:c2:b6:4b:9d:0a:43:e5:96:fe:
         83:40:a2:a4:3c:ce:86:8e:09:ef:d4:ae:f7:41:5f:0a:b4:82:
         39:18:52:95:d5:a4:be:c7:a3:21:7d:f5:9d:da:fc:c3:9f:0e:
         bf:43:1f:7f:30:b1:29:28:93:62:60:50:65:cd:58:c7:42:62:
         84:2b:8d:b7:16:c5:4d:24:24:83:5d:f1:d6:26:98:01:de:10:
         42:b0:f2:23:6a:3a:01:f8:5d:32:b2:0f:71:54:c4:62:71:c1:
         8c:c6:35:cc:70:0a:5f:57:5e:ae:bf:76:c1:25:ec:ee:b8:2f:
         9b:e2:63:26:49:ea:6f:01:2b:33:4f:3b:51:bf:50:54:58:6a:
         6b:34:a1:d9:ce:76:ec:48:c0:76:9b:ea:b6:12:03:5d:a0:54:
         45:bf:a0:b1
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgIUAQ0Mn0MoWENbfF+z8w3OphcT+IAwDQYJKoZIhvcNAQEL
BQAwLzEtMCsGA1UEAxMkNmVhNDA3N2QtYzFmMC00NmQyLWI1NzUtN2RhMzY4OTIz
MzcwMB4XDTIzMDkyNzAyNDEyMVoXDTIzMTIyNjAzNDEyMVowLzEtMCsGA1UEAxMk
ODJiZjliZjItYmFiZC00OTg1LWJjZjItMmE4Y2NkYjk2N2Q4MIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUzid88ZkWK9BtLl2QKaFIvoyfXwZ7xdf+Wp
sSTraIfwwTxVDXNu0EMmlb/hpnmw1p5SZ8BVNpeUnPtpbRUrpV4t023CcKQJ8+QR
IB1SlUAAVEpSRootGgn3wjTKG01MVQfXLOWqsbFdO1AfmitQ+Ftm25p42OCQClLJ
mQL6W6aTVzyITpIKKzn+S/vVN+/qSJMEk2wnSj+aaVGsiIL2/sIALoMk4TMZFOoM
x6V2fOOAMKjvYeMzfV9gqTsFzZ2cdu94q767Qfn0R4M0d8ZOJAMX0lQuGPLAibJt
+xGp1DSED5M9TJOwzWX1cGB3ccFsve2nGybxHgiNupUc1rMrjQIDAQABo4IDcDCC
A2wwHQYDVR0OBBYEFMowfZLYj0oFsfyvNTTHUZbEQL8cMIHlBggrBgEFBQcBCwSB
2DCB1TCB0gYIKwYBBQUHMAuGgcVyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3Np
dG9yeS9hcmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRh
MjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIwMy1iZGE3LTFiZTIwNDkzM2FlNS82ZWE0
MDc3ZC1jMWYwLTQ2ZDItYjU3NS03ZGEzNjg5MjMzNzAvZGQwNGEyNzctOGRmYi0z
YmEzLWIzMjgtZDI3ZTNjNzY3YzAzLnJvYTCB3AYDVR0fBIHUMIHRMIHOoIHLoIHI
hoHFcnN5bmM6Ly9ycGtpLmFyaW4ubmV0L3JlcG9zaXRvcnkvYXJpbi1ycGtpLXRh
LzVlNGEyM2VhLWU4MGEtNDAzZS1iMDhjLTIxNzFkYTIxNTdkMy9hNzM0MjBjYi1i
M2NjLTRiMDMtYmRhNy0xYmUyMDQ5MzNhZTUvNmVhNDA3N2QtYzFmMC00NmQyLWI1
NzUtN2RhMzY4OTIzMzcwLzZlYTQwNzdkLWMxZjAtNDZkMi1iNTc1LTdkYTM2ODky
MzM3MC5jcmwwHwYDVR0jBBgwFoAUae1GE2vJnqn48S42jLbYDPGqUiswDgYDVR0P
AQH/BAQDAgeAMIHABggrBgEFBQcBAQSBszCBsDCBrQYIKwYBBQUHMAKGgaByc3lu
YzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0YTIz
ZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzL2E3MzQyMGNiLWIzY2MtNGIw
My1iZGE3LTFiZTIwNDkzM2FlNS82ZWE0MDc3ZC1jMWYwLTQ2ZDItYjU3NS03ZGEz
Njg5MjMzNzAuY2VyMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBF5HgAwQC
QvWgAwQBjsrOMA0EAgACMAcDBQAmAv5MMFQGA1UdIAEB/wRKMEgwRgYIKwYBBQUH
DgIwOjA4BggrBgEFBQcCARYsaHR0cHM6Ly93d3cuYXJpbi5uZXQvcmVzb3VyY2Vz
L3Jwa2kvY3BzLmh0bWwwDQYJKoZIhvcNAQELBQADggEBAALuZR1jhGcbU5eSyUJO
s4ZPcJgmkdrgS0uu2uMoNUxsj13tAZbHV3cg2FHZjTF7BUeg0cT5TdHQGwb+AzKC
qzuwXNvW4R1cH/Sz2GAUkSAJi+kqeOe7t7A6BVHD1Uqbb3liVcK2S50KQ+WW/oNA
oqQ8zoaOCe/UrvdBXwq0gjkYUpXVpL7HoyF99Z3a/MOfDr9DH38wsSkok2JgUGXN
WMdCYoQrjbcWxU0kJINd8dYmmAHeEEKw8iNqOgH4XTKyD3FUxGJxwYzGNcxwCl9X
Xq6/dsEl7O64L5viYyZJ6m8BKzNPO1G/UFRYams0odnOduxIwHab6rYSA12gVEW/
oLE=
-----END CERTIFICATE-----