Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27105f6b-3654-48b0-a7b3-6aa841954f21.roa
File:                     27105f6b-3654-48b0-a7b3-6aa841954f21.roa (raw, json)
Hash identifier:          xXLZ0hrPm2W70pjCfnjFpClRiEBU8v8V1a0JHFEzW44=
Subject key identifier:   32:FF:9B:A9:5B:A8:05:B4:7A:74:4A:B4:8E:59:4A:93:43:17:0F:1A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1AE54010CE8A29E8A4B70BAF0ECA9E206CF0D22B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27105f6b-3654-48b0-a7b3-6aa841954f21.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        93.76.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:e5:40:10:ce:8a:29:e8:a4:b7:0b:af:0e:ca:9e:20:6c:f0:d2:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=c6c144bd554c51669bdaba3746f894b2a5c389af0ba8c408229cbf01687edfb2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8a:90:29:10:c0:50:e7:fb:a5:11:95:a0:4a:
                    13:e2:d5:2f:9b:46:70:ab:71:8e:a1:6f:f4:75:1e:
                    aa:21:c1:7c:62:35:cf:92:31:3c:e3:78:28:bb:51:
                    15:06:68:6c:9c:76:a4:37:81:bd:1f:82:ce:5a:6b:
                    35:ac:75:28:4c:53:47:b3:23:01:ea:0c:13:38:16:
                    02:8e:2e:3f:fb:37:5a:45:a0:8f:cf:12:7c:67:f2:
                    31:f7:9f:f8:e2:1e:32:71:97:77:8c:dc:4a:39:91:
                    e1:37:e7:b5:2a:5a:f9:dc:e1:b7:de:0b:5e:f9:ee:
                    64:cb:54:aa:c7:f8:81:17:3a:36:a7:76:9e:9d:73:
                    38:58:0b:6a:07:85:40:36:71:94:f0:b5:d8:a8:69:
                    68:99:ed:56:d4:cb:ff:87:0a:7b:ad:5b:d7:18:6f:
                    2a:d1:32:c6:cc:d3:fd:63:b7:6d:be:49:24:ad:8d:
                    66:53:af:8f:aa:72:b7:45:b2:25:ce:51:78:fa:67:
                    64:ae:61:e0:1c:62:9f:92:f0:2a:f0:40:a6:ce:2e:
                    83:81:9a:eb:6e:85:74:62:c9:70:d4:eb:da:33:f2:
                    0f:ac:eb:7c:da:92:90:2a:8f:74:64:b9:88:6d:81:
                    6c:e0:27:d1:ce:a6:91:ea:f5:db:25:ba:96:73:1f:
                    08:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FF:9B:A9:5B:A8:05:B4:7A:74:4A:B4:8E:59:4A:93:43:17:0F:1A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27105f6b-3654-48b0-a7b3-6aa841954f21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.76.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         74:cc:d4:40:ea:9c:2e:39:3c:72:13:88:b2:8b:54:48:32:b0:
         1a:db:01:9f:f1:51:99:23:88:17:54:63:4f:1c:bf:80:de:42:
         59:f3:d4:6d:23:47:67:0d:3d:61:64:57:30:94:ec:c6:87:94:
         1a:c0:3c:fd:4f:e9:4f:f8:79:63:79:4d:3b:ab:d3:7a:14:34:
         1a:6c:55:f4:fa:ae:38:2c:63:ca:a0:c0:de:a3:29:f8:4f:98:
         11:1c:48:0c:55:a5:08:67:53:e3:bb:c3:7e:ac:79:d7:63:4c:
         65:3c:7c:c8:e2:a8:13:31:4b:75:ea:5f:c6:65:0a:93:ad:c4:
         ae:61:87:80:2f:0b:47:c5:55:1e:b2:0c:63:6a:c1:9a:8b:aa:
         8b:62:8e:03:5f:73:19:20:a0:40:25:ce:7d:dc:80:ef:f0:19:
         55:61:78:93:d9:21:ca:08:cd:38:a1:67:d1:f3:22:cd:d4:d5:
         62:41:10:9f:02:df:f7:a0:74:66:39:95:97:6d:83:37:4c:0f:
         a3:02:54:35:82:51:5b:ef:3a:7b:a2:f8:a8:ba:8b:5c:c1:ec:
         11:86:91:8d:b6:dd:53:8d:cc:ec:22:2b:b9:ff:fd:f0:52:fa:
         33:f4:66:50:ae:2d:90:70:f1:f5:d4:9f:5a:43:6f:fe:50:ab:
         d8:dd:e5:66
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGuVAEM6KKeiktwuvDsqeIGzw0iswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmMxNDRiZDU1NGM1MTY2OWJkYWJhMzc0NmY4OTRiMmE1
YzM4OWFmMGJhOGM0MDgyMjljYmYwMTY4N2VkZmIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCipApEMBQ5/ulEZWgShPi1S+bRnCrcY6hb/R1HqohwXxi
Nc+SMTzjeCi7URUGaGycdqQ3gb0fgs5aazWsdShMU0ezIwHqDBM4FgKOLj/7N1pF
oI/PEnxn8jH3n/jiHjJxl3eM3Eo5keE357UqWvnc4bfeC1757mTLVKrH+IEXOjan
dp6dczhYC2oHhUA2cZTwtdioaWiZ7VbUy/+HCnutW9cYbyrRMsbM0/1jt22+SSSt
jWZTr4+qcrdFsiXOUXj6Z2SuYeAcYp+S8CrwQKbOLoOBmutuhXRiyXDU69oz8g+s
63zakpAqj3RkuYhtgWzgJ9HOppHq9dslupZzHwjnAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMv+bqVuoBbR6dEq0jllKk0MXDxowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3MTA1ZjZiLTM2NTQtNDhiMC1hN2IzLTZhYTg0MTk1NGYyMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAddTIAwDQYJKoZIhvcNAQELBQADggEBAHTM1EDqnC45PHITiLKLVEgysBrb
AZ/xUZkjiBdUY08cv4DeQlnz1G0jR2cNPWFkVzCU7MaHlBrAPP1P6U/4eWN5TTur
03oUNBpsVfT6rjgsY8qgwN6jKfhPmBEcSAxVpQhnU+O7w36seddjTGU8fMjiqBMx
S3XqX8ZlCpOtxK5hh4AvC0fFVR6yDGNqwZqLqotijgNfcxkgoEAlzn3cgO/wGVVh
eJPZIcoIzTihZ9HzIs3U1WJBEJ8C3/egdGY5lZdtgzdMD6MCVDWCUVvvOnui+Ki6
i1zB7BGGkY223VONzOwiK7n//fBS+jP0ZlCuLZBw8fXUn1pDb/5Qq9jd5WY=
-----END CERTIFICATE-----