Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b3217e8-8c45-4481-80c1-0144b811d1e0.roa
File:                     3b3217e8-8c45-4481-80c1-0144b811d1e0.roa (raw, json)
Hash identifier:          5opUH0UVn049vIHhZq2Zu5tJGoVreQwJA5jB325VNew=
Subject key identifier:   0E:CE:FA:03:E5:12:ED:1E:E8:E9:9E:10:AF:90:FC:B1:90:69:D0:45
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7463A5FA200A6580A0AD44AFF437F9BFA8C2AD0E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b3217e8-8c45-4481-80c1-0144b811d1e0.roa
Signing time:             Fri 14 Mar 2025 00:40:18 +0000
ROA not before:           Fri 14 Mar 2025 00:40:18 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     19047
IP address blocks:        70.130.201.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:63:a5:fa:20:0a:65:80:a0:ad:44:af:f4:37:f9:bf:a8:c2:ad:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:40:18 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=8290bafb83eafef2b766b02b03321d7bf58474dbca411c0927d0bf0412c75b4a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:05:9b:c8:cb:d4:be:84:42:b7:78:4b:e1:32:
                    db:03:d3:1b:1f:fa:bc:ae:b0:43:04:b1:31:58:fd:
                    89:78:41:4c:92:b1:0b:a2:59:8e:5a:5f:e2:e7:09:
                    af:40:04:96:ea:fb:21:0e:d4:7f:18:e7:48:08:8d:
                    16:da:f4:ce:ec:54:e3:18:58:11:7b:02:be:d2:a0:
                    9d:6b:f1:b5:3f:8c:82:d7:91:79:1f:a0:33:b4:c9:
                    1c:b4:1d:fd:fb:7a:fe:be:67:0b:f3:f2:77:f8:cb:
                    30:d4:c2:57:f3:07:b1:16:71:40:48:c8:12:7f:a6:
                    1a:18:bc:79:e1:0b:a6:ee:bf:79:8f:56:7d:de:f1:
                    f7:a3:b8:28:b0:33:bc:5d:33:69:b5:00:a1:07:e8:
                    e4:cc:f6:31:e1:ba:63:d3:91:2c:98:2c:be:85:b8:
                    87:87:b3:57:31:8a:cc:f4:0f:97:a6:c7:f6:1f:fd:
                    8c:00:11:97:0a:65:7e:6f:6f:4a:8d:09:df:6d:d3:
                    79:a3:c6:e2:a6:2f:b0:c8:0f:92:4b:c3:4a:16:c1:
                    a4:01:ca:26:12:dc:40:ad:41:8f:e7:53:48:8a:6c:
                    e0:34:b0:9d:59:d9:22:1d:1d:f0:8c:fd:32:f2:cb:
                    e0:ce:49:89:1f:78:68:fd:cc:6f:57:49:44:58:6c:
                    fa:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:CE:FA:03:E5:12:ED:1E:E8:E9:9E:10:AF:90:FC:B1:90:69:D0:45
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3b3217e8-8c45-4481-80c1-0144b811d1e0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  70.130.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:5f:09:83:43:0d:d2:d2:9c:d9:4f:fb:13:eb:a3:80:07:9b:
         36:b3:66:7d:4a:17:f2:0b:22:9c:7d:55:67:96:f6:a1:56:f4:
         13:7b:a8:1c:cb:7c:36:72:88:d3:59:22:08:fe:d5:b9:8a:a2:
         a6:e9:08:70:ac:c9:d1:f4:05:25:75:47:a4:67:35:ae:09:3d:
         2c:e0:98:3d:af:f9:7b:7a:85:6d:40:70:7a:b1:1c:e3:f3:b6:
         cc:61:cb:17:e4:50:28:76:15:d5:82:c8:13:2e:e4:2c:3f:79:
         b3:5f:1b:23:f1:82:98:da:3b:2c:9a:12:bb:a9:41:d4:0c:51:
         81:3c:b7:05:21:5c:36:83:5f:99:62:2c:dd:da:11:89:30:89:
         c8:f2:c7:da:68:a1:af:91:14:78:88:27:ee:a6:92:65:f6:54:
         9a:e2:94:7f:22:d7:19:9e:d9:cb:40:6c:87:40:fa:e7:bf:e2:
         78:e3:76:96:f8:2c:e8:32:f0:05:b5:f9:74:31:51:1d:32:96:
         df:5f:bd:63:4b:1f:1c:02:ab:9f:d9:81:90:69:e6:69:af:d2:
         75:ff:2c:1a:50:f8:57:32:40:1e:2b:c8:d2:00:ea:56:3c:3a:
         d3:21:2d:28:bb:dc:94:1c:25:ea:fe:83:54:be:fb:98:4b:5f:
         b8:c8:ce:62
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdGOl+iAKZYCgrUSv9Df5v6jCrQ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDA0MDE4WhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MjkwYmFmYjgzZWFmZWYyYjc2NmIwMmIwMzMyMWQ3YmY1
ODQ3NGRiY2E0MTFjMDkyN2QwYmYwNDEyYzc1YjRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD7BZvIy9S+hEK3eEvhMtsD0xsf+ryusEMEsTFY/Yl4QUyS
sQuiWY5aX+LnCa9ABJbq+yEO1H8Y50gIjRba9M7sVOMYWBF7Ar7SoJ1r8bU/jILX
kXkfoDO0yRy0Hf37ev6+Zwvz8nf4yzDUwlfzB7EWcUBIyBJ/phoYvHnhC6buv3mP
Vn3e8fejuCiwM7xdM2m1AKEH6OTM9jHhumPTkSyYLL6FuIeHs1cxisz0D5emx/Yf
/YwAEZcKZX5vb0qNCd9t03mjxuKmL7DID5JLw0oWwaQByiYS3ECtQY/nU0iKbOA0
sJ1Z2SIdHfCM/TLyy+DOSYkfeGj9zG9XSURYbPrdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDs76A+US7R7o6Z4Qr5D8sZBp0EUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNiMzIxN2U4LThjNDUtNDQ4MS04MGMxLTAxNDRiODExZDFlMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABGgskwDQYJKoZIhvcNAQELBQADggEBAExfCYNDDdLSnNlP+xPro4AHmzaz
Zn1KF/ILIpx9VWeW9qFW9BN7qBzLfDZyiNNZIgj+1bmKoqbpCHCsydH0BSV1R6Rn
Na4JPSzgmD2v+Xt6hW1AcHqxHOPztsxhyxfkUCh2FdWCyBMu5Cw/ebNfGyPxgpja
OyyaErupQdQMUYE8twUhXDaDX5liLN3aEYkwicjyx9pooa+RFHiIJ+6mkmX2VJri
lH8i1xme2ctAbIdA+ue/4njjdpb4LOgy8AW1+XQxUR0ylt9fvWNLHxwCq5/ZgZBp
5mmv0nX/LBpQ+FcyQB4ryNIA6lY8OtMhLSi73JQcJer+g1S++5hLX7jIzmI=
-----END CERTIFICATE-----