Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c702b12-884c-4fb7-8c73-0284e99428c9.roa
File:                     4c702b12-884c-4fb7-8c73-0284e99428c9.roa (raw, json)
Hash identifier:          Dr0kVRY4z1TRfa6AuByLDKkBYTInFbiqtuoYzhL0eII=
Subject key identifier:   EB:57:E7:87:E8:D0:97:C4:EB:C7:C3:85:A6:BC:82:5C:0F:8A:F7:F6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       794C1D09D53547CDF006834789E5A7DD0E2F1663
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c702b12-884c-4fb7-8c73-0284e99428c9.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        207.234.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:4c:1d:09:d5:35:47:cd:f0:06:83:47:89:e5:a7:dd:0e:2f:16:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=a70799635170e50edc59ddbfd57b932831516228c56cdf5499cdbdfdd7315a58, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a5:6e:3d:64:20:8b:59:e6:5f:39:05:87:c0:
                    05:54:21:35:f8:36:1f:85:95:bb:c3:88:3d:db:02:
                    47:01:59:5d:dc:54:fc:8c:bd:52:4a:f2:f6:6f:0d:
                    7b:41:a6:a4:a1:27:dc:e0:11:9d:88:28:c7:c0:e9:
                    c9:5d:bc:43:87:98:ee:b6:22:9b:39:75:21:54:d3:
                    b3:5f:3d:66:fc:b7:74:72:d3:2f:3e:65:39:77:9c:
                    21:88:23:ed:fd:d1:74:08:f2:f8:70:90:79:b2:dd:
                    87:1c:41:85:fc:c1:1a:5b:4b:f0:df:4f:81:ce:c8:
                    ae:78:21:4a:3b:ce:d9:1f:c5:ee:1a:7f:b5:1c:08:
                    44:d7:4a:9c:f6:36:12:83:78:6f:b8:ee:3b:5e:53:
                    34:d0:df:3a:70:6d:86:ba:31:ee:db:40:f7:20:88:
                    fd:74:fc:ac:98:86:22:69:62:7d:bf:3d:9c:e7:d3:
                    de:12:96:ee:11:71:b1:77:5e:a6:7c:92:7f:8c:ac:
                    f0:a6:ed:09:4f:20:01:ed:a1:23:fc:7f:0c:a4:78:
                    5d:23:24:bf:50:b6:0d:6e:b4:d4:29:18:fd:0f:f2:
                    f6:5d:a9:64:c5:ef:a9:68:f3:66:62:de:a9:a9:48:
                    06:c1:93:01:56:b2:1f:c1:c7:d6:24:68:2a:b1:4d:
                    13:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:57:E7:87:E8:D0:97:C4:EB:C7:C3:85:A6:BC:82:5C:0F:8A:F7:F6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4c702b12-884c-4fb7-8c73-0284e99428c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.234.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a4:c6:a3:a4:0f:da:3c:5e:0d:e1:e2:86:68:06:c9:40:14:ac:
         17:5d:14:b0:4a:e0:52:88:4e:8b:ab:a2:86:fe:5f:59:a7:57:
         1a:56:48:cf:93:67:b0:d7:84:0a:0b:e1:e9:50:20:6b:68:72:
         43:26:6c:2e:f7:0e:0d:af:0a:2f:64:ff:90:d5:06:dd:35:3b:
         d8:b8:ec:29:ce:38:f4:a7:2a:51:11:8c:5d:b5:e1:67:85:75:
         2e:b8:a4:95:e9:e8:26:de:d8:02:f2:b0:b0:2d:d7:fb:3c:73:
         be:a5:41:1e:42:a8:14:33:62:1d:0c:35:c4:b0:1d:9e:e4:f2:
         ea:09:09:6a:b1:93:b1:ce:83:e3:82:d3:f7:33:8f:11:d4:a6:
         a9:f8:bb:69:80:5e:21:27:ce:84:d1:c2:2b:e6:d0:9a:81:78:
         af:eb:40:c8:89:28:e2:84:ca:e3:57:fa:83:e2:27:b2:2c:ec:
         c6:88:a8:c3:b1:c4:4a:da:82:0f:47:af:04:5f:7c:b1:35:72:
         66:7c:c2:21:32:32:79:b4:08:ae:12:28:4c:91:19:5e:47:84:
         72:d3:87:56:f9:0d:51:26:9a:0b:0e:36:f7:29:db:73:76:5c:
         a5:42:b5:84:fa:38:94:9e:96:28:f0:f1:a7:32:95:18:05:d7:
         db:69:1c:1f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeUwdCdU1R83wBoNHieWn3Q4vFmMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzA3OTk2MzUxNzBlNTBlZGM1OWRkYmZkNTdiOTMyODMx
NTE2MjI4YzU2Y2RmNTQ5OWNkYmRmZGQ3MzE1YTU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrpW49ZCCLWeZfOQWHwAVUITX4Nh+FlbvDiD3bAkcBWV3c
VPyMvVJK8vZvDXtBpqShJ9zgEZ2IKMfA6cldvEOHmO62Ips5dSFU07NfPWb8t3Ry
0y8+ZTl3nCGII+390XQI8vhwkHmy3YccQYX8wRpbS/DfT4HOyK54IUo7ztkfxe4a
f7UcCETXSpz2NhKDeG+47jteUzTQ3zpwbYa6Me7bQPcgiP10/KyYhiJpYn2/PZzn
094Slu4RcbF3XqZ8kn+MrPCm7QlPIAHtoSP8fwykeF0jJL9Qtg1utNQpGP0P8vZd
qWTF76lo82Zi3qmpSAbBkwFWsh/Bx9YkaCqxTRMlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU61fnh+jQl8Trx8OFpryCXA+K9/YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRjNzAyYjEyLTg4NGMtNGZiNy04YzczLTAyODRlOTk0MjhjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAfP6oAwDQYJKoZIhvcNAQELBQADggEBAKTGo6QP2jxeDeHihmgGyUAUrBdd
FLBK4FKITouroob+X1mnVxpWSM+TZ7DXhAoL4elQIGtockMmbC73Dg2vCi9k/5DV
Bt01O9i47CnOOPSnKlERjF214WeFdS64pJXp6Cbe2ALysLAt1/s8c76lQR5CqBQz
Yh0MNcSwHZ7k8uoJCWqxk7HOg+OC0/czjxHUpqn4u2mAXiEnzoTRwivm0JqBeK/r
QMiJKOKEyuNX+oPiJ7Is7MaIqMOxxEragg9HrwRffLE1cmZ8wiEyMnm0CK4SKEyR
GV5HhHLTh1b5DVEmmgsONvcp23N2XKVCtYT6OJSelijw8acylRgF19tpHB8=
-----END CERTIFICATE-----