Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/807004a1-9fca-450c-b773-bdaf30407d8a.roa
File:                     807004a1-9fca-450c-b773-bdaf30407d8a.roa (raw, json)
Hash identifier:          LUzIno3JQ1g/wOhlXrHrxm74IEqSU/H7Fsm3LH/86HU=
Subject key identifier:   7D:38:9C:6B:69:56:DE:40:91:4A:31:94:07:FC:41:BD:3E:78:DD:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B1D2D7D4CF99A2564C930A14AE7F5610E116B3C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/807004a1-9fca-450c-b773-bdaf30407d8a.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        204.123.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:1d:2d:7d:4c:f9:9a:25:64:c9:30:a1:4a:e7:f5:61:0e:11:6b:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=57e1a7208f945623a13e91441ca6628731dd1e480b4e964bb0013a5fe38ee6bf, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:6d:9e:4a:c8:90:08:a7:ee:2c:a0:01:3c:b8:
                    11:e5:8f:86:f1:71:fb:fc:20:a0:93:1a:a4:38:3e:
                    46:19:0f:13:e3:61:80:20:28:bd:af:91:12:35:d4:
                    3f:3d:d1:22:d6:42:70:64:b4:3b:03:d9:3d:d5:fe:
                    c2:21:77:43:6b:52:49:1c:6e:36:64:2f:ae:8e:67:
                    02:f8:33:cf:1f:5a:b0:6e:a9:bd:e5:31:08:9f:24:
                    ce:b9:87:86:0a:3c:d3:7d:7b:3b:80:ad:ac:d9:94:
                    aa:88:27:39:d5:ba:33:f7:13:ff:08:ad:0b:c8:5b:
                    e0:60:df:0b:73:cb:5d:3c:71:5d:ae:33:60:37:15:
                    78:ac:ea:54:25:3f:5f:79:e2:81:a7:fa:a6:8e:a6:
                    01:07:15:60:26:64:c8:96:6a:33:b2:b2:87:e3:23:
                    cf:5d:20:a2:25:85:6d:2e:17:db:c2:c4:a5:c3:3c:
                    a3:1a:66:bb:54:09:2f:92:26:f3:c0:3f:cd:12:61:
                    c3:98:bb:f7:d1:f9:0d:4a:06:91:ab:5d:b5:76:07:
                    cb:1c:d7:0b:44:f9:dd:37:c6:6b:34:b4:5a:91:4f:
                    46:eb:ca:e8:86:ef:12:c8:dd:41:eb:e5:e7:16:67:
                    bb:bb:c8:b0:0a:f3:b6:3d:04:41:82:a3:22:42:d7:
                    cd:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:38:9C:6B:69:56:DE:40:91:4A:31:94:07:FC:41:BD:3E:78:DD:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/807004a1-9fca-450c-b773-bdaf30407d8a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.123.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:6c:dc:1b:e4:2f:6a:37:47:46:61:65:cc:d6:6a:31:c5:f8:
         c6:0d:c9:ef:50:01:31:7e:31:de:87:39:1d:64:16:8e:f8:89:
         eb:0c:e6:96:4d:8c:30:d3:77:a1:17:5e:27:ff:f0:82:ba:8a:
         7e:2f:cc:6e:5c:0a:68:e9:5e:91:19:49:60:f8:fb:64:a2:6f:
         53:49:9d:b5:9f:b8:48:7e:ce:2f:35:2e:60:6a:32:3a:c4:e7:
         f9:65:16:7f:c3:a2:35:a8:99:6a:8b:5b:7d:1d:c8:ee:0c:5a:
         b4:41:31:49:86:07:b2:06:c2:30:58:f7:96:e9:53:03:38:28:
         0d:81:59:d1:c5:d0:17:4c:9f:90:15:76:2f:1a:84:a3:fe:2f:
         93:dd:a5:30:d8:86:ad:94:23:8e:ee:11:bd:c3:65:2b:11:a4:
         a8:f3:1d:34:55:61:19:02:57:a1:50:4c:12:e2:ab:32:1e:e3:
         b9:56:37:39:6a:62:58:cd:c4:c5:0b:a3:20:54:da:15:96:15:
         d9:80:4d:74:62:4f:c2:e8:9a:7e:f6:f7:41:96:73:30:84:ad:
         1c:57:d3:3f:7c:23:50:7b:90:93:da:fa:79:8d:18:bc:cb:2e:
         fa:4d:68:fd:6f:7e:dc:3c:9f:2a:89:a1:3d:26:7a:f3:3c:ad:
         db:ad:5e:ed
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUex0tfUz5miVkyTChSuf1YQ4RazwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1N2UxYTcyMDhmOTQ1NjIzYTEzZTkxNDQxY2E2NjI4NzMx
ZGQxZTQ4MGI0ZTk2NGJiMDAxM2E1ZmUzOGVlNmJmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdbZ5KyJAIp+4soAE8uBHlj4bxcfv8IKCTGqQ4PkYZDxPj
YYAgKL2vkRI11D890SLWQnBktDsD2T3V/sIhd0NrUkkcbjZkL66OZwL4M88fWrBu
qb3lMQifJM65h4YKPNN9ezuArazZlKqIJznVujP3E/8IrQvIW+Bg3wtzy108cV2u
M2A3FXis6lQlP1954oGn+qaOpgEHFWAmZMiWajOysofjI89dIKIlhW0uF9vCxKXD
PKMaZrtUCS+SJvPAP80SYcOYu/fR+Q1KBpGrXbV2B8sc1wtE+d03xms0tFqRT0br
yuiG7xLI3UHr5ecWZ7u7yLAK87Y9BEGCoyJC181vAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfTica2lW3kCRSjGUB/xBvT543V8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgwNzAwNGExLTlmY2EtNDUwYy1iNzczLWJkYWYzMDQwN2Q4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwDMezANBgkqhkiG9w0BAQsFAAOCAQEAImzcG+QvajdHRmFlzNZqMcX4xg3J
71ABMX4x3oc5HWQWjviJ6wzmlk2MMNN3oRdeJ//wgrqKfi/MblwKaOlekRlJYPj7
ZKJvU0mdtZ+4SH7OLzUuYGoyOsTn+WUWf8OiNaiZaotbfR3I7gxatEExSYYHsgbC
MFj3lulTAzgoDYFZ0cXQF0yfkBV2LxqEo/4vk92lMNiGrZQjju4RvcNlKxGkqPMd
NFVhGQJXoVBMEuKrMh7juVY3OWpiWM3ExQujIFTaFZYV2YBNdGJPwuiafvb3QZZz
MIStHFfTP3wjUHuQk9r6eY0YvMsu+k1o/W9+3DyfKomhPSZ68zyt261e7Q==
-----END CERTIFICATE-----