Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7e1502d-dad7-4358-857d-04a46dceb88f.roa
File:                     d7e1502d-dad7-4358-857d-04a46dceb88f.roa (raw, json)
Hash identifier:          2fMGzA8C6NAVK9Yz1PEpy1Wnum4wz3icVviVVp6TTTU=
Subject key identifier:   CD:17:A9:55:68:B5:BE:47:F0:79:D6:AA:B5:25:28:F9:6C:3F:20:FE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       675599135B3E0FD7A9859735D9DE0394C834F5F5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7e1502d-dad7-4358-857d-04a46dceb88f.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        72.17.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:55:99:13:5b:3e:0f:d7:a9:85:97:35:d9:de:03:94:c8:34:f5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=ced79ed37b61923ad5675dec49435ff415b1993f9bafca9d1ccb20277cef7c5b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7d:86:eb:f8:4a:3e:e0:e4:e5:3f:22:ac:37:
                    b8:32:cd:9e:b1:83:86:df:5e:5b:cf:4e:12:ee:9c:
                    7b:f9:b1:59:e3:d6:40:92:37:aa:70:96:67:45:8d:
                    59:9b:d9:11:c1:b1:c6:de:6c:f1:c8:72:57:5a:59:
                    79:c2:c1:58:87:7d:a0:dd:4b:a9:9e:88:bb:bd:bf:
                    cc:59:d5:75:cb:76:af:8b:f8:aa:f3:46:c5:d4:3e:
                    a1:f9:8c:ec:e7:c4:a2:7e:68:24:60:ef:ac:bc:be:
                    03:17:75:a6:86:25:2a:78:8b:a3:d6:a9:3f:57:9f:
                    28:cc:94:7c:06:2c:0e:f4:c2:00:01:8d:18:07:6c:
                    a6:bf:39:4c:e4:fd:b3:34:7b:fc:c8:ab:3b:4b:53:
                    cc:7a:bc:4b:ec:67:02:72:44:d1:da:3f:b3:cf:b9:
                    33:0f:6f:a3:a7:da:7c:3b:06:e0:13:06:1c:80:82:
                    d4:5b:73:81:05:24:7d:31:6d:3b:6b:d2:bd:b7:16:
                    cc:d4:7b:47:0f:ec:b1:03:e6:67:d8:18:15:46:ee:
                    88:f6:0b:24:b8:a2:3a:33:f2:cd:28:eb:eb:e6:29:
                    c5:6d:4b:9d:26:c0:67:74:63:91:ae:c5:58:72:db:
                    dc:da:65:dc:67:7d:73:6d:22:92:51:22:5f:49:92:
                    77:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:17:A9:55:68:B5:BE:47:F0:79:D6:AA:B5:25:28:F9:6C:3F:20:FE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d7e1502d-dad7-4358-857d-04a46dceb88f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  72.17.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         a2:5d:74:e7:7c:2f:7f:3b:30:c9:ef:5a:e3:0b:ea:fb:9b:f8:
         b9:5e:c8:fe:fa:40:51:0e:8e:ab:e1:31:1f:9d:c2:b5:4e:12:
         99:65:b6:02:11:76:e7:37:b7:2c:cc:aa:76:d4:c4:4a:3a:14:
         0e:00:78:3f:32:2c:7e:4a:ff:3f:82:32:32:e3:82:e3:5c:95:
         4c:6e:f3:ba:e6:97:9b:66:9e:61:c6:82:19:a0:81:08:16:35:
         0d:15:88:3b:35:0e:b3:35:b2:c4:a2:46:23:b4:4a:e8:27:1f:
         bf:b0:51:35:82:f7:af:c8:b7:b6:20:c8:d5:76:8e:04:77:58:
         c1:ca:71:3c:8a:51:41:9c:73:e9:32:23:7b:1a:43:11:b0:11:
         ef:b5:38:60:89:20:41:b4:ec:87:8f:3a:b3:c9:b3:d5:85:f2:
         f2:7c:c0:05:84:b2:2d:52:5b:97:6f:40:25:70:52:70:cd:5a:
         e6:78:79:0a:2e:b9:e2:30:4f:5c:f1:71:f1:25:ed:14:9d:0d:
         04:57:4e:11:d7:45:46:39:d4:23:e0:12:30:62:9d:5c:12:3f:
         94:8e:ca:a6:7a:9e:74:2b:a9:d1:c9:da:47:36:66:18:36:02:
         33:40:2e:06:e7:21:5b:42:5b:f2:c8:24:e1:e0:9e:0e:d4:ad:
         df:28:19:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ1WZE1s+D9ephZc12d4DlMg09fUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWQ3OWVkMzdiNjE5MjNhZDU2NzVkZWM0OTQzNWZmNDE1
YjE5OTNmOWJhZmNhOWQxY2NiMjAyNzdjZWY3YzViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCefYbr+Eo+4OTlPyKsN7gyzZ6xg4bfXlvPThLunHv5sVnj
1kCSN6pwlmdFjVmb2RHBscbebPHIcldaWXnCwViHfaDdS6meiLu9v8xZ1XXLdq+L
+KrzRsXUPqH5jOznxKJ+aCRg76y8vgMXdaaGJSp4i6PWqT9XnyjMlHwGLA70wgAB
jRgHbKa/OUzk/bM0e/zIqztLU8x6vEvsZwJyRNHaP7PPuTMPb6On2nw7BuATBhyA
gtRbc4EFJH0xbTtr0r23FszUe0cP7LED5mfYGBVG7oj2CyS4ojoz8s0o6+vmKcVt
S50mwGd0Y5GuxVhy29zaZdxnfXNtIpJRIl9JkncjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUzRepVWi1vkfwedaqtSUo+Ww/IP4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q3ZTE1MDJkLWRhZDctNDM1OC04NTdkLTA0YTQ2ZGNlYjg4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdIEYAwDQYJKoZIhvcNAQELBQADggEBAKJddOd8L387MMnvWuML6vub+Lle
yP76QFEOjqvhMR+dwrVOEplltgIRduc3tyzMqnbUxEo6FA4AeD8yLH5K/z+CMjLj
guNclUxu87rml5tmnmHGghmggQgWNQ0ViDs1DrM1ssSiRiO0SugnH7+wUTWC96/I
t7YgyNV2jgR3WMHKcTyKUUGcc+kyI3saQxGwEe+1OGCJIEG07IePOrPJs9WF8vJ8
wAWEsi1SW5dvQCVwUnDNWuZ4eQouueIwT1zxcfEl7RSdDQRXThHXRUY51CPgEjBi
nVwSP5SOyqZ6nnQrqdHJ2kc2Zhg2AjNALgbnIVtCW/LIJOHgng7Urd8oGYM=
-----END CERTIFICATE-----