Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8c26364-7c30-45ce-b34d-4ac607637a8f.roa
File:                     d8c26364-7c30-45ce-b34d-4ac607637a8f.roa (raw, json)
Hash identifier:          QM9B06Yut0SYGbArKLayDmQnLTA+xGepdEh+58vf5Tw=
Subject key identifier:   FF:CA:22:DE:2E:3B:BD:4D:04:B8:5E:20:E6:CA:45:F2:BE:0C:24:F7
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       29270642C06EAF43DCDE475BD343ADD222D34928
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8c26364-7c30-45ce-b34d-4ac607637a8f.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        37.7.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:27:06:42:c0:6e:af:43:dc:de:47:5b:d3:43:ad:d2:22:d3:49:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=0b45b7c8cf139aa3e6fd86b7481200fbe7ac058ff685fcfb2a652502f82c021c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:be:e5:08:bf:3b:d8:6d:0e:af:7d:c2:d6:d3:
                    71:fd:87:48:9b:1b:93:e0:52:90:7c:67:32:95:92:
                    42:39:39:62:a8:f7:94:aa:e7:24:32:61:7f:08:4a:
                    15:d4:0d:9c:49:08:fc:97:ef:7b:1f:1a:c8:49:e7:
                    9e:f1:43:3e:73:74:e4:b4:e1:b5:8e:d9:7e:99:2e:
                    60:ba:2c:a5:7e:b1:d8:6b:61:3b:af:dc:c1:02:f4:
                    24:a3:55:43:44:7b:8b:fd:e2:db:51:d5:33:cb:69:
                    2b:e0:63:a5:22:8e:dc:a3:2e:d5:60:5b:9d:c3:96:
                    3e:3f:fb:40:b9:6b:00:38:e9:2a:41:36:3e:20:8d:
                    7a:2f:d4:16:52:b4:8d:db:a0:70:75:f5:a9:98:5e:
                    d2:51:9d:b5:af:66:70:10:02:84:5b:42:38:6d:2a:
                    58:94:6f:b6:ec:7a:9c:f0:7f:c3:29:bb:ea:7f:39:
                    a4:dd:98:fe:8a:7d:10:79:2a:8d:86:c3:af:27:ac:
                    2f:fc:5d:5a:79:7b:c1:b8:55:0e:aa:3a:fe:25:e1:
                    ea:12:c1:09:a1:58:6f:d7:d2:6e:a4:69:0d:46:3d:
                    f9:97:ec:89:2d:95:7f:54:64:b6:db:32:7e:1b:7e:
                    54:f3:1d:75:d4:15:f7:e8:0b:97:f6:2d:a8:db:6f:
                    7a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:CA:22:DE:2E:3B:BD:4D:04:B8:5E:20:E6:CA:45:F2:BE:0C:24:F7
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d8c26364-7c30-45ce-b34d-4ac607637a8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.7.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:a9:19:35:c6:58:5b:4b:0d:50:72:b7:f1:4f:fd:18:31:bb:
         fd:58:70:d0:81:0a:38:54:2a:bb:4b:3d:c4:97:e7:4c:f0:41:
         ba:4a:22:4a:b5:0b:8c:7a:23:28:84:12:cd:7b:fc:72:99:51:
         11:59:bc:ed:fd:6e:e7:07:8b:0c:f7:ff:8f:63:89:6b:76:8f:
         4b:b3:eb:90:65:5d:05:a1:e7:86:55:d4:6d:23:fa:9c:9b:82:
         2a:64:1d:40:f1:81:74:06:33:f3:52:ec:6d:6f:84:b1:7b:6f:
         d7:6f:34:22:62:61:19:dd:80:37:b7:c3:79:9b:54:de:53:37:
         cb:31:85:10:b9:7f:4d:e3:12:44:e8:29:61:25:b9:b8:d0:a6:
         a2:ee:3c:84:4c:41:9b:b0:05:98:1b:e3:9e:e4:4e:40:0f:d7:
         e5:03:f0:1d:58:df:99:83:f7:42:4f:a0:39:05:b7:64:ee:74:
         dc:76:ef:f4:b1:a8:d7:a8:a0:21:e6:40:59:3f:91:7d:d1:56:
         a8:72:09:5c:5a:06:f1:71:03:4d:6f:94:0e:f3:76:3b:1d:32:
         35:82:14:98:d2:29:40:15:85:8b:66:42:97:8c:43:86:27:6e:
         ac:72:ee:85:39:cb:8f:ef:c4:d7:3c:d7:44:cc:99:4c:f9:b5:
         9a:f8:18:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKScGQsBur0Pc3kdb00Ot0iLTSSgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYjQ1YjdjOGNmMTM5YWEzZTZmZDg2Yjc0ODEyMDBmYmU3
YWMwNThmZjY4NWZjZmIyYTY1MjUwMmY4MmMwMjFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDdvuUIvzvYbQ6vfcLW03H9h0ibG5PgUpB8ZzKVkkI5OWKo
95Sq5yQyYX8IShXUDZxJCPyX73sfGshJ557xQz5zdOS04bWO2X6ZLmC6LKV+sdhr
YTuv3MEC9CSjVUNEe4v94ttR1TPLaSvgY6UijtyjLtVgW53Dlj4/+0C5awA46SpB
Nj4gjXov1BZStI3boHB19amYXtJRnbWvZnAQAoRbQjhtKliUb7bsepzwf8Mpu+p/
OaTdmP6KfRB5Ko2Gw68nrC/8XVp5e8G4VQ6qOv4l4eoSwQmhWG/X0m6kaQ1GPfmX
7IktlX9UZLbbMn4bflTzHXXUFffoC5f2Lajbb3oZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/8oi3i47vU0EuF4g5spF8r4MJPcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4YzI2MzY0LTdjMzAtNDVjZS1iMzRkLTRhYzYwNzYzN2E4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAlBzANBgkqhkiG9w0BAQsFAAOCAQEAoKkZNcZYW0sNUHK38U/9GDG7/Vhw
0IEKOFQqu0s9xJfnTPBBukoiSrULjHojKIQSzXv8cplREVm87f1u5weLDPf/j2OJ
a3aPS7PrkGVdBaHnhlXUbSP6nJuCKmQdQPGBdAYz81LsbW+EsXtv1280ImJhGd2A
N7fDeZtU3lM3yzGFELl/TeMSROgpYSW5uNCmou48hExBm7AFmBvjnuROQA/X5QPw
HVjfmYP3Qk+gOQW3ZO503Hbv9LGo16igIeZAWT+RfdFWqHIJXFoG8XEDTW+UDvN2
Ox0yNYIUmNIpQBWFi2ZCl4xDhidurHLuhTnLj+/E1zzXRMyZTPm1mvgYqQ==
-----END CERTIFICATE-----