Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d941e8ad-e3c5-47fb-bb50-457d1a4c4074.roa
File:                     d941e8ad-e3c5-47fb-bb50-457d1a4c4074.roa (raw, json)
Hash identifier:          6syjAV1qA1pnglE0pOxob29q06YEAFXDHZ1SjgED5tE=
Subject key identifier:   0A:63:28:E9:9A:8A:03:83:83:91:18:7D:64:33:92:3C:5E:F3:98:CC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       06D1B440D59A7E44E80301421BD84D622F7F5019
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d941e8ad-e3c5-47fb-bb50-457d1a4c4074.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        134.73.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:d1:b4:40:d5:9a:7e:44:e8:03:01:42:1b:d8:4d:62:2f:7f:50:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=bec59299e9439b09bef86f7d7df6bc47705bcbce27e67b72e843e18be01f8eb3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4b:ba:1e:40:ef:80:06:57:2e:6e:1b:fe:78:
                    83:06:89:6a:51:9b:76:80:db:11:b6:6b:b8:0a:77:
                    68:b8:dd:54:f1:a3:28:e1:26:a1:83:6d:04:ab:91:
                    46:a9:ea:86:ca:cd:b4:79:2d:f4:53:cb:ec:ef:f7:
                    d2:b4:fe:08:33:71:67:43:b7:e9:78:d1:cd:cf:5e:
                    a7:38:cd:27:bf:ec:b9:3c:e6:42:dd:c3:94:34:88:
                    5b:8c:c0:d2:91:1a:08:4f:36:f5:ef:db:92:6a:5b:
                    02:2c:e6:4c:3d:47:50:11:c7:b8:7a:05:9e:2d:27:
                    34:de:88:fd:ba:14:e2:1a:6c:65:78:3e:a7:43:a1:
                    5a:17:9f:df:35:e1:6a:69:57:7e:b6:75:c9:65:2e:
                    7b:16:7d:be:8b:17:39:6b:f3:3f:6f:87:95:c7:27:
                    15:bf:47:96:af:4d:13:41:fc:39:92:60:c3:30:81:
                    ac:5a:a9:b9:db:ef:d8:6b:d9:be:62:8d:ff:c6:72:
                    ed:e9:58:a4:ef:ec:4d:0f:86:d8:8c:5f:39:49:31:
                    cf:4c:22:35:42:22:5b:a2:73:46:24:85:c9:d1:90:
                    eb:85:56:1e:da:e3:f1:11:d9:a4:fb:53:9e:65:d6:
                    f4:43:d7:a7:c5:9d:64:24:b9:30:55:e4:43:aa:f2:
                    49:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:63:28:E9:9A:8A:03:83:83:91:18:7D:64:33:92:3C:5E:F3:98:CC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d941e8ad-e3c5-47fb-bb50-457d1a4c4074.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b2:95:41:8f:e7:d6:a9:43:ab:73:62:7a:46:97:e3:4a:b1:3f:
         59:59:6b:f8:58:4a:dc:a5:da:1f:e6:8e:29:81:41:36:75:93:
         b5:93:c2:f5:30:92:d5:d7:a7:ed:6f:22:b5:6f:44:51:fb:fd:
         81:f9:a2:74:33:f2:f7:d6:19:fd:54:05:b9:64:35:a8:ec:35:
         f1:47:bb:4d:ea:b0:53:cb:20:10:df:0e:c0:5d:13:24:17:d0:
         bc:26:f2:96:b0:09:4b:01:31:3f:5e:8c:2d:86:b3:39:62:56:
         13:c5:f7:3b:9d:48:75:0f:24:f8:a3:07:c7:ae:4c:e6:87:6f:
         6e:4a:01:f0:80:ad:82:90:0a:7a:0d:f3:9e:fa:4e:f8:69:bf:
         e5:3d:73:54:c6:20:c8:7c:d4:5f:29:eb:7a:7b:b8:87:db:4b:
         be:3b:a2:66:5c:61:1d:78:7e:c1:2c:55:d3:a8:b3:d8:a0:2d:
         a5:98:88:a7:80:4b:23:2d:6d:46:39:eb:c4:e2:14:77:74:48:
         e6:8e:74:e5:e4:ae:67:9c:ed:34:28:fd:d6:a5:10:93:ea:fd:
         70:d0:54:fb:03:57:ec:d5:2b:40:5a:45:b1:99:cc:97:02:8f:
         eb:3d:bb:bd:e2:57:fb:9d:dc:84:ea:5b:9f:a7:50:63:06:fd:
         b1:70:f0:38
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBtG0QNWafkToAwFCG9hNYi9/UBkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWM1OTI5OWU5NDM5YjA5YmVmODZmN2Q3ZGY2YmM0Nzcw
NWJjYmNlMjdlNjdiNzJlODQzZTE4YmUwMWY4ZWIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpS7oeQO+ABlcubhv+eIMGiWpRm3aA2xG2a7gKd2i43VTx
oyjhJqGDbQSrkUap6obKzbR5LfRTy+zv99K0/ggzcWdDt+l40c3PXqc4zSe/7Lk8
5kLdw5Q0iFuMwNKRGghPNvXv25JqWwIs5kw9R1ARx7h6BZ4tJzTeiP26FOIabGV4
PqdDoVoXn9814WppV362dcllLnsWfb6LFzlr8z9vh5XHJxW/R5avTRNB/DmSYMMw
gaxaqbnb79hr2b5ijf/Gcu3pWKTv7E0PhtiMXzlJMc9MIjVCIluic0YkhcnRkOuF
Vh7a4/ER2aT7U55l1vRD16fFnWQkuTBV5EOq8klRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCmMo6ZqKA4ODkRh9ZDOSPF7zmMwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5NDFlOGFkLWUzYzUtNDdmYi1iYjUwLTQ1N2QxYTRjNDA3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCGSTANBgkqhkiG9w0BAQsFAAOCAQEAspVBj+fWqUOrc2J6RpfjSrE/WVlr
+FhK3KXaH+aOKYFBNnWTtZPC9TCS1den7W8itW9EUfv9gfmidDPy99YZ/VQFuWQ1
qOw18Ue7TeqwU8sgEN8OwF0TJBfQvCbylrAJSwExP16MLYazOWJWE8X3O51IdQ8k
+KMHx65M5odvbkoB8ICtgpAKeg3znvpO+Gm/5T1zVMYgyHzUXynrenu4h9tLvjui
ZlxhHXh+wSxV06iz2KAtpZiIp4BLIy1tRjnrxOIUd3RI5o505eSuZ5ztNCj91qUQ
k+r9cNBU+wNX7NUrQFpFsZnMlwKP6z27veJX+53chOpbn6dQYwb9sXDwOA==
-----END CERTIFICATE-----