Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/041581cb-3989-42ad-9b1d-367e0721b74a.roa
File:                     041581cb-3989-42ad-9b1d-367e0721b74a.roa (raw, json)
Hash identifier:          ThrUPgXaPJFu48LeOtEzRj6QV81eTTsLpuyBPPvK+hk=
Subject key identifier:   D4:81:CB:AA:79:3A:1E:2B:47:F5:44:58:03:B8:35:0E:E0:E8:63:64
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6AE59DD342991EC7504624E0F7100DF73BE6558D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/041581cb-3989-42ad-9b1d-367e0721b74a.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.239.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:e5:9d:d3:42:99:1e:c7:50:46:24:e0:f7:10:0d:f7:3b:e6:55:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=dd7e66c77e6d802397b3ab9cf8ed17284c6c1595f3b5b3ba0211c13c5be212d7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4a:a5:ef:8e:58:07:72:79:0b:44:b9:38:12:
                    19:97:22:5a:a3:9c:fd:4b:88:58:aa:43:bf:32:08:
                    07:ec:bb:20:40:91:cf:22:5e:d4:44:ec:f0:ef:b3:
                    a1:f1:17:69:8c:a7:53:b5:13:a6:c0:bc:04:4f:07:
                    3f:c1:a3:d7:01:54:d4:2e:c7:a7:4d:ec:cc:0b:67:
                    97:f8:f0:c7:6e:89:98:e4:5a:51:b8:83:d5:a2:e9:
                    81:b6:f5:f8:ec:8a:18:dc:69:82:e3:e0:ed:37:0d:
                    5e:59:ee:c5:70:eb:26:a0:1c:dc:c2:bd:ec:e0:85:
                    82:13:92:d8:72:61:17:e1:b1:ce:19:6f:ad:3b:1e:
                    3a:11:a3:d7:47:d0:32:c9:31:93:85:78:13:b6:f2:
                    14:42:32:d8:92:9e:81:75:0f:1b:ac:e6:6b:b2:ab:
                    1d:05:7e:30:a0:82:6a:a6:af:31:26:3e:71:b7:65:
                    3a:b4:7b:37:c0:5a:d1:c8:ff:d4:6c:b3:44:f6:52:
                    95:b0:8b:14:93:4c:79:eb:e4:23:c3:d5:b7:6f:19:
                    99:bc:73:92:19:00:4f:98:cd:80:36:57:49:8b:9e:
                    07:ff:50:3d:08:80:8b:7b:90:73:21:8e:f8:7a:19:
                    60:5f:b0:fa:41:00:84:1d:2b:5e:8c:69:c3:39:3f:
                    fc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:81:CB:AA:79:3A:1E:2B:47:F5:44:58:03:B8:35:0E:E0:E8:63:64
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/041581cb-3989-42ad-9b1d-367e0721b74a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d4:27:ed:cd:2e:0e:f0:0b:10:84:37:2b:74:66:79:24:49:bc:
         ae:a0:48:a4:10:0a:6c:ca:a5:23:7b:3c:8e:da:81:7a:b4:51:
         cc:f1:2d:52:1e:00:46:42:26:eb:67:e9:ba:b5:48:78:dc:d3:
         ad:24:61:39:8e:6b:8c:1f:70:81:ea:4d:2b:61:49:1c:cd:eb:
         ad:63:bd:15:b1:1a:64:21:fa:74:0e:4c:e1:2b:2a:51:00:e0:
         09:3a:78:e8:90:fe:40:3c:bc:0a:71:de:a0:24:fd:03:0e:f7:
         ee:f9:18:65:df:60:7d:af:d2:7c:ba:82:10:f6:8b:12:30:86:
         ae:4d:fd:ab:35:3f:97:88:35:c3:68:b3:d2:b6:ee:ef:3b:0f:
         04:60:26:2d:ef:a4:6c:42:cc:d6:24:7a:2c:97:d3:fb:e1:d1:
         7c:77:fc:ee:ef:28:62:98:78:63:d2:1c:38:f5:ed:25:a8:92:
         b2:17:c1:00:37:bc:68:ef:37:be:86:ce:4e:fa:d0:b5:f2:49:
         67:df:ab:69:11:94:47:1c:aa:39:28:ec:0a:68:88:92:cf:84:
         0e:57:58:0a:94:26:89:6f:42:3b:a6:de:70:ab:e9:b6:e2:5c:
         88:c9:48:af:90:d5:49:7d:a1:54:3f:7d:8a:c8:aa:3d:51:f0:
         0d:1d:6c:f7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUauWd00KZHsdQRiTg9xAN9zvmVY0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkZDdlNjZjNzdlNmQ4MDIzOTdiM2FiOWNmOGVkMTcyODRj
NmMxNTk1ZjNiNWIzYmEwMjExYzEzYzViZTIxMmQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmSqXvjlgHcnkLRLk4EhmXIlqjnP1LiFiqQ78yCAfsuyBA
kc8iXtRE7PDvs6HxF2mMp1O1E6bAvARPBz/Bo9cBVNQux6dN7MwLZ5f48MduiZjk
WlG4g9Wi6YG29fjsihjcaYLj4O03DV5Z7sVw6yagHNzCvezghYITkthyYRfhsc4Z
b607HjoRo9dH0DLJMZOFeBO28hRCMtiSnoF1Dxus5muyqx0FfjCggmqmrzEmPnG3
ZTq0ezfAWtHI/9Rss0T2UpWwixSTTHnr5CPD1bdvGZm8c5IZAE+YzYA2V0mLngf/
UD0IgIt7kHMhjvh6GWBfsPpBAIQdK16MacM5P/xPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1IHLqnk6HitH9URYA7g1DuDoY2QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0MTU4MWNiLTM5ODktNDJhZC05YjFkLTM2N2UwNzIxYjc0YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo7zANBgkqhkiG9w0BAQsFAAOCAQEA1CftzS4O8AsQhDcrdGZ5JEm8rqBI
pBAKbMqlI3s8jtqBerRRzPEtUh4ARkIm62fpurVIeNzTrSRhOY5rjB9wgepNK2FJ
HM3rrWO9FbEaZCH6dA5M4SsqUQDgCTp46JD+QDy8CnHeoCT9Aw737vkYZd9gfa/S
fLqCEPaLEjCGrk39qzU/l4g1w2iz0rbu7zsPBGAmLe+kbELM1iR6LJfT++HRfHf8
7u8oYph4Y9IcOPXtJaiSshfBADe8aO83vobOTvrQtfJJZ9+raRGURxyqOSjsCmiI
ks+EDldYCpQmiW9CO6becKvptuJciMlIr5DVSX2hVD99isiqPVHwDR1s9w==
-----END CERTIFICATE-----