Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d4eda31-719c-420b-a4d9-d4c602b78134.roa
File:                     1d4eda31-719c-420b-a4d9-d4c602b78134.roa (raw, json)
Hash identifier:          bNGkg57PBJsAczI5wqCa5tpBPJRpWNoX7V5m6NKvIdE=
Subject key identifier:   BE:AA:CA:50:81:D6:99:68:08:C6:26:C3:3A:B0:5A:F6:D8:9A:41:A3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       316E180AA3512266AF12804C5000D5767A988E0F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d4eda31-719c-420b-a4d9-d4c602b78134.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.187.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:6e:18:0a:a3:51:22:66:af:12:80:4c:50:00:d5:76:7a:98:8e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=7648847fbf02f93a2d6da788b4b0579c31a7719381c52a4836701d8c318b548b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d6:a4:85:2d:33:38:f3:d9:d1:76:b2:d9:1a:
                    d6:7a:6d:7d:ab:b7:4a:44:5d:08:d2:ea:ce:96:5e:
                    48:02:6b:7f:bd:a2:76:14:10:1d:1f:11:cf:9b:c0:
                    4a:91:93:b5:23:0f:a2:71:51:f6:87:51:17:b0:1d:
                    6e:cf:73:01:f9:b1:f9:ba:ed:79:aa:81:b3:cd:d3:
                    1c:70:e0:57:e5:66:cf:1a:5c:bf:f2:1c:c4:90:4c:
                    6c:d0:c6:1b:91:cd:87:50:90:c0:b3:cc:45:ba:cf:
                    82:9e:ea:c9:1a:93:b9:c3:64:c0:e2:25:d7:68:ab:
                    a5:a2:01:c7:eb:82:5f:15:04:e7:84:18:a7:cc:86:
                    5d:0d:35:87:0f:c1:92:33:c0:50:0a:17:d7:1a:8e:
                    38:10:e7:4b:6c:f2:ff:70:f5:2a:e2:d1:ad:67:d8:
                    10:d6:23:5e:d1:05:25:b0:02:92:b2:07:68:25:29:
                    74:6c:eb:f6:a5:d7:31:65:1c:43:0e:42:bd:29:aa:
                    d6:06:a8:90:ba:fa:e3:51:13:ab:5d:2f:d0:73:62:
                    5f:78:5f:54:b9:dc:ec:e5:5a:db:64:f2:c5:81:ce:
                    01:44:58:cf:e1:27:57:9d:c4:ed:33:ca:6a:a6:a4:
                    53:71:20:1f:cd:3d:c5:10:7d:07:83:f7:05:00:37:
                    76:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:AA:CA:50:81:D6:99:68:08:C6:26:C3:3A:B0:5A:F6:D8:9A:41:A3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d4eda31-719c-420b-a4d9-d4c602b78134.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.187.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:b0:0a:b4:43:c8:0b:b0:9f:f2:72:37:5a:9b:e9:89:9e:58:
         f8:c7:b4:1b:fe:09:04:25:af:11:f5:24:f0:13:e5:ef:30:6a:
         18:17:4e:43:db:8a:71:94:a8:cb:02:09:f6:81:ca:48:59:9b:
         17:c6:78:68:09:22:dc:ba:5b:7b:a4:6f:37:1c:7b:d7:90:ee:
         67:aa:f7:0e:f8:e9:ee:aa:25:52:cb:5e:d9:cf:78:62:bc:83:
         5e:54:4d:3d:ca:ac:f1:91:cf:6a:e4:86:93:a0:79:5e:d2:d7:
         70:5d:52:e2:08:11:47:15:b3:40:a1:08:ae:d2:80:f8:0c:5a:
         5f:98:52:f7:5c:a0:01:fc:5a:b0:c7:63:29:8a:9c:d3:f0:e8:
         0b:0b:44:ae:bb:2c:44:4a:8e:83:00:05:96:fb:ca:0c:60:29:
         16:22:c6:61:d2:55:b5:33:d0:06:b9:49:f6:82:5c:7d:89:a9:
         ea:6c:53:52:c8:10:f3:24:a6:9f:45:97:a2:2d:d6:a8:6b:6c:
         45:9a:84:84:44:bd:b4:7e:91:be:ad:33:3e:89:f5:47:c9:2f:
         f8:5b:6f:2d:26:3f:fc:59:5c:1c:ea:ab:ee:f0:6f:c6:8e:29:
         15:ad:52:76:04:a5:3b:f9:d2:1c:54:b1:7e:4b:2f:ea:7b:b7:
         9f:7a:18:47
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMW4YCqNRImavEoBMUADVdnqYjg8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NjQ4ODQ3ZmJmMDJmOTNhMmQ2ZGE3ODhiNGIwNTc5YzMx
YTc3MTkzODFjNTJhNDgzNjcwMWQ4YzMxOGI1NDhiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDh1qSFLTM489nRdrLZGtZ6bX2rt0pEXQjS6s6WXkgCa3+9
onYUEB0fEc+bwEqRk7UjD6JxUfaHURewHW7PcwH5sfm67XmqgbPN0xxw4FflZs8a
XL/yHMSQTGzQxhuRzYdQkMCzzEW6z4Ke6skak7nDZMDiJddoq6WiAcfrgl8VBOeE
GKfMhl0NNYcPwZIzwFAKF9cajjgQ50ts8v9w9Sri0a1n2BDWI17RBSWwApKyB2gl
KXRs6/al1zFlHEMOQr0pqtYGqJC6+uNRE6tdL9BzYl94X1S53OzlWttk8sWBzgFE
WM/hJ1edxO0zymqmpFNxIB/NPcUQfQeD9wUAN3YPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUvqrKUIHWmWgIxibDOrBa9tiaQaMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkNGVkYTMxLTcxOWMtNDIwYi1hNGQ5LWQ0YzYwMmI3ODEzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAouzANBgkqhkiG9w0BAQsFAAOCAQEAEbAKtEPIC7Cf8nI3WpvpiZ5Y+Me0
G/4JBCWvEfUk8BPl7zBqGBdOQ9uKcZSoywIJ9oHKSFmbF8Z4aAki3Lpbe6RvNxx7
15DuZ6r3Dvjp7qolUste2c94YryDXlRNPcqs8ZHPauSGk6B5XtLXcF1S4ggRRxWz
QKEIrtKA+AxaX5hS91ygAfxasMdjKYqc0/DoCwtErrssREqOgwAFlvvKDGApFiLG
YdJVtTPQBrlJ9oJcfYmp6mxTUsgQ8ySmn0WXoi3WqGtsRZqEhES9tH6Rvq0zPon1
R8kv+FtvLSY//FlcHOqr7vBvxo4pFa1SdgSlO/nSHFSxfksv6nu3n3oYRw==
-----END CERTIFICATE-----