Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/285a48af-2ccd-4b1a-8f68-325b86119506.roa
File:                     285a48af-2ccd-4b1a-8f68-325b86119506.roa (raw, json)
Hash identifier:          PY2vtjOsuCqSeh4vMoW8s678WgOB6xvXnZXDOhL3wrw=
Subject key identifier:   42:B4:BA:A2:11:F9:DE:D5:93:B7:A0:70:C4:8D:D3:41:2B:BE:71:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       56D55A0A7612071DDB4C48A270BDE6D370475E38
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/285a48af-2ccd-4b1a-8f68-325b86119506.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        172.103.40.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:d5:5a:0a:76:12:07:1d:db:4c:48:a2:70:bd:e6:d3:70:47:5e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=bdcfea72c3a2728729788fb4d41022e4f777e1f3649f25ccf2797d0fbe3771ee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ef:e4:ea:d7:21:11:ca:5a:3a:78:59:07:69:
                    4a:44:2a:a0:33:44:72:3e:fb:45:e3:b0:7c:23:1f:
                    2f:5d:2d:89:c8:3b:76:1d:e1:fd:7f:45:a8:9d:28:
                    7d:10:97:7e:21:63:16:84:dc:f8:25:a1:63:a7:64:
                    c3:70:79:7d:c8:95:59:75:ef:d6:dd:0d:19:fb:0e:
                    70:5e:f5:50:5b:a6:1a:cf:93:37:30:6c:51:fa:4c:
                    35:19:f3:0d:8d:9b:cd:74:ce:c5:ca:f9:70:16:9d:
                    ea:19:3b:70:2b:0a:0f:3c:58:86:c0:81:e9:1f:23:
                    6e:1b:c6:27:93:0f:f6:f8:6e:56:a2:67:68:82:7b:
                    c8:58:65:dc:67:c8:5f:7d:ca:9b:8f:07:4f:b4:16:
                    72:af:c8:fb:35:aa:61:0f:1b:32:37:40:a6:d9:39:
                    c4:7d:29:d0:ae:a0:3d:86:90:3e:2c:22:85:2a:cc:
                    b4:3a:dc:c9:b6:36:ec:1d:c5:08:72:21:08:ab:33:
                    ff:d5:5e:82:99:e2:7b:f2:c3:a8:91:a1:57:f2:29:
                    05:d5:6a:92:94:42:bc:73:b9:24:fc:55:37:2d:a9:
                    ee:5e:06:98:84:62:cf:32:e3:b0:93:c7:e3:aa:bc:
                    bd:d4:19:9a:6e:cc:7e:31:9f:0b:e3:06:2f:ff:c5:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:B4:BA:A2:11:F9:DE:D5:93:B7:A0:70:C4:8D:D3:41:2B:BE:71:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/285a48af-2ccd-4b1a-8f68-325b86119506.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  172.103.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:e9:21:74:d3:5e:ea:a5:d7:e7:98:5f:d5:6d:87:19:ee:ca:
         14:40:60:04:be:e5:c7:2a:e2:ab:df:3a:4a:55:32:5f:c7:81:
         30:1c:fc:16:fb:b0:2c:b4:dd:d4:35:aa:fb:45:2a:3d:d4:f9:
         36:2a:cf:91:0d:ca:48:38:be:f0:2d:3f:c6:fe:0d:1e:00:91:
         ef:29:b3:8a:2e:25:85:79:57:ed:14:7c:85:4f:02:e7:eb:46:
         59:fd:e6:87:53:0b:19:3e:24:f2:a6:20:16:12:72:a3:c5:d4:
         bb:e2:31:e3:99:e7:74:d0:82:4d:2f:df:52:43:86:a2:9c:25:
         2f:d3:5b:08:ed:4c:0b:d8:05:59:1e:af:cf:ca:08:18:dd:df:
         0b:00:ea:b7:9e:6e:5d:b2:60:7d:98:a1:47:63:6f:9b:5d:c5:
         5b:f5:ba:43:b4:42:c0:a9:74:a8:89:16:88:e8:ff:6e:c0:4b:
         eb:d4:9d:05:f1:99:4d:8a:5c:d6:79:19:82:1f:11:20:85:b8:
         6e:e9:4b:ec:98:1b:bb:87:64:e7:97:d9:85:46:a5:4d:b0:65:
         f8:2f:a7:9b:64:51:d7:93:c4:95:3b:ab:c7:d2:57:d1:54:6a:
         c3:91:e4:72:b4:12:cd:c4:74:ef:3c:d2:00:b5:6c:fb:09:ad:
         1a:56:35:e1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVtVaCnYSBx3bTEiicL3m03BHXjgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZGNmZWE3MmMzYTI3Mjg3Mjk3ODhmYjRkNDEwMjJlNGY3
NzdlMWYzNjQ5ZjI1Y2NmMjc5N2QwZmJlMzc3MWVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCW7+Tq1yERylo6eFkHaUpEKqAzRHI++0XjsHwjHy9dLYnI
O3Yd4f1/RaidKH0Ql34hYxaE3PgloWOnZMNweX3IlVl179bdDRn7DnBe9VBbphrP
kzcwbFH6TDUZ8w2Nm810zsXK+XAWneoZO3ArCg88WIbAgekfI24bxieTD/b4blai
Z2iCe8hYZdxnyF99ypuPB0+0FnKvyPs1qmEPGzI3QKbZOcR9KdCuoD2GkD4sIoUq
zLQ63Mm2NuwdxQhyIQirM//VXoKZ4nvyw6iRoVfyKQXVapKUQrxzuST8VTctqe5e
BpiEYs8y47CTx+OqvL3UGZpuzH4xnwvjBi//xfuRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQrS6ohH53tWTt6BwxI3TQSu+cYgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI4NWE0OGFmLTJjY2QtNGIxYS04ZjY4LTMyNWI4NjExOTUwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOsZygwDQYJKoZIhvcNAQELBQADggEBAHvpIXTTXuql1+eYX9VthxnuyhRA
YAS+5ccq4qvfOkpVMl/HgTAc/Bb7sCy03dQ1qvtFKj3U+TYqz5ENykg4vvAtP8b+
DR4Ake8ps4ouJYV5V+0UfIVPAufrRln95odTCxk+JPKmIBYScqPF1LviMeOZ53TQ
gk0v31JDhqKcJS/TWwjtTAvYBVker8/KCBjd3wsA6reebl2yYH2YoUdjb5tdxVv1
ukO0QsCpdKiJFojo/27AS+vUnQXxmU2KXNZ5GYIfESCFuG7pS+yYG7uHZOeX2YVG
pU2wZfgvp5tkUdeTxJU7q8fSV9FUasOR5HK0Es3EdO880gC1bPsJrRpWNeE=
-----END CERTIFICATE-----