Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ecdb4eb-6c61-4152-aa53-a0c3859a27bf.roa
File:                     3ecdb4eb-6c61-4152-aa53-a0c3859a27bf.roa (raw, json)
Hash identifier:          ErxmKcq6YN7BbyUz3SrNDdwFgs3ZXuXLKXdmX3N6jY0=
Subject key identifier:   A5:B9:3D:04:B3:84:65:A9:81:41:5B:BD:56:FC:52:D9:20:3F:55:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72A29C4EB3669905E1C5FADB65E06AECFBE0D4CE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ecdb4eb-6c61-4152-aa53-a0c3859a27bf.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.164.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a2:9c:4e:b3:66:99:05:e1:c5:fa:db:65:e0:6a:ec:fb:e0:d4:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: serialNumber=fd91d23ce59905acaae3a1beca33fb502ed61e72e5118bae896a7b4f363b92c5, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b3:62:cd:5e:f7:cb:fa:e4:fc:32:40:8c:29:
                    94:6a:ba:23:2e:3b:b8:a6:77:82:f6:bf:62:f1:2d:
                    2f:c6:7d:65:ae:b4:9c:ff:9a:94:8f:d4:df:21:b4:
                    89:a5:a8:11:9d:1e:c5:a1:49:de:7b:ae:48:90:c1:
                    84:5c:4b:9b:33:6f:86:ba:28:65:ff:43:41:ec:7d:
                    68:0f:b6:76:1e:7a:08:f8:87:23:34:e7:dd:64:7d:
                    a0:9d:7c:2b:58:bc:c2:a0:2d:83:36:02:9b:56:f8:
                    3f:0a:21:fb:cb:0f:94:5d:cc:1b:4a:fd:a2:7b:d2:
                    6e:6a:7d:31:74:bf:9c:8a:48:bd:00:97:a5:9a:89:
                    87:b4:09:83:b1:6a:36:a5:bb:b8:cc:8e:0b:28:b6:
                    69:de:28:0f:b0:89:36:fd:94:c2:2a:73:e9:ba:66:
                    be:a5:a9:19:f0:04:a8:6e:70:a2:b9:39:29:b5:a3:
                    b6:bc:39:b3:e3:ec:98:0f:6f:52:29:cb:13:7d:73:
                    6e:64:4d:4c:02:96:05:9d:0a:7b:3e:0c:a9:d0:8d:
                    bd:c1:84:dc:45:59:b8:18:5b:62:8f:39:67:0d:a2:
                    dd:3a:5f:33:42:ad:07:64:8f:ec:70:23:f5:57:6f:
                    87:64:e4:ea:5e:a4:d4:eb:ab:8a:81:f7:38:dc:19:
                    4a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:B9:3D:04:B3:84:65:A9:81:41:5B:BD:56:FC:52:D9:20:3F:55:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3ecdb4eb-6c61-4152-aa53-a0c3859a27bf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.164.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:2f:a2:cf:01:75:9e:78:32:1e:8c:63:a4:74:4f:1d:c1:f3:
         e2:b7:fc:02:e2:ab:49:94:0b:55:07:a1:6a:e4:d7:11:dd:d7:
         c2:65:43:90:fa:5a:e3:08:78:61:de:bc:78:f3:c2:ca:a8:41:
         7f:97:ea:f8:2f:c9:1c:b1:20:6e:e0:1c:36:e3:b3:6a:38:ea:
         47:24:ad:d7:d0:bb:3b:42:4c:79:e3:83:94:45:c3:73:f0:46:
         4e:81:4e:5e:7b:c9:29:4a:c5:ca:62:6d:f1:62:ae:51:a1:c1:
         d1:15:30:a9:94:aa:8e:89:1c:21:6e:21:5f:d5:ff:4d:fd:91:
         44:5c:7d:96:bb:22:b3:3f:40:84:00:79:58:3e:ba:7f:54:52:
         b5:02:ce:2c:79:17:77:7c:b3:47:36:8e:26:5e:4a:e6:0f:52:
         7e:79:92:13:fe:35:f1:e4:ca:03:e9:1f:2b:33:57:7c:64:a5:
         46:3b:0f:3f:c3:12:00:da:f9:32:aa:2f:1b:b2:43:96:e8:88:
         b8:74:11:f8:8e:39:c6:fe:8b:b5:2c:5c:48:4d:f7:ed:bc:e4:
         22:89:65:7c:83:dc:f6:6c:a0:97:3a:af:91:45:b6:ef:9b:c7:
         8a:de:c2:63:7c:2d:5b:ca:06:a4:c4:11:29:34:a3:89:af:ab:
         9c:55:42:5d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcqKcTrNmmQXhxfrbZeBq7Pvg1M4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZDkxZDIzY2U1OTkwNWFjYWFlM2ExYmVjYTMzZmI1MDJl
ZDYxZTcyZTUxMThiYWU4OTZhN2I0ZjM2M2I5MmM1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6s2LNXvfL+uT8MkCMKZRquiMuO7imd4L2v2LxLS/GfWWu
tJz/mpSP1N8htImlqBGdHsWhSd57rkiQwYRcS5szb4a6KGX/Q0HsfWgPtnYeegj4
hyM0591kfaCdfCtYvMKgLYM2AptW+D8KIfvLD5RdzBtK/aJ70m5qfTF0v5yKSL0A
l6WaiYe0CYOxajalu7jMjgsotmneKA+wiTb9lMIqc+m6Zr6lqRnwBKhucKK5OSm1
o7a8ObPj7JgPb1IpyxN9c25kTUwClgWdCns+DKnQjb3BhNxFWbgYW2KPOWcNot06
XzNCrQdkj+xwI/VXb4dk5OpepNTrq4qB9zjcGUpjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUpbk9BLOEZamBQVu9VvxS2SA/VaYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlY2RiNGViLTZjNjEtNDE1Mi1hYTUzLWEwYzM4NTlhMjdiZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAopDANBgkqhkiG9w0BAQsFAAOCAQEApC+izwF1nngyHoxjpHRPHcHz4rf8
AuKrSZQLVQehauTXEd3XwmVDkPpa4wh4Yd68ePPCyqhBf5fq+C/JHLEgbuAcNuOz
ajjqRySt19C7O0JMeeODlEXDc/BGToFOXnvJKUrFymJt8WKuUaHB0RUwqZSqjokc
IW4hX9X/Tf2RRFx9lrsisz9AhAB5WD66f1RStQLOLHkXd3yzRzaOJl5K5g9SfnmS
E/418eTKA+kfKzNXfGSlRjsPP8MSANr5MqovG7JDluiIuHQR+I45xv6LtSxcSE33
7bzkIollfIPc9myglzqvkUW275vHit7CY3wtW8oGpMQRKTSjia+rnFVCXQ==
-----END CERTIFICATE-----