Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/417bec18-6c64-44ef-8ae9-cc00622fadc0.roa
File:                     417bec18-6c64-44ef-8ae9-cc00622fadc0.roa (raw, json)
Hash identifier:          CRwJoovUV+Kc4kTSkyamZLNqWgSlBdGHxEECfEBJvBI=
Subject key identifier:   36:51:57:23:4D:9E:38:2E:32:ED:1C:31:F2:DF:58:F0:71:22:CF:7E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5958CF57A8134780024AD5F113C5213BD2BC025F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/417bec18-6c64-44ef-8ae9-cc00622fadc0.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.165.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:58:cf:57:a8:13:47:80:02:4a:d5:f1:13:c5:21:3b:d2:bc:02:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: serialNumber=5e3618bc53f4543239b323c71e85acd72e5348345ddb539b8c8d32e600baf983, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b9:53:34:67:53:3e:7f:4e:9e:f3:f8:c9:7c:
                    74:6d:72:60:39:bb:88:54:e1:ba:da:9b:50:e2:d4:
                    e8:60:c9:2a:17:5d:22:e4:75:b1:7d:48:5f:0a:2a:
                    98:d9:1b:f3:20:36:41:fc:9c:d6:7a:76:3e:98:1d:
                    42:66:34:36:df:45:54:6d:df:85:06:d1:ee:e1:cb:
                    28:a8:55:1a:64:8a:f3:83:dc:12:aa:5e:75:12:a2:
                    96:70:60:b5:a0:eb:fc:8e:5b:07:ca:14:e2:65:e6:
                    76:b4:49:94:99:6c:45:d1:0e:17:fc:2a:44:9d:dd:
                    e5:6e:07:ee:61:2d:7e:c1:41:d7:04:d3:54:9d:c6:
                    7c:26:2c:cd:79:4f:74:f4:fe:06:3e:63:10:e8:b6:
                    0e:4b:4a:01:91:c5:10:a0:32:3c:5f:4f:05:d4:95:
                    d0:34:c3:79:2d:68:4d:09:92:32:b5:cb:5a:af:9e:
                    0f:9a:9d:4e:7f:46:78:45:f3:0a:32:4e:62:cf:00:
                    f0:f2:57:0a:52:33:e4:ce:39:4d:e1:e7:c2:b6:0d:
                    1d:1f:b1:08:ca:d3:ee:61:f1:67:a3:75:4d:ef:96:
                    3e:13:c2:c5:e4:64:c4:68:9e:43:b8:c3:0b:27:4b:
                    ac:f4:70:61:f9:3a:53:28:cb:23:59:56:16:f1:45:
                    e6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:51:57:23:4D:9E:38:2E:32:ED:1C:31:F2:DF:58:F0:71:22:CF:7E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/417bec18-6c64-44ef-8ae9-cc00622fadc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.165.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ae:01:4b:b4:6a:b8:d7:59:ad:07:e8:7e:c4:ee:c2:fc:a0:bf:
         9d:0d:7e:c8:1a:bc:03:05:d4:0e:a0:5c:14:ab:c1:84:0e:24:
         c5:da:66:0e:19:a9:6f:a3:34:9e:80:92:9d:fd:7b:2f:c7:90:
         0f:af:14:c5:bb:79:a2:c3:50:dc:d3:26:2d:07:42:fd:b0:db:
         4c:7f:bd:ab:e6:8b:91:03:ec:c6:59:0e:b6:88:9e:6a:21:c5:
         35:eb:86:68:8d:92:b6:7e:2c:8a:4d:41:46:57:f9:1c:a3:bb:
         91:56:b8:8e:ad:f7:64:41:f6:7a:c0:bf:7d:25:6c:53:b9:cc:
         d1:44:5f:ee:6b:ed:e9:24:84:ef:04:2e:61:28:3c:fb:2c:70:
         6c:43:c2:60:c3:6d:2d:d2:1d:3e:48:c3:2d:3b:f6:73:6f:8a:
         04:2a:e1:dd:d0:9a:08:d6:18:0f:06:32:0f:cf:20:62:8e:39:
         d3:81:71:0e:bd:c2:e7:5f:8e:80:41:e6:d5:27:75:df:64:48:
         52:f5:83:d4:b3:28:9c:f4:1f:0d:6a:cb:7b:8f:45:a6:cb:a8:
         fd:5d:7a:6c:f6:3d:3a:d1:5c:bf:f3:6f:27:2d:38:cf:de:c8:
         9b:3d:ae:91:ff:b7:04:4a:64:2b:45:26:d1:e6:f2:ec:73:99:
         88:50:75:85
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUWVjPV6gTR4ACStXxE8UhO9K8Al8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZTM2MThiYzUzZjQ1NDMyMzliMzIzYzcxZTg1YWNkNzJl
NTM0ODM0NWRkYjUzOWI4YzhkMzJlNjAwYmFmOTgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCquVM0Z1M+f06e8/jJfHRtcmA5u4hU4bram1Di1OhgySoX
XSLkdbF9SF8KKpjZG/MgNkH8nNZ6dj6YHUJmNDbfRVRt34UG0e7hyyioVRpkivOD
3BKqXnUSopZwYLWg6/yOWwfKFOJl5na0SZSZbEXRDhf8KkSd3eVuB+5hLX7BQdcE
01SdxnwmLM15T3T0/gY+YxDotg5LSgGRxRCgMjxfTwXUldA0w3ktaE0JkjK1y1qv
ng+anU5/RnhF8woyTmLPAPDyVwpSM+TOOU3h58K2DR0fsQjK0+5h8WejdU3vlj4T
wsXkZMRonkO4wwsnS6z0cGH5OlMoyyNZVhbxReZHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNlFXI02eOC4y7Rwx8t9Y8HEiz34wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQxN2JlYzE4LTZjNjQtNDRlZi04YWU5LWNjMDA2MjJmYWRjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAopTANBgkqhkiG9w0BAQsFAAOCAQEArgFLtGq411mtB+h+xO7C/KC/nQ1+
yBq8AwXUDqBcFKvBhA4kxdpmDhmpb6M0noCSnf17L8eQD68Uxbt5osNQ3NMmLQdC
/bDbTH+9q+aLkQPsxlkOtoieaiHFNeuGaI2Stn4sik1BRlf5HKO7kVa4jq33ZEH2
esC/fSVsU7nM0URf7mvt6SSE7wQuYSg8+yxwbEPCYMNtLdIdPkjDLTv2c2+KBCrh
3dCaCNYYDwYyD88gYo4504FxDr3C51+OgEHm1Sd132RIUvWD1LMonPQfDWrLe49F
psuo/V16bPY9OtFcv/NvJy04z97Imz2ukf+3BEpkK0Um0eby7HOZiFB1hQ==
-----END CERTIFICATE-----