Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/451c17bb-fb02-47dd-9128-79d6b4d30ecb.roa
File:                     451c17bb-fb02-47dd-9128-79d6b4d30ecb.roa (raw, json)
Hash identifier:          w4iLw9jKWV7i2dsDSHqezwUIX9PikMW2MCSvDq/xnBE=
Subject key identifier:   D8:C9:6C:DE:7B:91:46:65:F1:D7:1E:3D:93:F5:0B:52:5E:49:03:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18ACF08EE9FA14B9650360296CD492996F277F5D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/451c17bb-fb02-47dd-9128-79d6b4d30ecb.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.235.0.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ac:f0:8e:e9:fa:14:b9:65:03:60:29:6c:d4:92:99:6f:27:7f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=2465d8afa5753480721f753580ee587611ed3b42e022454bc2bb3544f14ce62c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:eb:e0:60:a3:74:20:98:d2:3a:c6:2f:ec:8e:
                    ba:70:4c:24:37:80:e6:5a:e1:83:01:c1:b2:07:57:
                    20:69:be:48:0e:e5:9d:59:08:36:38:10:6e:46:74:
                    d0:08:f1:2c:da:14:eb:3a:75:21:9f:b2:90:a9:39:
                    56:59:34:3b:7b:f3:43:d6:ff:05:18:4e:db:9c:18:
                    1c:cf:06:95:6d:03:af:66:92:df:cd:94:a5:da:42:
                    d2:f8:35:b2:77:44:eb:94:8a:e7:cb:f8:b5:83:c0:
                    72:cb:27:88:e1:32:54:9e:ba:2e:ad:5f:e1:36:6c:
                    14:42:bb:a7:80:18:05:50:9e:71:69:dd:7d:4a:35:
                    9c:a7:cf:66:9c:ec:36:bb:f2:66:66:38:20:ab:90:
                    a7:e5:06:64:6f:39:db:d5:e6:7e:86:80:9e:a4:f6:
                    a8:49:ef:7e:b1:9c:45:8a:1d:6b:50:34:32:fa:e5:
                    3c:77:61:1f:36:f2:66:25:56:32:e5:11:02:9a:bd:
                    b7:eb:9f:e3:70:3e:55:e4:a3:08:44:fd:27:be:09:
                    6d:10:ec:55:10:82:b3:ef:76:2b:6a:9e:b4:02:21:
                    c3:74:3b:bb:6c:dd:e1:5e:2a:30:f5:40:8a:35:9c:
                    fc:4c:c7:1a:70:5f:0c:72:11:0a:27:dd:38:8c:44:
                    d4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:C9:6C:DE:7B:91:46:65:F1:D7:1E:3D:93:F5:0B:52:5E:49:03:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/451c17bb-fb02-47dd-9128-79d6b4d30ecb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.235.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6d:ac:00:3c:f4:9a:f2:d3:cc:60:27:fb:c7:00:2b:2e:3a:51:
         0a:45:57:32:d0:8d:41:62:b6:60:79:e3:d7:ec:d6:fa:17:37:
         ad:a6:b5:9d:71:05:d8:2b:10:ce:6a:17:b5:86:f2:8a:03:6f:
         62:82:a7:2d:05:83:73:dd:6b:d8:2b:c2:98:b8:01:3c:c6:62:
         fa:8e:91:02:94:bd:01:7d:c2:eb:d5:7f:b7:c7:fe:1b:e3:8b:
         d8:0f:b0:9b:99:d5:c0:59:15:23:4c:73:2f:7d:cf:3e:02:0f:
         71:4d:d7:9a:70:2e:3c:5b:23:82:29:a8:d8:eb:59:2a:75:ec:
         2a:11:7f:58:6a:30:54:83:8f:2b:bc:16:26:ef:55:5d:08:60:
         e7:a4:9c:1e:9f:15:eb:db:00:96:ab:e1:67:00:c4:34:95:fa:
         f2:23:e2:d5:cc:54:3a:6f:da:99:8a:b7:66:6e:63:39:97:49:
         25:3f:17:f6:ad:57:99:29:46:74:61:84:73:4d:c1:86:99:ce:
         92:d3:fc:56:c1:50:72:c9:3e:ee:a2:b0:bd:43:e9:ea:ab:e0:
         90:e2:74:15:2d:46:22:f9:22:ab:35:b8:82:25:be:7d:bc:08:
         93:09:e1:37:4b:a0:5a:71:3f:be:eb:c2:f4:36:3b:e3:58:04:
         f5:e2:61:89
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGKzwjun6FLllA2ApbNSSmW8nf10wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDY1ZDhhZmE1NzUzNDgwNzIxZjc1MzU4MGVlNTg3NjEx
ZWQzYjQyZTAyMjQ1NGJjMmJiMzU0NGYxNGNlNjJjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC06+Bgo3QgmNI6xi/sjrpwTCQ3gOZa4YMBwbIHVyBpvkgO
5Z1ZCDY4EG5GdNAI8SzaFOs6dSGfspCpOVZZNDt780PW/wUYTtucGBzPBpVtA69m
kt/NlKXaQtL4NbJ3ROuUiufL+LWDwHLLJ4jhMlSeui6tX+E2bBRCu6eAGAVQnnFp
3X1KNZynz2ac7Da78mZmOCCrkKflBmRvOdvV5n6GgJ6k9qhJ736xnEWKHWtQNDL6
5Tx3YR828mYlVjLlEQKavbfrn+NwPlXkowhE/Se+CW0Q7FUQgrPvditqnrQCIcN0
O7ts3eFeKjD1QIo1nPxMxxpwXwxyEQon3TiMRNQJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU2Mls3nuRRmXx1x49k/ULUl5JA+4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ1MWMxN2JiLWZiMDItNDdkZC05MTI4LTc5ZDZiNGQzMGVjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYo6wAwDQYJKoZIhvcNAQELBQADggEBAG2sADz0mvLTzGAn+8cAKy46UQpF
VzLQjUFitmB549fs1voXN62mtZ1xBdgrEM5qF7WG8ooDb2KCpy0Fg3Pda9grwpi4
ATzGYvqOkQKUvQF9wuvVf7fH/hvji9gPsJuZ1cBZFSNMcy99zz4CD3FN15pwLjxb
I4IpqNjrWSp17CoRf1hqMFSDjyu8FibvVV0IYOeknB6fFevbAJar4WcAxDSV+vIj
4tXMVDpv2pmKt2ZuYzmXSSU/F/atV5kpRnRhhHNNwYaZzpLT/FbBUHLJPu6isL1D
6eqr4JDidBUtRiL5Iqs1uIIlvn28CJMJ4TdLoFpxP77rwvQ2O+NYBPXiYYk=
-----END CERTIFICATE-----