Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64c5343c-cc60-4e8d-8942-52810e0bebc7.roa
File:                     64c5343c-cc60-4e8d-8942-52810e0bebc7.roa (raw, json)
Hash identifier:          XkrlcUR1U0iFf3mKgtUGSwDvhiMOHKrElqd0AcaMxqg=
Subject key identifier:   CE:C5:7A:8C:53:00:64:90:2C:03:D7:58:17:FC:98:20:1A:D4:9C:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       75B57CBAA679D2C29AC709C468178158C8CFC026
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64c5343c-cc60-4e8d-8942-52810e0bebc7.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.176.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:b5:7c:ba:a6:79:d2:c2:9a:c7:09:c4:68:17:81:58:c8:cf:c0:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=6b2bba5b5e62be4b64483088cf99283bb2a5503db7b4db6f8ff617ee1c85bf83, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1f:d5:e9:0b:fb:12:46:2c:80:3c:05:41:18:
                    b9:69:3f:d7:be:2b:de:2b:1f:ce:bf:4b:fa:a4:ad:
                    d2:53:c0:cb:b7:1d:8c:ac:1d:fa:ab:ea:9e:66:77:
                    26:5f:7f:3e:36:8e:07:6f:3f:a7:9a:5d:de:87:26:
                    25:51:2f:a6:ea:8a:43:8d:51:8b:58:2b:73:a7:2e:
                    58:b5:42:b8:ea:01:94:66:aa:a3:0f:2c:56:45:a3:
                    b7:05:44:86:5c:a1:61:5e:e3:3a:a2:19:c6:c5:46:
                    34:fd:57:24:2d:83:46:05:ce:30:5a:4b:51:47:bd:
                    81:79:cc:3a:dd:30:8a:b2:24:ed:f8:a4:94:c7:34:
                    6f:46:ec:b1:c8:98:16:59:d9:66:6b:6e:f6:df:15:
                    e8:f9:bd:11:55:15:5e:97:0d:08:ca:d6:42:11:7d:
                    8f:f5:ab:71:cc:82:f7:e5:78:30:f3:a0:f5:af:5c:
                    7e:11:89:72:a8:6a:ca:6a:59:86:5d:30:0a:01:b3:
                    82:af:fc:eb:91:f8:8c:d7:33:f6:6b:86:bf:c9:f6:
                    18:0a:19:86:ca:1a:c2:28:62:d7:a4:7e:fe:b8:12:
                    93:d2:4e:30:b4:c1:2f:32:a4:88:ae:61:de:25:02:
                    01:0c:e3:55:25:4f:a0:b8:7e:e6:ec:79:48:e8:a2:
                    df:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C5:7A:8C:53:00:64:90:2C:03:D7:58:17:FC:98:20:1A:D4:9C:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/64c5343c-cc60-4e8d-8942-52810e0bebc7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         1a:a0:be:ad:35:6e:f8:84:db:bc:e0:00:24:eb:1c:55:7b:49:
         91:ef:20:31:da:33:e8:94:63:b1:77:99:8b:28:de:8e:a7:4c:
         c0:da:01:4a:86:67:9f:67:d9:cf:9e:5e:57:de:e1:22:a0:51:
         4d:77:f8:34:92:b3:da:8e:67:dd:f1:97:ae:8b:10:68:07:01:
         0c:15:c4:3e:1d:fc:6c:6d:d6:e1:38:c4:db:8e:be:b1:e0:f8:
         65:21:8d:93:82:4b:84:9b:2f:08:72:56:ae:11:0f:d4:93:5d:
         9d:09:e7:87:69:46:8b:a4:e6:3f:21:b8:68:03:47:a0:b3:6f:
         d7:14:f8:c1:4e:4c:e4:26:b0:2e:fe:31:71:8d:54:cd:92:b3:
         49:e1:7a:cf:10:e2:16:be:02:ba:93:a8:ef:25:f4:8a:43:86:
         86:d3:72:85:48:b2:75:8d:41:eb:cf:b4:13:ef:51:4d:60:d7:
         db:39:16:8b:de:20:d8:85:ee:5b:2f:0a:e0:79:79:a4:33:98:
         d6:b3:43:8e:6f:d4:da:d0:f6:c2:04:4d:f2:0a:71:6b:42:b3:
         8f:62:cb:fc:4a:97:d8:cd:5f:39:b7:46:06:69:4f:c0:e9:06:
         2d:54:a0:84:b5:5c:cc:2a:ed:71:ed:4d:7d:a3:dc:b8:87:8f:
         40:f1:a7:50
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdbV8uqZ50sKaxwnEaBeBWMjPwCYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A2YjJiYmE1YjVlNjJiZTRiNjQ0ODMwODhjZjk5MjgzYmIy
YTU1MDNkYjdiNGRiNmY4ZmY2MTdlZTFjODViZjgzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5H9XpC/sSRiyAPAVBGLlpP9e+K94rH86/S/qkrdJTwMu3
HYysHfqr6p5mdyZffz42jgdvP6eaXd6HJiVRL6bqikONUYtYK3OnLli1QrjqAZRm
qqMPLFZFo7cFRIZcoWFe4zqiGcbFRjT9VyQtg0YFzjBaS1FHvYF5zDrdMIqyJO34
pJTHNG9G7LHImBZZ2WZrbvbfFej5vRFVFV6XDQjK1kIRfY/1q3HMgvfleDDzoPWv
XH4RiXKoaspqWYZdMAoBs4Kv/OuR+IzXM/Zrhr/J9hgKGYbKGsIoYtekfv64EpPS
TjC0wS8ypIiuYd4lAgEM41UlT6C4fubseUjoot+JAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUzsV6jFMAZJAsA9dYF/yYIBrUnAcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0YzUzNDNjLWNjNjAtNGU4ZC04OTQyLTUyODEwZTBiZWJjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIosDANBgkqhkiG9w0BAQsFAAOCAQEAGqC+rTVu+ITbvOAAJOscVXtJke8g
Mdoz6JRjsXeZiyjejqdMwNoBSoZnn2fZz55eV97hIqBRTXf4NJKz2o5n3fGXrosQ
aAcBDBXEPh38bG3W4TjE246+seD4ZSGNk4JLhJsvCHJWrhEP1JNdnQnnh2lGi6Tm
PyG4aANHoLNv1xT4wU5M5CawLv4xcY1UzZKzSeF6zxDiFr4CupOo7yX0ikOGhtNy
hUiydY1B68+0E+9RTWDX2zkWi94g2IXuWy8K4Hl5pDOY1rNDjm/U2tD2wgRN8gpx
a0Kzj2LL/EqX2M1fObdGBmlPwOkGLVSghLVczCrtce1NfaPcuIePQPGnUA==
-----END CERTIFICATE-----