Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72d26f90-0f0c-4ac7-a01a-5fe442c76423.roa
File:                     72d26f90-0f0c-4ac7-a01a-5fe442c76423.roa (raw, json)
Hash identifier:          /a2uPvJ6cNR3Og1AX4Fb09PlIascviEG7rH120bDfNo=
Subject key identifier:   F1:E6:B4:4E:F6:AB:F7:70:27:E1:E0:4F:F1:45:6D:6E:8D:AC:38:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       450EE5914D7E850C97ED444E5AA3BE5132DDD933
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72d26f90-0f0c-4ac7-a01a-5fe442c76423.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.178.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:0e:e5:91:4d:7e:85:0c:97:ed:44:4e:5a:a3:be:51:32:dd:d9:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=f2355c6e0a55957f890d95337a8eac6d05589c75c1fe300ce7bd3171ef8c54c3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:74:2f:99:96:49:36:21:b1:0e:f5:6a:f4:fe:
                    cc:60:b6:0b:b5:c5:2a:2c:13:2c:79:94:6a:8a:c1:
                    2e:c4:83:7b:f7:78:b1:dc:87:8c:fe:a3:da:54:03:
                    e9:09:0a:c2:1b:0f:22:df:d1:4d:35:9c:19:4a:c1:
                    59:5f:2b:d5:ff:88:da:33:16:67:21:7c:4f:54:2c:
                    6f:31:b4:1c:a2:b5:66:47:af:28:5b:6e:cc:84:1d:
                    ef:44:d4:a5:8c:08:db:5f:4d:c8:2d:ec:1f:82:ff:
                    25:e2:98:0a:ed:d4:38:cb:fb:60:6c:6a:79:ec:da:
                    33:01:09:43:1a:c8:9b:7e:e3:67:70:a7:75:41:2f:
                    61:75:f1:22:81:85:dc:d9:aa:7f:a8:35:8a:36:10:
                    87:dc:3c:bb:e7:1a:03:15:52:88:82:c9:c2:90:cc:
                    23:5b:30:77:f9:9d:f0:ce:94:b2:fc:b5:78:48:76:
                    5f:93:22:b8:6f:d1:41:4a:66:57:e2:6e:85:19:0d:
                    12:fc:bb:b7:3f:94:29:96:30:e9:05:84:bb:42:d8:
                    8a:8d:ee:af:c9:5a:4f:d1:85:fa:cf:fe:c2:2e:3b:
                    97:09:99:3f:8b:3d:4f:51:a4:ca:96:8f:44:5c:a1:
                    6c:46:96:3e:7e:8c:63:32:08:fe:e3:68:f7:79:55:
                    e9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:E6:B4:4E:F6:AB:F7:70:27:E1:E0:4F:F1:45:6D:6E:8D:AC:38:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72d26f90-0f0c-4ac7-a01a-5fe442c76423.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.178.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         55:15:11:53:17:69:52:4c:2c:21:45:bf:c2:fe:cf:16:dc:0e:
         26:8f:bb:45:d4:93:bb:72:b3:05:80:66:ad:43:8a:38:2e:60:
         df:b5:b4:5e:7c:9a:15:8a:1b:4e:22:5e:e0:ff:05:fd:a3:c2:
         5a:d7:c2:d1:da:09:41:27:6a:af:a9:53:58:4f:0f:ce:43:97:
         48:94:13:c1:61:12:e8:be:13:92:c8:61:ef:84:34:71:51:84:
         d7:a4:88:43:87:49:30:79:b9:36:f4:d8:83:6d:aa:f8:e4:37:
         d7:66:03:4a:87:60:83:bf:20:17:c2:11:4e:6a:6c:96:b6:d4:
         4d:14:30:ba:3e:e9:c2:a9:df:f7:cc:49:d4:ce:99:9d:17:01:
         5b:87:c5:dc:ba:00:da:a3:08:b9:e6:ec:69:49:6c:87:72:bc:
         36:bb:d1:ac:fa:74:1c:fb:89:03:79:2b:0e:f8:9c:d5:f5:6c:
         de:05:8a:f5:f8:d6:82:84:e4:ea:1a:be:4d:57:5a:de:83:53:
         7f:0f:ea:3d:8c:a9:dc:da:2c:b2:6f:06:fc:bd:1f:6b:21:6c:
         91:65:ae:72:d7:0f:67:e8:0d:fb:5c:9f:b3:26:a2:57:55:99:
         26:c2:8b:ce:40:78:89:d5:2e:e8:49:7c:4a:4c:2f:c4:ca:80:
         9e:8f:9f:20
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIURQ7lkU1+hQyX7UROWqO+UTLd2TMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjM1NWM2ZTBhNTU5NTdmODkwZDk1MzM3YThlYWM2ZDA1
NTg5Yzc1YzFmZTMwMGNlN2JkMzE3MWVmOGM1NGMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFdC+Zlkk2IbEO9Wr0/sxgtgu1xSosEyx5lGqKwS7Eg3v3
eLHch4z+o9pUA+kJCsIbDyLf0U01nBlKwVlfK9X/iNozFmchfE9ULG8xtByitWZH
ryhbbsyEHe9E1KWMCNtfTcgt7B+C/yXimArt1DjL+2Bsanns2jMBCUMayJt+42dw
p3VBL2F18SKBhdzZqn+oNYo2EIfcPLvnGgMVUoiCycKQzCNbMHf5nfDOlLL8tXhI
dl+TIrhv0UFKZlfiboUZDRL8u7c/lCmWMOkFhLtC2IqN7q/JWk/RhfrP/sIuO5cJ
mT+LPU9RpMqWj0RcoWxGlj5+jGMyCP7jaPd5Vek5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8ea0Tvar93An4eBP8UVtbo2sOFEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcyZDI2ZjkwLTBmMGMtNGFjNy1hMDFhLTVmZTQ0MmM3NjQyMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAosjANBgkqhkiG9w0BAQsFAAOCAQEAVRURUxdpUkwsIUW/wv7PFtwOJo+7
RdSTu3KzBYBmrUOKOC5g37W0XnyaFYobTiJe4P8F/aPCWtfC0doJQSdqr6lTWE8P
zkOXSJQTwWES6L4Tkshh74Q0cVGE16SIQ4dJMHm5NvTYg22q+OQ312YDSodgg78g
F8IRTmpslrbUTRQwuj7pwqnf98xJ1M6ZnRcBW4fF3LoA2qMIuebsaUlsh3K8NrvR
rPp0HPuJA3krDvic1fVs3gWK9fjWgoTk6hq+TVda3oNTfw/qPYyp3Nossm8G/L0f
ayFskWWuctcPZ+gN+1yfsyaiV1WZJsKLzkB4idUu6El8SkwvxMqAno+fIA==
-----END CERTIFICATE-----