Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a26f7ba1-8b57-4c5a-a7d8-2a6526a1bcca.roa
File:                     a26f7ba1-8b57-4c5a-a7d8-2a6526a1bcca.roa (raw, json)
Hash identifier:          wj3GbgiGzqEIDyF/PAQMKjP+jAQQCUGPnP5s1ddyTmQ=
Subject key identifier:   F1:09:38:01:E9:91:86:F2:43:48:1B:AF:BF:02:62:75:DA:DD:EC:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E4713810430A479501A45B0EB3101CB48BC1D7A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a26f7ba1-8b57-4c5a-a7d8-2a6526a1bcca.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.188.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:47:13:81:04:30:a4:79:50:1a:45:b0:eb:31:01:cb:48:bc:1d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=a27624f89f0a66e3cd8e24c53e368828ffac05286f02479876a2088403987a10, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:5a:50:b4:ad:b9:26:36:40:ac:6c:64:93:43:
                    9d:95:b0:8e:05:d9:19:11:08:a2:00:05:1d:98:a8:
                    77:9c:4a:14:83:b0:32:c7:a6:29:7e:ab:ca:da:45:
                    8d:91:79:79:9b:dc:69:6b:c6:44:73:b4:59:5b:96:
                    ff:3a:92:73:08:8e:67:fd:11:77:8f:14:bf:b5:00:
                    93:71:fb:6c:59:c1:31:5e:b7:0b:fd:86:cc:9a:1c:
                    45:d6:eb:3a:15:ce:a0:50:d2:49:54:70:43:99:95:
                    d5:f6:10:bf:4a:d9:7a:1e:9f:ba:bf:de:ab:e7:45:
                    d0:c0:1c:18:bc:04:ea:89:56:a3:98:d0:f0:2d:fd:
                    46:62:31:0a:25:21:74:23:44:ff:bd:e5:67:8f:76:
                    7c:30:36:e8:5b:e8:1f:da:79:e7:8d:81:6b:57:e7:
                    cd:56:11:9c:d0:cb:80:65:35:c9:2f:9b:22:71:8d:
                    c1:94:1b:2b:29:c3:6c:f8:04:12:f8:2c:c4:8a:9a:
                    77:96:55:8d:4d:83:ed:73:d9:9b:c9:7b:6f:58:f8:
                    68:47:87:13:12:54:74:97:3a:38:c3:9f:a5:48:22:
                    74:3a:23:8e:62:ac:08:70:5a:16:a8:10:36:ac:71:
                    69:e9:18:fd:49:8c:5a:73:31:eb:84:a4:29:99:2a:
                    1b:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:09:38:01:E9:91:86:F2:43:48:1B:AF:BF:02:62:75:DA:DD:EC:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a26f7ba1-8b57-4c5a-a7d8-2a6526a1bcca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.188.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a3:35:60:83:d1:86:d6:f7:19:71:a2:13:d9:4c:ef:41:6b:01:
         21:8b:83:df:3d:26:74:2b:fd:f3:95:20:e0:74:b5:b6:68:d8:
         f7:68:16:55:13:e3:6f:0b:5e:27:4d:43:87:d3:7f:83:d6:5a:
         4c:a7:00:33:6c:7b:86:6f:d6:fc:48:18:4b:b6:f5:c4:1c:1c:
         02:cb:da:bf:cd:a6:75:8b:62:f9:42:64:34:c2:f9:7c:db:9a:
         c8:90:df:8f:3b:4f:49:ba:a8:9c:35:6b:7c:79:ff:f5:77:58:
         56:23:07:66:6d:01:37:86:04:24:cb:03:c9:fa:fd:a9:15:df:
         89:3a:88:4c:9f:5a:2a:c2:da:5c:e3:cb:be:84:35:18:ee:cb:
         e8:b8:d6:6d:b9:c6:09:74:c4:48:e7:2e:b9:f4:c1:1d:e3:80:
         eb:19:5f:5a:95:06:29:83:57:90:f6:36:44:40:2a:8c:98:c2:
         05:1b:38:e6:28:cd:e9:8f:de:41:dd:8f:7e:b9:13:e1:3d:89:
         fc:fc:71:58:e0:df:d0:f5:a0:2f:0d:53:9b:81:86:0d:aa:26:
         c6:40:97:ca:fc:69:df:c2:b6:df:74:10:dc:a8:de:84:58:63:
         de:25:e2:e5:40:4d:21:ef:32:b0:a8:63:b5:45:d3:57:81:5f:
         d6:ff:a7:55
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULkcTgQQwpHlQGkWw6zEBy0i8HXowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMjc2MjRmODlmMGE2NmUzY2Q4ZTI0YzUzZTM2ODgyOGZm
YWMwNTI4NmYwMjQ3OTg3NmEyMDg4NDAzOTg3YTEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHWlC0rbkmNkCsbGSTQ52VsI4F2RkRCKIABR2YqHecShSD
sDLHpil+q8raRY2ReXmb3GlrxkRztFlblv86knMIjmf9EXePFL+1AJNx+2xZwTFe
twv9hsyaHEXW6zoVzqBQ0klUcEOZldX2EL9K2Xoen7q/3qvnRdDAHBi8BOqJVqOY
0PAt/UZiMQolIXQjRP+95WePdnwwNuhb6B/aeeeNgWtX581WEZzQy4BlNckvmyJx
jcGUGyspw2z4BBL4LMSKmneWVY1Ng+1z2ZvJe29Y+GhHhxMSVHSXOjjDn6VIInQ6
I45irAhwWhaoEDascWnpGP1JjFpzMeuEpCmZKhsbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8Qk4AemRhvJDSBuvvwJiddrd7DIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EyNmY3YmExLThiNTctNGM1YS1hN2Q4LTJhNjUyNmExYmNjYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAovDANBgkqhkiG9w0BAQsFAAOCAQEAozVgg9GG1vcZcaIT2UzvQWsBIYuD
3z0mdCv985Ug4HS1tmjY92gWVRPjbwteJ01Dh9N/g9ZaTKcAM2x7hm/W/EgYS7b1
xBwcAsvav82mdYti+UJkNML5fNuayJDfjztPSbqonDVrfHn/9XdYViMHZm0BN4YE
JMsDyfr9qRXfiTqITJ9aKsLaXOPLvoQ1GO7L6LjWbbnGCXTESOcuufTBHeOA6xlf
WpUGKYNXkPY2REAqjJjCBRs45ijN6Y/eQd2PfrkT4T2J/PxxWODf0PWgLw1Tm4GG
DaomxkCXyvxp38K233QQ3KjehFhj3iXi5UBNIe8ysKhjtUXTV4Ff1v+nVQ==
-----END CERTIFICATE-----