Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdc72e72-b460-42f1-bf2c-6b34dbfd59f5.roa
File:                     bdc72e72-b460-42f1-bf2c-6b34dbfd59f5.roa (raw, json)
Hash identifier:          H+yNV1178scK7ZSZkoNKhmIA2VQr+VTU3bKRZ4B52uU=
Subject key identifier:   61:78:6C:83:BF:44:9A:5B:67:D6:B6:5C:32:91:FD:41:00:8B:C8:2D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C7F5A9D8F4A5E254EDA581735079CD5B2311D0C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdc72e72-b460-42f1-bf2c-6b34dbfd59f5.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.234.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:7f:5a:9d:8f:4a:5e:25:4e:da:58:17:35:07:9c:d5:b2:31:1d:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=161f74510fd89e37f1ecdbacb6b7e92b0f0cb8687461757a5ed636ec6bba857e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5d:ee:2f:89:50:4e:14:26:69:fe:8e:2a:8b:
                    12:6b:25:6d:7d:04:d1:36:6c:1c:08:53:33:d1:55:
                    73:eb:02:35:d0:6e:ef:6f:e0:e1:50:b5:57:b6:39:
                    5c:e3:80:70:db:43:f7:49:0e:9f:fb:31:48:02:20:
                    7c:68:e1:6c:c7:86:65:6c:f8:eb:ee:a2:99:63:e3:
                    d6:8e:26:a9:0a:4b:f4:c3:31:60:ac:fc:44:92:23:
                    78:21:87:1b:d8:02:d7:6d:30:a8:9f:b9:75:bc:42:
                    e7:3d:f3:11:52:b1:81:c0:34:c6:f7:eb:38:cb:7b:
                    3f:40:cd:02:f2:61:76:90:0f:e5:ea:74:6a:fd:72:
                    31:3f:8e:35:e3:15:fe:53:74:6b:f0:06:3a:69:81:
                    c7:82:99:73:3e:ba:fa:ae:00:bb:43:00:cd:73:54:
                    f6:b5:b0:fa:f6:f8:35:d3:1b:84:5e:0a:2d:e8:a0:
                    81:74:c5:59:07:26:f4:9a:a2:ef:36:ce:b1:70:da:
                    c6:38:bf:51:f2:88:a7:00:5a:b0:5a:ac:19:db:2e:
                    4e:3e:01:75:ba:c2:a9:8d:65:19:e8:2f:f3:09:41:
                    a9:e5:89:27:30:28:dc:59:59:99:d6:0d:1a:55:dc:
                    b4:43:d4:ba:81:86:64:7c:cf:9c:80:37:7a:8a:91:
                    2a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:78:6C:83:BF:44:9A:5B:67:D6:B6:5C:32:91:FD:41:00:8B:C8:2D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bdc72e72-b460-42f1-bf2c-6b34dbfd59f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.234.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         47:d6:5d:c6:62:97:e0:f5:88:0c:fe:c9:10:e7:e0:1f:c3:d8:
         61:ee:24:92:c9:8e:cf:35:20:63:0f:f7:26:80:fe:56:e9:57:
         fd:c7:f6:2d:31:df:f8:80:50:f7:96:2d:65:53:d2:be:b0:70:
         f2:68:0b:e6:24:95:d6:41:18:a0:af:ae:c2:cf:bd:a3:1f:2a:
         22:de:ca:47:65:b6:7d:80:79:c1:06:c0:3d:e7:ab:0b:af:f1:
         72:81:a6:37:85:c9:39:1a:83:6f:a8:f9:7f:dd:08:61:5c:4e:
         88:49:72:6b:18:cb:7b:e9:ec:a5:01:f6:de:2e:63:7a:d2:89:
         60:41:d9:79:53:83:f0:3e:69:ef:79:f0:8a:30:d3:3e:26:42:
         08:27:bf:83:69:d6:e7:4c:ae:86:5a:3d:3a:1f:00:7a:6d:2f:
         e9:69:80:0d:57:b2:d1:be:c5:52:bf:1f:f1:dc:04:cc:d4:60:
         f2:76:dc:dc:58:8e:86:24:70:1e:c5:8b:5e:19:cc:a0:93:5f:
         7c:ca:95:b4:bb:37:c9:58:09:1f:02:72:14:3d:23:89:ec:03:
         e1:19:4e:4c:4e:72:5f:a7:80:5c:92:9f:9a:86:2d:be:69:5d:
         fc:99:24:95:79:12:65:bd:14:d9:06:35:db:1f:22:aa:14:88:
         e7:05:53:cd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTH9anY9KXiVO2lgXNQec1bIxHQwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjFmNzQ1MTBmZDg5ZTM3ZjFlY2RiYWNiNmI3ZTkyYjBm
MGNiODY4NzQ2MTc1N2E1ZWQ2MzZlYzZiYmE4NTdlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxXe4viVBOFCZp/o4qixJrJW19BNE2bBwIUzPRVXPrAjXQ
bu9v4OFQtVe2OVzjgHDbQ/dJDp/7MUgCIHxo4WzHhmVs+Ovuoplj49aOJqkKS/TD
MWCs/ESSI3ghhxvYAtdtMKifuXW8Quc98xFSsYHANMb36zjLez9AzQLyYXaQD+Xq
dGr9cjE/jjXjFf5TdGvwBjppgceCmXM+uvquALtDAM1zVPa1sPr2+DXTG4ReCi3o
oIF0xVkHJvSaou82zrFw2sY4v1HyiKcAWrBarBnbLk4+AXW6wqmNZRnoL/MJQanl
iScwKNxZWZnWDRpV3LRD1LqBhmR8z5yAN3qKkSqXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYXhsg79Emltn1rZcMpH9QQCLyC0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JkYzcyZTcyLWI0NjAtNDJmMS1iZjJjLTZiMzRkYmZkNTlmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo6jANBgkqhkiG9w0BAQsFAAOCAQEAR9ZdxmKX4PWIDP7JEOfgH8PYYe4k
ksmOzzUgYw/3JoD+VulX/cf2LTHf+IBQ95YtZVPSvrBw8mgL5iSV1kEYoK+uws+9
ox8qIt7KR2W2fYB5wQbAPeerC6/xcoGmN4XJORqDb6j5f90IYVxOiElyaxjLe+ns
pQH23i5jetKJYEHZeVOD8D5p73nwijDTPiZCCCe/g2nW50yuhlo9Oh8Aem0v6WmA
DVey0b7FUr8f8dwEzNRg8nbc3FiOhiRwHsWLXhnMoJNffMqVtLs3yVgJHwJyFD0j
iewD4RlOTE5yX6eAXJKfmoYtvmld/JkklXkSZb0U2QY12x8iqhSI5wVTzQ==
-----END CERTIFICATE-----