Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aab431-c724-4eba-a67e-f5712b831573.roa
File:                     c6aab431-c724-4eba-a67e-f5712b831573.roa (raw, json)
Hash identifier:          qSN+TrSM8cgoQ+wPm7G/pPIlED87R1b+/MXmlNjnPfU=
Subject key identifier:   E5:31:3C:51:1B:6E:5E:55:51:55:C1:6C:FC:5C:C0:AB:2E:13:F7:44
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       15F08CDD51AF0B954D8DB2EDA9E4FE8EC6F98F85
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aab431-c724-4eba-a67e-f5712b831573.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        95.40.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:f0:8c:dd:51:af:0b:95:4d:8d:b2:ed:a9:e4:fe:8e:c6:f9:8f:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=559345131bccc2b601fc1b470e07746f32bfb727fc60ce7a2b08320eed9b6522, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d1:fc:bd:99:82:a1:67:41:da:db:0b:72:68:
                    17:85:a6:e3:6f:d3:4f:4c:3f:97:81:7c:2d:d2:d9:
                    39:4c:1b:ce:2c:81:d2:09:3b:ae:ca:b9:79:98:62:
                    75:27:9c:fa:96:29:f9:77:93:6e:69:c3:42:78:2e:
                    92:71:fb:15:7b:18:34:04:c1:bb:b5:df:8a:8e:04:
                    98:74:ad:01:8a:95:25:38:bd:59:93:ba:b0:58:9e:
                    f6:06:b6:d7:9e:7f:5e:86:7d:bd:20:60:f7:3b:b8:
                    8b:91:29:2f:fa:17:6d:26:12:3a:6e:30:ba:ff:24:
                    f1:79:7c:e5:9b:d8:ec:c0:f9:83:bd:f5:f7:4b:e2:
                    4f:cb:f7:7d:f7:55:20:e9:79:bf:c1:98:a5:02:c8:
                    94:a4:69:99:4c:0d:2d:83:e4:74:e5:d9:ee:a1:a0:
                    8d:ff:67:23:31:ab:93:08:73:e9:25:47:d2:b3:0c:
                    37:a9:f3:11:27:ea:ec:26:28:24:c6:90:3d:91:92:
                    f2:fd:1b:69:63:80:6b:db:3e:e4:54:84:c9:46:20:
                    22:87:fb:86:b9:77:02:76:1a:af:79:9a:5a:b3:24:
                    14:0c:e4:2e:42:12:e4:64:3b:17:be:a0:e3:bf:8d:
                    2f:a5:36:93:f6:6f:f0:7b:33:53:dc:4e:c4:fa:1e:
                    b2:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:31:3C:51:1B:6E:5E:55:51:55:C1:6C:FC:5C:C0:AB:2E:13:F7:44
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c6aab431-c724-4eba-a67e-f5712b831573.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.40.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         87:72:59:d8:f2:9c:db:65:62:2b:f5:d1:82:b2:e9:48:d0:b5:
         a1:31:a4:d5:ee:b5:ff:d9:12:67:43:80:34:ec:bf:83:5d:bd:
         33:ca:9a:f7:f5:1d:06:23:98:03:f5:a1:36:28:55:66:6e:8e:
         90:79:ef:d7:c6:2b:57:b0:fe:e6:fe:72:b0:5f:d1:01:b8:bf:
         03:a6:29:b4:dd:68:0d:ab:1c:7f:02:bc:26:5a:0a:f4:67:4a:
         ff:3c:4a:b6:1a:a5:aa:6f:a9:48:42:ed:f6:34:13:5c:e1:18:
         7d:8a:10:e7:db:0d:b5:a6:74:16:1d:30:0c:fa:86:81:4a:dc:
         b9:b5:1c:f4:fd:34:1f:86:ea:02:0e:73:cd:f3:97:51:26:7b:
         9f:75:bb:8f:06:47:90:ba:08:ee:1b:82:e3:3c:84:60:44:11:
         d1:9e:dd:43:5a:c3:dc:c7:b5:41:d7:eb:42:83:75:de:e3:d4:
         fa:3f:b9:b5:f2:fa:fa:a7:ce:1c:e8:11:f8:f4:87:64:c9:b3:
         23:cc:d5:eb:9d:bb:b1:ed:49:ff:75:05:b9:30:48:1e:f3:34:
         7e:38:71:d1:cd:eb:88:0b:88:65:8f:8e:e6:f1:f7:d5:0e:5e:
         33:95:8a:bc:c9:06:17:36:18:66:a4:f3:c3:39:ce:7b:d1:c3:
         32:66:26:b2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFfCM3VGvC5VNjbLtqeT+jsb5j4UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NTkzNDUxMzFiY2NjMmI2MDFmYzFiNDcwZTA3NzQ2ZjMy
YmZiNzI3ZmM2MGNlN2EyYjA4MzIwZWVkOWI2NTIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCs0fy9mYKhZ0Ha2wtyaBeFpuNv009MP5eBfC3S2TlMG84s
gdIJO67KuXmYYnUnnPqWKfl3k25pw0J4LpJx+xV7GDQEwbu134qOBJh0rQGKlSU4
vVmTurBYnvYGtteef16Gfb0gYPc7uIuRKS/6F20mEjpuMLr/JPF5fOWb2OzA+YO9
9fdL4k/L9333VSDpeb/BmKUCyJSkaZlMDS2D5HTl2e6hoI3/ZyMxq5MIc+klR9Kz
DDep8xEn6uwmKCTGkD2RkvL9G2ljgGvbPuRUhMlGICKH+4a5dwJ2Gq95mlqzJBQM
5C5CEuRkOxe+oOO/jS+lNpP2b/B7M1PcTsT6HrJ7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5TE8URtuXlVRVcFs/FzAqy4T90QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M2YWFiNDMxLWM3MjQtNGViYS1hNjdlLWY1NzEyYjgzMTU3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwFfKDANBgkqhkiG9w0BAQsFAAOCAQEAh3JZ2PKc22ViK/XRgrLpSNC1oTGk
1e61/9kSZ0OANOy/g129M8qa9/UdBiOYA/WhNihVZm6OkHnv18YrV7D+5v5ysF/R
Abi/A6YptN1oDascfwK8JloK9GdK/zxKthqlqm+pSELt9jQTXOEYfYoQ59sNtaZ0
Fh0wDPqGgUrcubUc9P00H4bqAg5zzfOXUSZ7n3W7jwZHkLoI7huC4zyEYEQR0Z7d
Q1rD3Me1QdfrQoN13uPU+j+5tfL6+qfOHOgR+PSHZMmzI8zV6527se1J/3UFuTBI
HvM0fjhx0c3riAuIZY+O5vH31Q5eM5WKvMkGFzYYZqTzwznOe9HDMmYmsg==
-----END CERTIFICATE-----