Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cac4ceed-294f-45da-bf58-f8ad6cf91e93.roa
File:                     cac4ceed-294f-45da-bf58-f8ad6cf91e93.roa (raw, json)
Hash identifier:          USxAcZgU6tOo+lyUs1TshTTV6LDKuwiR/ndZg9lhnco=
Subject key identifier:   86:2F:7B:05:93:8B:FD:AA:41:7D:0B:59:AB:9F:D9:6A:B6:41:22:F8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       54877E4B220BDFF9BD82534209203C4A2E98EB41
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cac4ceed-294f-45da-bf58-f8ad6cf91e93.roa
Signing time:             Fri 07 Feb 2025 00:00:00 +0000
ROA not before:           Fri 07 Feb 2025 00:00:00 +0000
ROA not after:            Fri 14 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        5.60.40.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:87:7e:4b:22:0b:df:f9:bd:82:53:42:09:20:3c:4a:2e:98:eb:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  7 00:00:00 2025 GMT
            Not After : Mar 14 23:59:59 2025 GMT
        Subject: serialNumber=c15fcef1ab3a669ed3da7492189e8c4c1ca60e845c998cfd78b054c4bf210830, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6b:dc:4f:9f:32:7d:2b:a1:47:bc:77:e6:e2:
                    61:67:6a:ac:7d:fe:90:38:c7:0c:6b:72:e3:62:51:
                    e9:28:55:70:5f:e6:84:d0:0f:ab:62:fc:e8:9c:44:
                    b7:3e:ca:db:40:a8:8d:b6:0d:a8:af:e2:c5:66:d6:
                    ec:97:44:0b:7c:26:dc:30:76:2c:b1:c5:e0:40:e1:
                    00:7f:00:32:5e:89:fb:25:57:ce:91:f2:52:22:50:
                    99:aa:1c:c6:ca:9d:d6:55:ea:c7:f3:17:9f:67:f1:
                    c3:1b:54:ac:5c:62:83:4f:ff:d8:b9:9a:66:97:f4:
                    32:81:7e:c9:93:25:f3:29:08:a7:74:dc:5e:91:28:
                    28:27:de:91:4d:b6:0f:3e:f5:e6:27:d2:e8:b6:a9:
                    ba:ba:8b:50:4c:c1:fc:7e:3f:1b:33:c0:e9:89:f5:
                    5b:65:34:ed:f5:a6:93:76:85:7d:0c:37:03:89:7f:
                    5f:0d:9a:10:6f:64:c5:a3:62:2a:b7:7d:b5:33:5a:
                    e9:b2:78:de:25:c6:90:b5:a2:76:2a:1a:44:51:e2:
                    74:92:8e:54:e0:57:fd:32:ac:7f:38:e6:b7:57:06:
                    96:d9:cc:ed:7e:e6:ff:f0:09:be:ef:08:94:c8:0f:
                    74:b3:57:96:0d:69:a5:4c:22:c0:b8:ee:ba:f1:bd:
                    7d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2F:7B:05:93:8B:FD:AA:41:7D:0B:59:AB:9F:D9:6A:B6:41:22:F8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/cac4ceed-294f-45da-bf58-f8ad6cf91e93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.60.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:50:9a:9a:17:ec:24:06:9e:a1:9c:c2:99:5a:f1:a1:a6:2c:
         72:eb:9b:1d:75:e7:00:84:9a:3a:2f:ce:2a:c7:05:db:5a:6c:
         11:78:7f:09:b9:a3:08:1b:2b:22:00:a4:d5:43:e6:fe:cb:63:
         e0:37:7d:bd:4f:ad:c0:73:59:10:aa:37:03:af:d1:67:93:c1:
         19:3f:88:78:ed:e5:50:ef:ab:4d:35:78:a0:ce:80:7b:22:d4:
         b9:75:54:4a:5c:f4:5e:fa:9b:60:63:f4:40:d3:8b:62:f0:c5:
         cc:8d:0f:73:47:b6:1d:a6:64:fb:07:e6:1c:66:9f:10:2a:ff:
         1d:1c:df:c9:a9:4d:e2:5e:8f:fc:68:0c:81:c1:40:70:c2:4f:
         80:52:a7:99:61:98:7a:57:e4:2c:b3:c3:5c:b8:fd:7a:42:fe:
         64:dd:87:c7:c8:b0:b3:72:06:5d:85:65:7f:9f:79:f3:2f:24:
         56:a1:9f:14:32:23:17:39:23:8a:6b:29:6d:ae:1a:a0:f2:b1:
         e0:1c:83:ee:a5:7d:31:38:8d:b9:91:58:0b:10:b5:59:03:dd:
         6c:8d:ea:3a:f6:dd:9a:7e:4d:09:88:35:80:91:1d:b6:fe:68:
         82:87:45:a1:55:ea:8f:18:fa:e4:4a:a6:14:e7:0b:22:5a:6e:
         c1:f3:f0:4b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVId+SyIL3/m9glNCCSA8Si6Y60EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA3MDAwMDAwWhcNMjUwMzE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjMTVmY2VmMWFiM2E2NjllZDNkYTc0OTIxODllOGM0YzFj
YTYwZTg0NWM5OThjZmQ3OGIwNTRjNGJmMjEwODMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAa9xPnzJ9K6FHvHfm4mFnaqx9/pA4xwxrcuNiUekoVXBf
5oTQD6ti/OicRLc+yttAqI22Daiv4sVm1uyXRAt8JtwwdiyxxeBA4QB/ADJeifsl
V86R8lIiUJmqHMbKndZV6sfzF59n8cMbVKxcYoNP/9i5mmaX9DKBfsmTJfMpCKd0
3F6RKCgn3pFNtg8+9eYn0ui2qbq6i1BMwfx+PxszwOmJ9VtlNO31ppN2hX0MNwOJ
f18NmhBvZMWjYiq3fbUzWumyeN4lxpC1onYqGkRR4nSSjlTgV/0yrH845rdXBpbZ
zO1+5v/wCb7vCJTID3SzV5YNaaVMIsC47rrxvX2BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhi97BZOL/apBfQtZq5/ZarZBIvgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2NhYzRjZWVkLTI5NGYtNDVkYS1iZjU4LWY4YWQ2Y2Y5MWU5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIFPCgwDQYJKoZIhvcNAQELBQADggEBAAdQmpoX7CQGnqGcwpla8aGmLHLr
mx115wCEmjovzirHBdtabBF4fwm5owgbKyIApNVD5v7LY+A3fb1PrcBzWRCqNwOv
0WeTwRk/iHjt5VDvq001eKDOgHsi1Ll1VEpc9F76m2Bj9EDTi2LwxcyND3NHth2m
ZPsH5hxmnxAq/x0c38mpTeJej/xoDIHBQHDCT4BSp5lhmHpX5Cyzw1y4/XpC/mTd
h8fIsLNyBl2FZX+fefMvJFahnxQyIxc5I4prKW2uGqDyseAcg+6lfTE4jbmRWAsQ
tVkD3WyN6jr23Zp+TQmINYCRHbb+aIKHRaFV6o8Y+uRKphTnCyJabsHz8Es=
-----END CERTIFICATE-----