Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d40ee596-be81-49e3-a662-7a7d5763e968.roa
File:                     d40ee596-be81-49e3-a662-7a7d5763e968.roa (raw, json)
Hash identifier:          ArB/ek2mB8TL6CabogC9P9O7CvPyDbnfXX5+pFTtNfk=
Subject key identifier:   E2:7E:35:9B:5E:9D:AC:61:CC:A8:7B:82:66:4E:D9:83:86:F4:8C:8C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63D1AE4269EFCCFA617D966CB518A0315AC79008
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d40ee596-be81-49e3-a662-7a7d5763e968.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.45.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:d1:ae:42:69:ef:cc:fa:61:7d:96:6c:b5:18:a0:31:5a:c7:90:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=edfc970139910ffa9a9db51ebd1089f2e606b27ced8c9d851b5e2c0efca0911b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:91:f1:ad:a0:38:c3:da:b8:1c:9b:ae:ba:e1:
                    41:e3:94:29:2d:d2:1d:87:70:d0:d3:b0:56:3d:3a:
                    95:2e:9e:83:fc:78:7c:8f:47:37:cf:39:3d:22:a1:
                    4d:b7:e8:be:d2:8c:9a:9f:b9:47:3e:9e:40:b3:c0:
                    6a:2f:47:51:d2:c1:8d:07:9b:4b:d6:a8:d2:98:f1:
                    79:d8:58:c4:39:ba:3e:6c:45:49:87:8e:0b:e7:6c:
                    a6:00:8e:b7:b8:c9:ab:33:3e:53:f2:78:3b:fe:ac:
                    b6:be:89:e0:96:12:fb:06:a0:26:85:61:bd:ed:27:
                    b6:1a:84:3f:c5:5f:4f:18:f4:df:a3:26:ba:b1:42:
                    3e:80:5b:28:df:67:51:4f:d7:4e:0d:05:a6:c3:c6:
                    90:34:e6:18:06:a2:73:e8:44:0c:36:77:f5:54:fa:
                    ba:f3:db:e6:9c:1d:d6:53:c5:20:24:0c:6b:ad:6b:
                    f5:c1:75:94:14:c2:6b:9b:7a:d1:94:58:bd:66:77:
                    83:f3:41:31:25:bd:81:54:b9:b1:e2:e2:a1:a6:72:
                    29:e3:bf:60:7f:9e:a7:bc:33:3d:99:90:03:a9:96:
                    db:b9:a9:43:05:6f:10:30:f5:b7:9c:31:fe:e7:d1:
                    8b:72:18:0b:d0:9f:0a:2e:87:5f:4b:e1:76:75:81:
                    60:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7E:35:9B:5E:9D:AC:61:CC:A8:7B:82:66:4E:D9:83:86:F4:8C:8C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d40ee596-be81-49e3-a662-7a7d5763e968.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.45.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b5:7f:af:f1:0f:2f:a9:f0:58:a7:27:46:e1:0e:25:13:f7:9a:
         ff:a8:4e:69:9b:cf:23:27:2f:8d:1c:ed:7a:d6:9b:ce:f8:75:
         8f:75:fb:e8:b4:cb:01:b0:ee:60:f6:08:c4:e3:ef:c5:55:d2:
         83:3f:87:59:0c:27:0a:5b:bd:2b:66:00:2c:c3:48:1a:88:47:
         f2:04:ac:53:14:9e:ff:71:d2:f9:dc:4d:46:16:04:31:42:de:
         35:2a:59:29:36:6b:44:b7:2c:bc:49:cf:77:29:96:2c:e2:06:
         3c:0c:a3:c4:38:a7:b0:f3:67:c7:13:22:fe:c3:de:db:c5:4d:
         98:57:85:2f:dc:d7:ea:b1:1d:9b:fc:9a:fb:02:c7:e7:92:1d:
         44:66:36:4d:b4:2e:84:a1:7e:fd:68:8b:36:2f:71:a9:ea:c8:
         02:cf:47:35:5d:ac:fb:6c:81:d5:d9:1f:9a:fa:e3:34:ca:fa:
         e2:ec:63:08:78:02:32:66:62:26:6e:cd:d5:e6:95:8d:01:0b:
         71:04:5e:a6:31:45:fe:cf:b9:8b:ea:02:a5:c4:a6:e6:a1:82:
         de:30:15:c1:32:38:5e:7a:24:0f:cf:ac:ca:39:62:94:e7:43:
         1c:d7:bc:57:06:e4:5d:fd:0e:60:78:92:8d:88:1a:35:ac:a1:
         ba:6f:da:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY9GuQmnvzPphfZZstRigMVrHkAgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZGZjOTcwMTM5OTEwZmZhOWE5ZGI1MWViZDEwODlmMmU2
MDZiMjdjZWQ4YzlkODUxYjVlMmMwZWZjYTA5MTFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDMkfGtoDjD2rgcm6664UHjlCkt0h2HcNDTsFY9OpUunoP8
eHyPRzfPOT0ioU236L7SjJqfuUc+nkCzwGovR1HSwY0Hm0vWqNKY8XnYWMQ5uj5s
RUmHjgvnbKYAjre4yaszPlPyeDv+rLa+ieCWEvsGoCaFYb3tJ7YahD/FX08Y9N+j
JrqxQj6AWyjfZ1FP104NBabDxpA05hgGonPoRAw2d/VU+rrz2+acHdZTxSAkDGut
a/XBdZQUwmubetGUWL1md4PzQTElvYFUubHi4qGmcinjv2B/nqe8Mz2ZkAOpltu5
qUMFbxAw9becMf7n0YtyGAvQnwouh19L4XZ1gWAvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4n41m16drGHMqHuCZk7Zg4b0jIwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0MGVlNTk2LWJlODEtNDllMy1hNjYyLTdhN2Q1NzYzZTk2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoLTANBgkqhkiG9w0BAQsFAAOCAQEAtX+v8Q8vqfBYpydG4Q4lE/ea/6hO
aZvPIycvjRztetabzvh1j3X76LTLAbDuYPYIxOPvxVXSgz+HWQwnClu9K2YALMNI
GohH8gSsUxSe/3HS+dxNRhYEMULeNSpZKTZrRLcsvEnPdymWLOIGPAyjxDinsPNn
xxMi/sPe28VNmFeFL9zX6rEdm/ya+wLH55IdRGY2TbQuhKF+/WiLNi9xqerIAs9H
NV2s+2yB1dkfmvrjNMr64uxjCHgCMmZiJm7N1eaVjQELcQRepjFF/s+5i+oCpcSm
5qGC3jAVwTI4XnokD8+syjlilOdDHNe8VwbkXf0OYHiSjYgaNayhum/a6w==
-----END CERTIFICATE-----