Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e95f77dc-dc29-4563-bb82-1cc2359fb775.roa
File:                     e95f77dc-dc29-4563-bb82-1cc2359fb775.roa (raw, json)
Hash identifier:          atrAfUKxAqX/SONBmR/w+bPUjgTaaw+FAnRHOkEHrbs=
Subject key identifier:   30:B7:A1:66:E4:39:39:03:67:A2:AE:0C:9F:F1:FB:39:F4:09:E8:AA
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       48AA8821844EDA87E7936EDCF8F6BED304D1FD38
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e95f77dc-dc29-4563-bb82-1cc2359fb775.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.238.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:aa:88:21:84:4e:da:87:e7:93:6e:dc:f8:f6:be:d3:04:d1:fd:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=9160165ace027e9c62cdc900f11cd8cf0b0cfb23f071d4b352c2c90aaa56d410, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:41:26:18:39:93:78:dc:fb:7c:23:c4:af:5b:
                    e8:15:d8:91:8e:6c:11:5d:db:66:f5:96:4e:7e:22:
                    e5:63:85:5a:af:5a:c4:af:00:75:dc:1d:1f:39:a8:
                    9b:2a:ac:23:e2:1e:cb:01:c3:50:3c:5b:58:99:d8:
                    cd:31:35:48:47:e3:b3:3b:71:ea:0a:ea:63:d1:94:
                    37:0d:b7:b6:c3:a8:88:a1:e6:5c:37:75:0d:a4:1c:
                    af:db:73:a9:fe:1c:29:39:9c:8f:db:63:d8:f0:8d:
                    a0:9b:50:3d:2c:7c:aa:d9:8f:7c:82:61:8b:cd:41:
                    d0:c8:d7:76:b7:63:25:96:87:58:cf:76:58:c6:8d:
                    22:6f:16:f3:b8:2f:ac:e9:f9:04:ba:dc:83:36:61:
                    13:9c:5b:45:24:87:7c:6a:01:0a:c4:c1:a7:96:41:
                    08:e4:9b:2f:29:95:f1:5d:64:3e:e5:9b:8b:ea:1a:
                    19:a1:5b:81:7e:57:8a:fd:6e:5d:95:bf:b6:39:e2:
                    46:5d:84:2a:83:c6:98:7c:20:80:cd:06:c0:94:ac:
                    c1:5f:5e:79:4e:52:21:bf:1e:a1:b5:44:f5:8f:a6:
                    25:84:f7:32:05:dd:87:15:75:ff:97:f5:1d:48:9f:
                    cb:8d:2d:88:59:24:c3:dc:1f:91:e9:2b:6b:30:56:
                    fd:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:B7:A1:66:E4:39:39:03:67:A2:AE:0C:9F:F1:FB:39:F4:09:E8:AA
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e95f77dc-dc29-4563-bb82-1cc2359fb775.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.238.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:32:4d:3c:ee:9f:1e:3d:cf:c2:d4:98:cc:02:13:02:e2:a0:
         5e:51:71:37:0c:31:ea:7c:05:08:a1:eb:81:5f:90:ea:4b:f2:
         0b:35:87:5f:a4:21:0c:b8:c4:57:9a:e4:b6:af:83:66:de:82:
         00:3e:6b:e5:72:69:66:db:7d:b3:e3:f0:67:9a:9d:c6:67:ef:
         b1:78:ff:c7:06:d7:44:51:84:86:87:0f:a5:2c:19:d2:27:45:
         9e:ca:60:7a:d6:b6:b5:0b:3a:20:3b:74:40:39:81:15:3e:c6:
         78:89:ad:20:79:15:28:5c:05:5b:7f:6b:50:30:c5:db:ba:4e:
         ce:c0:dd:8e:e4:68:70:4e:fc:35:e1:ec:88:8a:5e:81:11:2b:
         68:f7:c4:3a:82:9a:b3:df:86:cd:2f:16:e6:61:9a:32:bd:f5:
         e5:16:b2:ca:d9:20:14:92:24:f6:69:07:ea:ed:04:a1:b1:77:
         71:a7:b7:73:8e:38:b7:d7:c8:a3:15:b4:59:61:b5:2d:28:57:
         63:be:2a:2d:25:74:a9:bd:74:55:f3:38:f5:4f:2c:73:ea:02:
         c8:8a:28:9b:94:21:1b:ba:30:ce:33:7b:3e:10:24:30:e7:e7:
         57:9c:aa:a3:c0:fe:aa:3e:57:7d:9d:a5:ef:1b:30:d5:9f:1b:
         74:f4:74:7d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSKqIIYRO2ofnk27c+Pa+0wTR/TgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MTYwMTY1YWNlMDI3ZTljNjJjZGM5MDBmMTFjZDhjZjBi
MGNmYjIzZjA3MWQ0YjM1MmMyYzkwYWFhNTZkNDEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiQSYYOZN43Pt8I8SvW+gV2JGObBFd22b1lk5+IuVjhVqv
WsSvAHXcHR85qJsqrCPiHssBw1A8W1iZ2M0xNUhH47M7ceoK6mPRlDcNt7bDqIih
5lw3dQ2kHK/bc6n+HCk5nI/bY9jwjaCbUD0sfKrZj3yCYYvNQdDI13a3YyWWh1jP
dljGjSJvFvO4L6zp+QS63IM2YROcW0Ukh3xqAQrEwaeWQQjkmy8plfFdZD7lm4vq
GhmhW4F+V4r9bl2Vv7Y54kZdhCqDxph8IIDNBsCUrMFfXnlOUiG/HqG1RPWPpiWE
9zIF3YcVdf+X9R1In8uNLYhZJMPcH5HpK2swVv25AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMLehZuQ5OQNnoq4Mn/H7OfQJ6KowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U5NWY3N2RjLWRjMjktNDU2My1iYjgyLTFjYzIzNTlmYjc3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo7jANBgkqhkiG9w0BAQsFAAOCAQEAMjJNPO6fHj3PwtSYzAITAuKgXlFx
Nwwx6nwFCKHrgV+Q6kvyCzWHX6QhDLjEV5rktq+DZt6CAD5r5XJpZtt9s+PwZ5qd
xmfvsXj/xwbXRFGEhocPpSwZ0idFnspgeta2tQs6IDt0QDmBFT7GeImtIHkVKFwF
W39rUDDF27pOzsDdjuRocE78NeHsiIpegREraPfEOoKas9+GzS8W5mGaMr315Ray
ytkgFJIk9mkH6u0EobF3cae3c444t9fIoxW0WWG1LShXY74qLSV0qb10VfM49U8s
c+oCyIoom5QhG7owzjN7PhAkMOfnV5yqo8D+qj5XfZ2l7xsw1Z8bdPR0fQ==
-----END CERTIFICATE-----