Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ea91b4d-30f7-4149-8d82-f50a3a8e037c.roa
File:                     0ea91b4d-30f7-4149-8d82-f50a3a8e037c.roa (raw, json)
Hash identifier:          hC3xc0JTNV0yhnJDRn4I1t63EGRz68vkjmjrrvNHq8c=
Subject key identifier:   21:AE:AA:4C:33:0F:C8:BF:46:46:A6:37:98:7E:E9:DE:88:DA:BA:51
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       465973B5DA8BC277DCDFF5BC0F13564ED93544B9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ea91b4d-30f7-4149-8d82-f50a3a8e037c.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.192.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:59:73:b5:da:8b:c2:77:dc:df:f5:bc:0f:13:56:4e:d9:35:44:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:29:46:66:b6:94:5a:44:44:63:f3:4c:2e:e1:
                    b6:b5:2d:9b:ea:24:90:0d:86:fb:4d:92:ca:d8:ca:
                    1f:bf:04:cd:ff:20:b2:f4:75:2e:fd:c9:02:9b:2c:
                    74:ef:f6:8a:43:33:2e:73:0a:ba:7a:32:de:20:f6:
                    99:45:4c:ac:c4:ff:44:34:26:f8:94:ea:d5:2d:87:
                    7a:4e:1d:57:98:08:ed:23:25:a5:dc:63:41:71:87:
                    10:c9:3d:94:ad:e2:73:24:5b:67:c5:9d:ca:7b:5f:
                    45:08:0a:47:8b:0d:5d:2d:d5:29:0e:e3:1d:17:03:
                    bc:1f:c3:3a:0b:63:9e:0c:ae:c7:26:27:13:70:8c:
                    fa:52:ac:dd:0a:c9:d1:21:3b:66:be:c0:9b:60:11:
                    e4:ed:6c:ce:a3:98:78:61:8e:c0:a1:99:bb:d3:17:
                    da:d3:6f:1a:b0:ab:5a:59:52:91:08:a0:bd:3d:7d:
                    b5:81:83:0a:fd:d1:59:16:2a:7e:33:11:c4:4e:6c:
                    56:1d:ff:c2:ab:e9:38:44:59:1d:4b:61:81:6d:c4:
                    a4:33:f0:c7:d9:0b:65:26:84:ef:08:f1:ac:b5:66:
                    6f:f7:a4:a4:42:d6:52:03:17:1e:0a:56:66:e2:56:
                    28:7e:ae:9e:9b:12:ca:4f:5b:04:bc:ba:20:3d:6a:
                    68:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AE:AA:4C:33:0F:C8:BF:46:46:A6:37:98:7E:E9:DE:88:DA:BA:51
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0ea91b4d-30f7-4149-8d82-f50a3a8e037c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.192.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         bc:4c:4a:b8:5a:4c:10:d6:d7:4b:dc:b9:af:d4:77:78:df:cd:
         b1:17:7d:bf:6e:43:87:d4:82:68:6e:f8:38:51:1d:25:17:61:
         6d:51:56:ad:53:09:d4:16:bb:1b:a4:e5:0d:9b:09:33:e8:9a:
         75:2c:c5:8e:45:5c:0a:1c:e0:e1:42:ed:b9:8e:7b:f0:fe:c5:
         68:00:50:76:40:66:82:c6:57:b0:2d:43:ae:4f:46:77:97:88:
         e1:d9:c9:36:62:96:49:5a:a3:8a:c1:4d:3c:7e:1f:64:54:33:
         12:82:ec:02:c9:77:02:26:c3:c7:70:37:13:06:61:23:0c:fb:
         c7:b0:b3:7f:36:78:49:55:7d:ff:38:c1:41:98:74:3d:b5:aa:
         33:8e:40:8b:22:9f:78:15:45:78:d7:bb:25:b6:30:dc:95:8a:
         95:0c:2b:2a:49:04:f0:ea:1b:1b:71:1d:c8:1a:c8:c1:16:4d:
         b4:f5:9b:46:11:01:40:98:52:d3:37:ed:38:75:7e:a7:ea:e7:
         af:2f:35:a5:33:44:7f:9e:3b:fc:ef:c9:e3:c2:5d:61:ff:69:
         2a:9f:dc:1d:48:5c:14:46:e1:c1:3f:13:5f:80:9b:e9:87:69:
         91:47:d4:23:fc:e1:03:07:a9:36:90:54:ac:9c:24:18:61:b7:
         e0:cd:ca:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURllztdqLwnfc3/W8DxNWTtk1RLkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NTYyNTM3MjA0YjI5OWQ1YTI4ODVlYTBjNmUwODUwNTNk
NzY2OGU2ODZlYzhkMzlhM2E3NWMyNmQ4NWQzMzBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTKUZmtpRaRERj80wu4ba1LZvqJJANhvtNksrYyh+/BM3/
ILL0dS79yQKbLHTv9opDMy5zCrp6Mt4g9plFTKzE/0Q0JviU6tUth3pOHVeYCO0j
JaXcY0FxhxDJPZSt4nMkW2fFncp7X0UICkeLDV0t1SkO4x0XA7wfwzoLY54Mrscm
JxNwjPpSrN0KydEhO2a+wJtgEeTtbM6jmHhhjsChmbvTF9rTbxqwq1pZUpEIoL09
fbWBgwr90VkWKn4zEcRObFYd/8Kr6ThEWR1LYYFtxKQz8MfZC2UmhO8I8ay1Zm/3
pKRC1lIDFx4KVmbiVih+rp6bEspPWwS8uiA9amjLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIa6qTDMPyL9GRqY3mH7p3ojaulEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBlYTkxYjRkLTMwZjctNDE0OS04ZDgyLWY1MGEzYThlMDM3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcowAAwDQYJKoZIhvcNAQELBQADggEBALxMSrhaTBDW10vcua/Ud3jfzbEX
fb9uQ4fUgmhu+DhRHSUXYW1RVq1TCdQWuxuk5Q2bCTPomnUsxY5FXAoc4OFC7bmO
e/D+xWgAUHZAZoLGV7AtQ65PRneXiOHZyTZilklao4rBTTx+H2RUMxKC7ALJdwIm
w8dwNxMGYSMM+8ews382eElVff84wUGYdD21qjOOQIsin3gVRXjXuyW2MNyVipUM
KypJBPDqGxtxHcgayMEWTbT1m0YRAUCYUtM37Th1fqfq568vNaUzRH+eO/zvyePC
XWH/aSqf3B1IXBRG4cE/E1+Am+mHaZFH1CP84QMHqTaQVKycJBhht+DNymE=
-----END CERTIFICATE-----