Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10a82ea4-88fa-4414-b451-4a5566e775c0.roa
File:                     10a82ea4-88fa-4414-b451-4a5566e775c0.roa (raw, json)
Hash identifier:          SUpG6Qcfxun8LIlwPyWGDlTog/fToc4+hMEocLhRJm4=
Subject key identifier:   E8:68:DF:FF:21:4E:74:35:BD:F9:2E:C2:F6:FC:CD:94:A8:A5:BF:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       703FD87ECED8160C006FD5EAC5262737ACF04269
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10a82ea4-88fa-4414-b451-4a5566e775c0.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.172.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:3f:d8:7e:ce:d8:16:0c:00:6f:d5:ea:c5:26:27:37:ac:f0:42:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8e:0d:6f:84:41:41:47:b7:f7:af:1e:bc:0d:
                    0e:7a:48:9b:48:f0:d7:5d:5a:77:9b:42:4a:44:7d:
                    a7:6b:a7:2d:ec:d9:e8:88:fd:6b:04:39:2d:a5:bc:
                    cf:96:26:24:02:d3:ff:22:97:6a:d4:b4:a1:fb:a2:
                    e3:9d:89:1f:4a:9b:75:6c:24:01:4b:70:db:23:9b:
                    7f:83:1f:f3:f9:6b:4f:ff:c4:5e:c6:ea:3c:fc:82:
                    01:af:1f:81:42:73:f6:3c:8c:2b:bc:ac:37:0e:1a:
                    e5:14:7e:35:14:5e:93:f1:d5:6a:f5:ce:e6:26:a8:
                    7e:0f:81:64:60:51:2d:a8:32:7f:71:2e:b9:7c:44:
                    72:cd:45:67:be:05:04:bf:5d:e8:ea:d5:8a:a1:b7:
                    f1:52:f8:f0:55:da:3d:07:27:4c:33:6f:88:82:84:
                    58:34:8d:94:38:52:94:aa:7e:ab:72:af:f2:6f:e5:
                    0b:8e:d0:bd:94:ea:30:23:50:56:f9:fd:49:33:3e:
                    d7:d8:b1:cf:55:c5:b7:88:d2:9b:0e:1a:11:79:28:
                    ea:a2:ec:69:fb:15:eb:32:9e:ac:56:80:a5:5f:92:
                    97:9d:77:76:40:3a:b9:66:b4:eb:88:e2:e2:3e:0e:
                    1a:61:1d:41:ac:2c:73:82:40:bf:d2:bc:35:a6:ae:
                    d2:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:68:DF:FF:21:4E:74:35:BD:F9:2E:C2:F6:FC:CD:94:A8:A5:BF:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/10a82ea4-88fa-4414-b451-4a5566e775c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.172.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         74:e9:03:93:db:6b:b5:ee:5e:36:ac:d2:ee:44:0a:56:c8:f7:
         3e:56:33:82:fa:36:35:6d:d3:43:cd:70:34:fe:24:0a:62:61:
         c8:97:41:80:2e:22:d6:3f:57:cb:42:7d:ca:33:a3:7e:15:8f:
         0d:50:27:84:36:f8:ad:94:9e:fc:ee:a3:aa:7f:86:c0:1e:b6:
         1b:e9:3e:f8:a1:65:6d:58:67:36:88:d6:64:b2:cb:94:ef:b9:
         6c:a1:92:c1:79:0d:26:66:31:7e:c1:14:69:44:0c:b0:87:5c:
         74:ce:8d:0a:6b:cd:9f:1e:5a:0f:5a:42:4e:52:71:a3:c2:04:
         3f:45:7d:71:85:58:94:90:ed:40:39:6f:37:db:1d:7e:82:94:
         a6:0a:64:df:14:d3:fd:1e:2d:2b:13:e3:f5:26:b2:bc:b3:49:
         3f:f9:5c:7f:4b:e5:d3:56:76:d5:27:44:86:5e:eb:17:11:c7:
         9c:88:28:60:d9:ed:5e:2c:7e:5d:50:9a:74:38:07:a7:2d:b9:
         6e:ed:61:1a:56:b2:72:64:e8:db:dc:88:22:37:6d:8a:38:eb:
         24:c5:78:bd:2f:fe:54:83:a1:a3:59:c0:be:c8:50:e2:65:45:
         da:04:c7:46:f2:ab:b4:7f:e8:ed:a8:96:88:04:50:4f:cc:6d:
         05:26:e0:61
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcD/Yfs7YFgwAb9XqxSYnN6zwQmkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1YTJjN2UxMzczZGEwMGFlODM3MTZkN2NjZWU1NjliZGU3
NDg1ZTkxZmNjNjBlZTQ1YjlhYjg0OGZmMmU2NTA5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6jg1vhEFBR7f3rx68DQ56SJtI8NddWnebQkpEfadrpy3s
2eiI/WsEOS2lvM+WJiQC0/8il2rUtKH7ouOdiR9Km3VsJAFLcNsjm3+DH/P5a0//
xF7G6jz8ggGvH4FCc/Y8jCu8rDcOGuUUfjUUXpPx1Wr1zuYmqH4PgWRgUS2oMn9x
Lrl8RHLNRWe+BQS/Xejq1Yqht/FS+PBV2j0HJ0wzb4iChFg0jZQ4UpSqfqtyr/Jv
5QuO0L2U6jAjUFb5/UkzPtfYsc9VxbeI0psOGhF5KOqi7Gn7FesynqxWgKVfkped
d3ZAOrlmtOuI4uI+DhphHUGsLHOCQL/SvDWmrtLHAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6Gjf/yFOdDW9+S7C9vzNlKilv4cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwYTgyZWE0LTg4ZmEtNDQxNC1iNDUxLTRhNTU2NmU3NzVjMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIorDANBgkqhkiG9w0BAQsFAAOCAQEAdOkDk9trte5eNqzS7kQKVsj3PlYz
gvo2NW3TQ81wNP4kCmJhyJdBgC4i1j9Xy0J9yjOjfhWPDVAnhDb4rZSe/O6jqn+G
wB62G+k++KFlbVhnNojWZLLLlO+5bKGSwXkNJmYxfsEUaUQMsIdcdM6NCmvNnx5a
D1pCTlJxo8IEP0V9cYVYlJDtQDlvN9sdfoKUpgpk3xTT/R4tKxPj9SayvLNJP/lc
f0vl01Z21SdEhl7rFxHHnIgoYNntXix+XVCadDgHpy25bu1hGlaycmTo29yIIjdt
ijjrJMV4vS/+VIOho1nAvshQ4mVF2gTHRvKrtH/o7aiWiARQT8xtBSbgYQ==
-----END CERTIFICATE-----