Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/297c1ae1-725c-4b7d-89cf-0414aa1d6c72.roa
File:                     297c1ae1-725c-4b7d-89cf-0414aa1d6c72.roa (raw, json)
Hash identifier:          yjaGrpUaGIutY9Sm4MlZWsIU0UjObL8BUDjLbR9JM8g=
Subject key identifier:   E8:73:47:8B:67:25:F7:44:74:49:47:BC:C4:0E:CB:BC:61:CA:8F:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       34E3353C8A03A8F0A874AC07E1BD003C1D38E2C1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/297c1ae1-725c-4b7d-89cf-0414aa1d6c72.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.172.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:e3:35:3c:8a:03:a8:f0:a8:74:ac:07:e1:bd:00:3c:1d:38:e2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=487f97e7df6b983ac02e8558dcf8cb00e22bf6ae430735c5c72b36dc953a9d1b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1a:56:ed:b4:ca:19:21:10:c3:21:90:a4:2e:
                    f9:cd:56:fb:d6:a0:85:76:b3:5f:27:e3:80:ff:6c:
                    38:97:f1:be:25:a8:52:7f:9e:6d:81:14:f4:1d:8d:
                    31:05:17:53:7a:85:d2:6d:7c:d2:87:bc:fa:4c:50:
                    01:bd:66:f2:06:d2:8d:3d:bd:b5:ca:23:2d:3e:ea:
                    2b:6c:5f:97:c1:d8:ff:a2:c0:df:4d:df:2e:80:6c:
                    18:fd:de:81:c5:dc:91:f9:c5:80:75:60:f3:02:1b:
                    62:39:5b:be:90:91:12:ed:3a:59:37:42:f0:d3:2d:
                    52:bc:95:02:61:f6:2d:4b:e5:cd:04:15:b8:af:c4:
                    c2:04:81:97:e9:31:15:2e:3c:52:23:45:c7:e9:e3:
                    aa:ed:a8:20:69:09:36:59:07:f4:8f:1a:f6:67:ac:
                    99:48:fb:2a:79:72:f7:69:86:23:91:d9:a3:22:87:
                    98:2f:9c:aa:fa:47:e5:bc:d4:8b:ae:f6:9d:6e:2d:
                    c0:9f:61:8c:c0:f3:e3:ab:b5:50:da:a3:f0:22:2a:
                    0d:65:33:54:8b:a0:c4:86:b0:32:6e:3c:cf:47:5c:
                    03:c5:9b:d3:1e:9f:29:7b:18:95:51:1d:5a:5d:89:
                    d9:06:8b:f9:f2:ae:97:ab:0d:94:1b:c9:8a:3d:6d:
                    82:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:73:47:8B:67:25:F7:44:74:49:47:BC:C4:0E:CB:BC:61:CA:8F:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/297c1ae1-725c-4b7d-89cf-0414aa1d6c72.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.172.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         c1:64:d2:f5:21:17:c7:29:5b:91:72:64:7e:af:e8:d9:e7:e5:
         47:bd:a5:ae:dd:d9:da:24:cb:ff:b8:79:c3:34:ce:8b:1c:bb:
         df:d3:94:c9:ed:f7:ba:24:69:b5:26:4a:2d:4c:69:36:8d:7b:
         ca:25:ce:d5:cd:9c:c2:d3:1d:8b:bf:9f:b2:35:79:59:5b:f6:
         ee:3d:d7:58:09:a2:7a:7c:65:45:88:a1:75:b5:1f:88:8a:11:
         44:a1:6e:5f:39:58:ba:35:52:3b:23:1d:88:5a:04:b0:a0:42:
         97:85:d8:18:7f:ed:df:2b:0a:65:9a:4b:b6:25:e2:4e:3d:b8:
         64:a2:4a:c4:f1:5f:07:9f:fe:b9:e8:bc:86:9a:27:23:44:ee:
         e8:21:b8:65:37:84:dd:1e:6a:ca:8d:79:d9:27:9d:20:4f:14:
         86:1e:aa:da:59:6e:9c:eb:e1:1e:27:ea:a4:4d:43:d6:2a:f4:
         7e:eb:b2:0b:6b:14:75:6b:43:4c:78:ee:20:c5:59:ac:7a:ff:
         50:a8:15:7d:a6:66:b5:bb:7a:8c:4d:8d:2c:d8:93:e8:67:61:
         23:72:57:43:a1:0a:c8:88:b6:94:22:0a:99:d1:ca:51:6a:7e:
         b5:35:5e:26:01:66:d4:e2:6c:b1:9d:7e:5c:ce:c5:ea:82:a6:
         49:df:d1:ac
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNOM1PIoDqPCodKwH4b0APB044sEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODdmOTdlN2RmNmI5ODNhYzAyZTg1NThkY2Y4Y2IwMGUy
MmJmNmFlNDMwNzM1YzVjNzJiMzZkYzk1M2E5ZDFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2GlbttMoZIRDDIZCkLvnNVvvWoIV2s18n44D/bDiX8b4l
qFJ/nm2BFPQdjTEFF1N6hdJtfNKHvPpMUAG9ZvIG0o09vbXKIy0+6itsX5fB2P+i
wN9N3y6AbBj93oHF3JH5xYB1YPMCG2I5W76QkRLtOlk3QvDTLVK8lQJh9i1L5c0E
FbivxMIEgZfpMRUuPFIjRcfp46rtqCBpCTZZB/SPGvZnrJlI+yp5cvdphiOR2aMi
h5gvnKr6R+W81Iuu9p1uLcCfYYzA8+OrtVDao/AiKg1lM1SLoMSGsDJuPM9HXAPF
m9Menyl7GJVRHVpdidkGi/nyrperDZQbyYo9bYKBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6HNHi2cl90R0SUe8xA7LvGHKj5EwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5N2MxYWUxLTcyNWMtNGI3ZC04OWNmLTA0MTRhYTFkNmM3Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIorDANBgkqhkiG9w0BAQsFAAOCAQEAwWTS9SEXxylbkXJkfq/o2eflR72l
rt3Z2iTL/7h5wzTOixy739OUye33uiRptSZKLUxpNo17yiXO1c2cwtMdi7+fsjV5
WVv27j3XWAmienxlRYihdbUfiIoRRKFuXzlYujVSOyMdiFoEsKBCl4XYGH/t3ysK
ZZpLtiXiTj24ZKJKxPFfB5/+uei8hponI0Tu6CG4ZTeE3R5qyo152SedIE8Uhh6q
2llunOvhHifqpE1D1ir0fuuyC2sUdWtDTHjuIMVZrHr/UKgVfaZmtbt6jE2NLNiT
6GdhI3JXQ6EKyIi2lCIKmdHKUWp+tTVeJgFm1OJssZ1+XM7F6oKmSd/RrA==
-----END CERTIFICATE-----