Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/507d4877-5d0b-4596-b195-24061fb28b45.roa
File:                     507d4877-5d0b-4596-b195-24061fb28b45.roa (raw, json)
Hash identifier:          LE382bqZFwSgPxlxcBVaEIfC9+9yqvoGVYXEBOos9yE=
Subject key identifier:   11:20:1E:C8:9A:26:25:01:EB:1C:9A:6C:9E:92:13:66:2D:B6:69:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0813E9C5B1B81AF2720CE886D3BBE1F8A11DCC83
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/507d4877-5d0b-4596-b195-24061fb28b45.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.224.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:13:e9:c5:b1:b8:1a:f2:72:0c:e8:86:d3:bb:e1:f8:a1:1d:cc:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=f27469973c94a883facea9738b128ef4407f17d69fd62035c024cbaa4e458d55, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:92:a0:ba:4c:22:30:b6:47:36:d4:96:e6:b5:
                    ad:24:9f:58:7e:d8:cc:0b:8e:5f:43:90:4f:fb:d0:
                    6d:ac:c4:75:b0:6a:e3:1d:5c:71:d3:dd:3c:97:38:
                    5d:32:64:26:df:20:20:b5:6b:6d:fa:4e:6d:85:9b:
                    3c:a2:ca:6c:02:be:bc:95:d2:ec:e9:c3:74:43:dd:
                    07:42:be:ce:4c:2f:d3:49:3d:dd:20:1a:db:2f:3d:
                    6c:34:7e:cb:f6:89:6b:bb:0f:04:d4:7b:1d:cc:9f:
                    3c:25:82:00:69:29:54:ca:48:b4:c3:14:2d:50:62:
                    bd:87:f8:70:39:1d:66:aa:26:44:f1:13:f8:9b:fb:
                    b8:20:0d:8f:e2:74:a1:de:de:ed:50:4b:86:f8:b0:
                    eb:37:e1:6c:aa:2a:7b:71:b4:34:47:45:18:f5:27:
                    76:3e:71:95:cd:68:c9:7e:c5:0e:aa:4f:fa:10:8d:
                    45:57:99:5f:4d:6b:68:94:d6:d2:8d:30:b6:3d:0f:
                    18:6a:65:f6:f6:74:70:81:9c:a6:3d:2b:f3:d0:e2:
                    e4:5e:ab:6f:18:8c:fb:0c:32:be:72:ab:1a:96:d5:
                    88:6b:70:9d:23:b2:78:78:cc:74:3a:f1:86:5c:ff:
                    77:e6:99:ef:fe:db:8e:8c:ab:a9:20:f2:2f:05:9a:
                    27:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:20:1E:C8:9A:26:25:01:EB:1C:9A:6C:9E:92:13:66:2D:B6:69:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/507d4877-5d0b-4596-b195-24061fb28b45.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.224.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3c:7d:a1:54:c4:04:40:a7:f3:75:1f:0d:82:18:76:dc:6d:4c:
         fa:15:81:3a:9f:f2:5c:fb:77:e1:36:b9:8e:20:ea:7d:27:14:
         46:a9:93:35:95:a4:d2:e1:6f:04:43:a0:24:03:ac:08:94:fb:
         10:8f:ce:8d:36:93:39:f8:e3:db:b3:c8:0f:8d:08:4a:ef:ed:
         24:3c:ae:d6:89:02:49:32:52:31:c5:c2:d3:49:a6:51:08:82:
         e2:b3:3a:88:74:64:71:9d:81:06:6a:a8:7b:c7:7b:42:02:5f:
         9c:60:75:6c:5c:c3:39:49:db:4a:10:4f:6d:7f:f8:c5:a5:00:
         81:77:d3:e5:ba:b2:7c:01:90:ca:0d:7a:7d:d0:c8:2a:24:b2:
         21:76:db:b8:b5:13:59:8f:b6:61:8b:86:df:52:af:27:09:c3:
         b8:c1:ed:b4:b3:41:66:d7:52:35:79:d4:e3:fe:89:9f:d9:d7:
         83:c1:ab:76:20:8f:1f:84:fe:9a:d9:7a:75:76:4a:54:79:19:
         d9:cf:17:b0:a9:40:a8:7d:dc:24:83:48:a4:31:ec:cd:d0:6c:
         c2:a6:3c:0f:89:9b:8a:84:d8:f0:0e:69:25:93:68:5f:c5:b7:
         fc:86:00:a0:c7:40:59:bd:95:c3:5f:09:06:10:6b:5e:43:b9:
         ac:81:9b:c6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUCBPpxbG4GvJyDOiG07vh+KEdzIMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMjc0Njk5NzNjOTRhODgzZmFjZWE5NzM4YjEyOGVmNDQw
N2YxN2Q2OWZkNjIwMzVjMDI0Y2JhYTRlNDU4ZDU1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5kqC6TCIwtkc21Jbmta0kn1h+2MwLjl9DkE/70G2sxHWw
auMdXHHT3TyXOF0yZCbfICC1a236Tm2FmzyiymwCvryV0uzpw3RD3QdCvs5ML9NJ
Pd0gGtsvPWw0fsv2iWu7DwTUex3MnzwlggBpKVTKSLTDFC1QYr2H+HA5HWaqJkTx
E/ib+7ggDY/idKHe3u1QS4b4sOs34WyqKntxtDRHRRj1J3Y+cZXNaMl+xQ6qT/oQ
jUVXmV9Na2iU1tKNMLY9DxhqZfb2dHCBnKY9K/PQ4uReq28YjPsMMr5yqxqW1Yhr
cJ0jsnh4zHQ68YZc/3fmme/+246Mq6kg8i8FmifXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUESAeyJomJQHrHJpsnpITZi22acswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUwN2Q0ODc3LTVkMGItNDU5Ni1iMTk1LTI0MDYxZmIyOGI0NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo4DANBgkqhkiG9w0BAQsFAAOCAQEAPH2hVMQEQKfzdR8Nghh23G1M+hWB
Op/yXPt34Ta5jiDqfScURqmTNZWk0uFvBEOgJAOsCJT7EI/OjTaTOfjj27PID40I
Su/tJDyu1okCSTJSMcXC00mmUQiC4rM6iHRkcZ2BBmqoe8d7QgJfnGB1bFzDOUnb
ShBPbX/4xaUAgXfT5bqyfAGQyg16fdDIKiSyIXbbuLUTWY+2YYuG31KvJwnDuMHt
tLNBZtdSNXnU4/6Jn9nXg8GrdiCPH4T+mtl6dXZKVHkZ2c8XsKlAqH3cJINIpDHs
zdBswqY8D4mbioTY8A5pJZNoX8W3/IYAoMdAWb2Vw18JBhBrXkO5rIGbxg==
-----END CERTIFICATE-----