Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62a7397f-5427-4652-88a9-359b2337935e.roa
File:                     62a7397f-5427-4652-88a9-359b2337935e.roa (raw, json)
Hash identifier:          BW2UObrJUdUT5uWDwUJkpZimvstj0i53ug59ZZah8XA=
Subject key identifier:   15:C1:E8:AE:C4:D3:E3:64:3C:AC:16:A2:B8:F0:A1:5D:A7:C9:67:C8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47C732FD3ECD2701B9E0B049789F09A7D640956C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62a7397f-5427-4652-88a9-359b2337935e.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.181.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:c7:32:fd:3e:cd:27:01:b9:e0:b0:49:78:9f:09:a7:d6:40:95:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dd:38:7d:b8:96:86:57:c7:72:76:e2:8b:1e:
                    3d:40:bc:2a:1d:d7:05:0d:a4:23:50:19:05:58:90:
                    db:c8:91:7e:c0:67:c0:0c:65:6a:f7:50:1c:b1:68:
                    8f:ea:07:f6:26:8d:63:c9:31:08:00:7a:f5:0d:83:
                    0e:4b:9f:b8:82:42:0d:dc:27:46:18:b5:57:c2:9d:
                    dd:d9:e7:f8:0e:d8:e7:17:d5:ce:2e:50:2d:bd:4c:
                    c4:e3:a3:7e:34:93:04:0d:2b:54:e4:5a:e4:a6:2c:
                    42:4d:3b:b2:57:d5:55:13:42:05:36:9b:1c:9d:d5:
                    51:61:a4:d6:e5:d4:72:eb:3b:24:9f:54:24:68:1c:
                    5b:e8:17:51:1a:a0:e8:ae:bd:6a:06:82:c5:79:a0:
                    2c:a0:37:8d:4d:88:6d:e7:81:fa:4d:c2:f7:93:95:
                    37:17:b4:2c:b9:26:bd:62:4e:1f:f5:cd:fe:44:12:
                    a4:0c:c7:e1:5f:da:99:11:87:3a:f5:33:25:df:0c:
                    b7:07:38:0b:16:f0:07:48:cd:de:de:b8:69:58:7e:
                    f8:6b:7d:fe:2c:cf:af:c4:04:5d:ac:ee:12:48:04:
                    de:84:48:c3:38:ee:9c:de:c7:cc:e3:47:f3:d3:a6:
                    e4:22:ef:8b:77:f4:1d:21:85:0d:14:91:0d:9d:24:
                    86:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C1:E8:AE:C4:D3:E3:64:3C:AC:16:A2:B8:F0:A1:5D:A7:C9:67:C8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/62a7397f-5427-4652-88a9-359b2337935e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.181.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1d:88:2e:56:a1:6a:1f:9f:82:68:e6:c9:3c:57:6c:19:38:8a:
         6e:1d:dc:5b:ab:46:cd:d9:76:80:0d:8e:b7:cb:0c:cf:60:03:
         24:3f:15:43:26:d2:ae:49:ab:92:fa:15:8c:ab:d9:fd:df:8a:
         13:59:50:15:b8:05:0e:c5:a0:1f:09:53:0c:6f:a7:9a:6a:83:
         bb:fc:ba:e3:23:1f:8c:8c:0e:e5:1e:31:f1:e0:9f:b9:fc:05:
         41:12:43:5b:4d:cd:fd:f9:5b:d7:01:3c:48:03:9d:0c:aa:47:
         a3:76:f3:58:cb:44:49:4e:78:53:d3:c4:45:f2:f3:69:5f:68:
         4b:be:da:60:09:83:1f:da:3a:41:df:72:20:f9:3a:22:aa:ae:
         30:3c:27:cf:7f:74:e9:d0:10:b9:b6:d1:38:1d:93:45:66:d5:
         40:e9:82:e4:e5:b7:b6:69:34:81:b5:37:c1:d5:5d:63:f7:43:
         6a:88:80:de:7d:83:22:4b:4b:34:5a:fc:d2:55:db:1f:f6:bf:
         9b:ef:da:f2:bd:c8:fc:7d:1f:30:57:2b:8d:8b:e6:d8:59:7f:
         78:23:eb:e0:d0:55:b8:e7:3a:9b:42:ac:fd:3a:42:d6:b9:5d:
         6e:6c:ba:4f:17:74:9c:17:e2:26:f3:13:19:c6:84:e4:b1:3b:
         cc:b5:57:a9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR8cy/T7NJwG54LBJeJ8Jp9ZAlWwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NDI3Y2Y3NzhlYTVmNjAxODhhM2E1NWVjZTY2MGZjN2Mx
Nzk1Y2RhZmFhZjRhY2VkNzEzZTY4OTY0ZGRlNDk1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC13Th9uJaGV8dyduKLHj1AvCod1wUNpCNQGQVYkNvIkX7A
Z8AMZWr3UByxaI/qB/YmjWPJMQgAevUNgw5Ln7iCQg3cJ0YYtVfCnd3Z5/gO2OcX
1c4uUC29TMTjo340kwQNK1TkWuSmLEJNO7JX1VUTQgU2mxyd1VFhpNbl1HLrOySf
VCRoHFvoF1EaoOiuvWoGgsV5oCygN41NiG3ngfpNwveTlTcXtCy5Jr1iTh/1zf5E
EqQMx+Ff2pkRhzr1MyXfDLcHOAsW8AdIzd7euGlYfvhrff4sz6/EBF2s7hJIBN6E
SMM47pzex8zjR/PTpuQi74t39B0hhQ0UkQ2dJIYLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFcHorsTT42Q8rBaiuPChXafJZ8gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyYTczOTdmLTU0MjctNDY1Mi04OGE5LTM1OWIyMzM3OTM1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAotTANBgkqhkiG9w0BAQsFAAOCAQEAHYguVqFqH5+CaObJPFdsGTiKbh3c
W6tGzdl2gA2Ot8sMz2ADJD8VQybSrkmrkvoVjKvZ/d+KE1lQFbgFDsWgHwlTDG+n
mmqDu/y64yMfjIwO5R4x8eCfufwFQRJDW03N/flb1wE8SAOdDKpHo3bzWMtESU54
U9PERfLzaV9oS77aYAmDH9o6Qd9yIPk6IqquMDwnz3906dAQubbROB2TRWbVQOmC
5OW3tmk0gbU3wdVdY/dDaoiA3n2DIktLNFr80lXbH/a/m+/a8r3I/H0fMFcrjYvm
2Fl/eCPr4NBVuOc6m0Ks/TpC1rldbmy6Txd0nBfiJvMTGcaE5LE7zLVXqQ==
-----END CERTIFICATE-----