Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/771d0086-a619-4286-84e0-41fa321a83a0.roa
File:                     771d0086-a619-4286-84e0-41fa321a83a0.roa (raw, json)
Hash identifier:          65iEhK4aYQrpghzGaPZ5TK+9WBj3w3H3M114WRCfrPI=
Subject key identifier:   E6:83:7E:41:3B:DF:0D:2E:8B:26:A2:5B:83:86:AF:1F:B8:1B:70:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       BB7361B7D87616F5D2211505FB50B87EE5CC5B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/771d0086-a619-4286-84e0-41fa321a83a0.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.179.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            bb:73:61:b7:d8:76:16:f5:d2:21:15:05:fb:50:b8:7e:e5:cc:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:17:0f:1e:ec:3b:ba:1b:08:75:89:07:c4:c6:
                    b1:b0:78:15:27:b1:a5:4b:e9:ca:a8:8d:d5:43:ef:
                    5f:6a:ce:52:1a:e8:c9:4e:d4:71:83:47:e5:97:82:
                    aa:bd:62:58:2e:a6:3b:9d:b7:50:ad:a5:8e:d7:8e:
                    bb:73:d2:08:2a:ae:1d:1a:6a:1e:cd:41:3b:6d:01:
                    29:9f:48:65:07:48:75:3e:6f:a7:43:20:03:d5:08:
                    02:74:27:e4:8f:44:91:57:74:da:e6:8e:03:00:e3:
                    41:c4:fe:c7:f9:34:66:57:78:b2:57:d4:64:f4:0e:
                    4d:a0:b7:20:8a:a6:5d:96:f3:17:a2:4e:36:c9:c4:
                    1a:26:fb:d3:a1:1b:83:3b:80:3d:af:6b:29:73:40:
                    f8:5c:1d:2a:a9:1a:b2:02:c7:bd:b2:0d:45:ef:48:
                    03:89:84:c7:d3:34:71:cc:52:74:a3:ac:1f:37:9d:
                    f6:90:02:3e:2c:bf:35:04:38:33:23:f6:1b:1a:24:
                    f1:3d:6c:b2:d3:b5:f7:28:52:24:93:c3:be:08:7b:
                    92:4f:c8:dd:7c:99:d3:db:06:f8:4f:de:86:38:5a:
                    51:c4:b9:ce:1e:60:2e:7e:2d:34:dd:7b:3c:41:f6:
                    98:b9:84:40:53:57:a4:a0:22:24:b6:31:b0:92:38:
                    b5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:83:7E:41:3B:DF:0D:2E:8B:26:A2:5B:83:86:AF:1F:B8:1B:70:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/771d0086-a619-4286-84e0-41fa321a83a0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.179.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         86:c2:38:a0:9c:7f:e4:b7:c2:fb:cb:77:2e:1f:cc:d5:16:97:
         52:51:32:18:59:63:82:57:71:ad:cb:00:d5:c5:4d:a2:46:6f:
         ac:a2:fd:73:51:e1:0b:05:5c:c2:79:46:4b:cd:26:40:e2:93:
         5f:3a:27:7b:78:2d:ee:a6:e8:db:0c:25:0d:0d:02:35:f1:bb:
         f1:14:eb:0a:36:97:af:d4:9c:42:9a:e9:46:cf:f5:20:f6:02:
         1a:95:42:2e:96:9d:ef:c7:a1:8e:e8:b9:76:81:6f:82:50:55:
         f0:e3:2a:ea:23:1c:45:2c:7d:af:0d:ad:08:b2:67:16:a5:2a:
         37:ee:ec:43:01:95:2d:0a:88:3a:98:9c:da:9c:59:53:53:9f:
         74:9a:40:f9:bc:5e:87:35:9a:37:a2:ce:c3:a6:ed:76:5c:ab:
         32:32:24:10:33:33:13:88:37:0e:1b:a1:43:ef:40:cd:20:17:
         75:0b:f1:11:61:56:a4:9b:89:8a:74:e9:a3:2c:3a:f2:15:66:
         0a:a5:ab:08:44:34:f6:b7:23:71:75:43:5a:dc:3d:61:37:e4:
         35:bf:4c:c2:2e:36:ed:28:2c:aa:76:91:cb:0e:23:11:9b:a7:
         4b:1d:ea:4b:bf:17:9e:a2:d8:a0:c1:24:0e:8c:4c:21:b2:69:
         ac:2a:44:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUALtzYbfYdhb10iEVBftQuH7lzFswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjJmNTFkNTE4ZmJmNzBmYzVhZTczNTQwODYxNzc2ZjU0
MGI4ZGFhZjE4OTE3ODdiMzljODM2ZjBjMDEyMTMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIFw8e7Du6Gwh1iQfExrGweBUnsaVL6cqojdVD719qzlIa
6MlO1HGDR+WXgqq9Ylgupjudt1CtpY7Xjrtz0ggqrh0aah7NQTttASmfSGUHSHU+
b6dDIAPVCAJ0J+SPRJFXdNrmjgMA40HE/sf5NGZXeLJX1GT0Dk2gtyCKpl2W8xei
TjbJxBom+9OhG4M7gD2vaylzQPhcHSqpGrICx72yDUXvSAOJhMfTNHHMUnSjrB83
nfaQAj4svzUEODMj9hsaJPE9bLLTtfcoUiSTw74Ie5JPyN18mdPbBvhP3oY4WlHE
uc4eYC5+LTTdezxB9pi5hEBTV6SgIiS2MbCSOLUfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5oN+QTvfDS6LJqJbg4avH7gbcIMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc3MWQwMDg2LWE2MTktNDI4Ni04NGUwLTQxZmEzMjFhODNhMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoszANBgkqhkiG9w0BAQsFAAOCAQEAhsI4oJx/5LfC+8t3Lh/M1RaXUlEy
GFljgldxrcsA1cVNokZvrKL9c1HhCwVcwnlGS80mQOKTXzone3gt7qbo2wwlDQ0C
NfG78RTrCjaXr9ScQprpRs/1IPYCGpVCLpad78ehjui5doFvglBV8OMq6iMcRSx9
rw2tCLJnFqUqN+7sQwGVLQqIOpic2pxZU1OfdJpA+bxehzWaN6LOw6btdlyrMjIk
EDMzE4g3DhuhQ+9AzSAXdQvxEWFWpJuJinTpoyw68hVmCqWrCEQ09rcjcXVDWtw9
YTfkNb9Mwi427SgsqnaRyw4jEZunSx3qS78XnqLYoMEkDoxMIbJprCpEpw==
-----END CERTIFICATE-----