Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/90abd194-eb65-4f55-bf71-988fd6b0cb8a.roa
File:                     90abd194-eb65-4f55-bf71-988fd6b0cb8a.roa (raw, json)
Hash identifier:          qNtpAeO/3G8j5MGonJdtkNRsopFej5AhQ1jlltO7xrk=
Subject key identifier:   8E:81:62:AF:1D:8C:8B:5F:78:24:2A:F3:6E:9B:4F:34:31:70:46:9E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       019611B4B0E0533B8BB90AC75950EC55C8754BA3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/90abd194-eb65-4f55-bf71-988fd6b0cb8a.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.176.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:11:b4:b0:e0:53:3b:8b:b9:0a:c7:59:50:ec:55:c8:75:4b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fc:f5:ca:93:7e:26:a5:8d:ef:f8:04:63:81:
                    b3:0f:23:13:06:00:a5:5a:00:8a:b7:bb:ee:78:55:
                    57:75:d4:84:36:77:37:9c:f8:d6:68:ae:86:47:f5:
                    b1:85:c9:c5:65:35:de:62:65:08:8f:ad:a7:9a:df:
                    dd:66:56:da:9e:e5:33:56:d1:8d:ca:ad:9a:42:4e:
                    30:11:6f:02:3b:ea:a5:41:4c:be:b7:13:3c:42:94:
                    c3:dc:9d:3e:dc:34:6e:f5:6e:2c:c1:6f:0f:49:31:
                    b5:c5:e1:94:64:1e:95:e7:ad:de:16:0f:b8:6f:02:
                    8f:d7:17:1b:0b:b0:ef:46:cc:d2:6d:89:39:4f:1b:
                    84:9a:ca:25:e4:a1:50:1e:d2:e2:3a:2d:57:b6:3a:
                    9a:66:58:10:10:a2:d0:dd:bd:7a:8b:97:63:f5:ba:
                    5c:02:38:36:c7:99:82:21:4e:ff:d8:94:08:19:8a:
                    86:68:5a:53:d0:ae:14:03:54:ae:63:70:18:d8:a8:
                    29:f0:7f:17:69:3f:dc:cc:cb:06:68:00:84:a8:1e:
                    1d:d7:19:04:83:6b:2c:20:dd:9c:3a:d4:ed:c6:c3:
                    07:d4:f5:ba:99:b0:96:93:71:c7:e6:0c:bc:53:84:
                    a2:68:25:ca:27:13:5c:43:07:00:f1:4f:01:9b:a0:
                    aa:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:81:62:AF:1D:8C:8B:5F:78:24:2A:F3:6E:9B:4F:34:31:70:46:9E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/90abd194-eb65-4f55-bf71-988fd6b0cb8a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         12:4d:1d:65:98:56:75:a5:da:71:35:06:3e:b7:6f:ef:f3:9c:
         ec:c5:9b:6f:97:de:52:b0:a9:c1:6a:7d:9d:92:7d:85:02:5f:
         29:12:14:0f:cc:ab:33:ca:6f:43:b6:df:7a:f7:bd:65:1e:45:
         1a:78:d1:ed:ee:9f:43:66:ca:de:a3:00:28:a9:a0:d0:d6:a8:
         c1:08:88:8a:09:2b:45:32:68:e4:38:0b:29:ce:4b:b5:95:b1:
         75:e4:19:7f:13:38:4d:ec:e6:1f:88:ef:0a:82:4b:df:de:4c:
         1c:bf:37:bf:ab:81:d8:cd:a5:bf:45:1f:7e:79:68:3e:42:7d:
         1d:10:da:17:46:f2:1d:56:e9:9b:53:1d:43:fe:33:4c:b9:ff:
         65:87:14:e3:81:2b:b1:1d:36:fe:0c:d6:65:bc:57:e4:e0:7f:
         ba:5e:cd:26:d0:2f:95:c3:0f:b2:f5:54:88:4f:cb:86:b7:b1:
         77:21:cd:80:93:13:5e:46:be:c2:b2:81:78:1e:d2:36:74:3c:
         07:a2:64:9e:83:68:15:d1:f4:c4:10:eb:2f:2b:89:31:48:1d:
         d3:41:0f:81:5a:81:2a:86:2e:68:7a:68:bd:15:20:1b:41:3a:
         16:f4:ab:2c:ff:e0:5d:1c:74:af:3e:14:2b:6f:14:90:7f:98:
         d7:18:e0:06
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAZYRtLDgUzuLuQrHWVDsVch1S6MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ODY4NjVmZDIwOTI4OTkwMDI5NjhhZTgwZGI1ZTZmMjFm
Mjc0Mjc0NGZkOGNmOTAxMTdkMjgxYTQzNDU2OGE4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1/PXKk34mpY3v+ARjgbMPIxMGAKVaAIq3u+54VVd11IQ2
dzec+NZoroZH9bGFycVlNd5iZQiPraea391mVtqe5TNW0Y3KrZpCTjARbwI76qVB
TL63EzxClMPcnT7cNG71bizBbw9JMbXF4ZRkHpXnrd4WD7hvAo/XFxsLsO9GzNJt
iTlPG4SayiXkoVAe0uI6LVe2OppmWBAQotDdvXqLl2P1ulwCODbHmYIhTv/YlAgZ
ioZoWlPQrhQDVK5jcBjYqCnwfxdpP9zMywZoAISoHh3XGQSDaywg3Zw61O3GwwfU
9bqZsJaTccfmDLxThKJoJconE1xDBwDxTwGboKrPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjoFirx2Mi194JCrzbptPNDFwRp4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkwYWJkMTk0LWViNjUtNGY1NS1iZjcxLTk4OGZkNmIwY2I4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIosDANBgkqhkiG9w0BAQsFAAOCAQEAEk0dZZhWdaXacTUGPrdv7/Oc7MWb
b5feUrCpwWp9nZJ9hQJfKRIUD8yrM8pvQ7bfeve9ZR5FGnjR7e6fQ2bK3qMAKKmg
0NaowQiIigkrRTJo5DgLKc5LtZWxdeQZfxM4TezmH4jvCoJL395MHL83v6uB2M2l
v0UffnloPkJ9HRDaF0byHVbpm1MdQ/4zTLn/ZYcU44ErsR02/gzWZbxX5OB/ul7N
JtAvlcMPsvVUiE/LhrexdyHNgJMTXka+wrKBeB7SNnQ8B6JknoNoFdH0xBDrLyuJ
MUgd00EPgVqBKoYuaHpovRUgG0E6FvSrLP/gXRx0rz4UK28UkH+Y1xjgBg==
-----END CERTIFICATE-----