Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e1dac0e-397d-4118-877c-faab44e55c10.roa
File:                     9e1dac0e-397d-4118-877c-faab44e55c10.roa (raw, json)
Hash identifier:          Fehs+BdXsT3HVLbPnLyFUgCoWPT6P/Qlc36/voucILU=
Subject key identifier:   D8:55:E1:75:58:86:86:A4:01:57:9C:65:67:6D:54:78:44:CD:CE:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       37C5F76145E71FFF11A40685BDEFB4412FBEA3EB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e1dac0e-397d-4118-877c-faab44e55c10.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.216.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:c5:f7:61:45:e7:1f:ff:11:a4:06:85:bd:ef:b4:41:2f:be:a3:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=d591245b771acaaf9d2fa12066aa85a1bc2a8ffd6038cd489f37d638641ea4e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:48:ab:e8:db:66:7e:3d:af:26:90:a6:71:e4:
                    6e:de:3b:3f:4f:bd:62:a6:54:bc:c1:7c:25:5f:b3:
                    74:28:8c:69:25:db:98:a1:2b:34:7a:78:2e:fd:bc:
                    12:10:71:04:2a:ec:cf:73:05:3b:d7:95:a6:d2:76:
                    af:65:cf:3f:82:d3:91:1c:6c:db:b6:9e:74:e9:31:
                    ca:f5:bd:2c:b3:e7:33:52:f6:f4:bc:2e:f9:eb:a0:
                    ec:05:db:76:f8:1d:52:ac:c0:13:2c:b2:3c:cf:e3:
                    68:d0:e1:48:d2:45:0f:bc:6e:51:74:44:16:7b:89:
                    89:98:b6:5b:8f:14:77:89:16:e4:26:9f:f8:d0:e6:
                    09:d8:8a:86:65:09:92:2e:95:06:bb:50:ee:81:d7:
                    22:7a:11:0a:47:11:d9:bd:ba:95:8c:22:a8:13:30:
                    ea:a1:63:78:fc:51:58:73:3b:60:fc:72:ab:f3:05:
                    dc:11:33:e8:ae:ac:85:74:e4:40:8d:16:4f:58:f6:
                    17:2f:f1:09:a4:78:d3:c1:dd:80:72:5f:88:14:a4:
                    dd:98:dc:ed:17:d1:f0:55:2f:3b:a2:4e:34:a1:0d:
                    cb:c7:96:d9:67:66:98:a7:47:cf:85:fb:88:b8:7c:
                    ea:04:92:f6:fa:b4:ec:c1:9e:a6:1a:83:8a:24:c6:
                    6e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:55:E1:75:58:86:86:A4:01:57:9C:65:67:6D:54:78:44:CD:CE:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9e1dac0e-397d-4118-877c-faab44e55c10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.216.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         28:a9:e2:25:bb:4a:60:30:df:3f:44:48:e2:bd:65:d2:0a:c5:
         04:3a:9a:ce:15:0a:63:4b:aa:b8:d1:8a:0b:e7:ed:ed:fe:a1:
         5f:c7:ec:c1:d9:53:9a:39:64:0d:f6:46:1f:30:5b:01:8b:18:
         e8:cc:ea:86:33:46:18:49:b5:55:af:19:a1:b4:50:cc:f1:e8:
         e0:a0:a6:7c:05:6f:48:55:59:d9:2f:d3:c4:e7:d9:42:01:02:
         d5:f1:33:5b:d1:4c:f6:98:c2:61:d1:20:2e:51:9b:79:d1:b0:
         57:46:3c:4d:90:7f:4d:f2:1b:07:97:ea:16:6c:5e:21:1c:17:
         9e:43:e1:a8:8a:79:af:ea:0e:82:bc:48:fe:7d:14:1f:f8:d1:
         a7:c5:68:b9:82:bd:01:a6:87:4e:0e:56:1e:bd:98:68:99:43:
         13:8d:47:c7:f9:60:6c:48:4b:45:4f:a8:24:a3:c6:d5:2f:89:
         ab:45:19:ef:a1:65:b4:d7:af:a4:36:2f:c5:e7:e6:10:f9:25:
         74:a0:fa:9d:40:96:7b:da:c9:08:f2:e5:e0:79:19:27:df:b2:
         ad:2d:5f:48:70:4d:92:63:cd:30:2b:ef:2e:29:97:c7:f0:1b:
         ed:61:19:f4:0d:77:ef:e2:57:ae:39:ba:39:50:5d:89:f9:a7:
         08:b0:ec:32
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUN8X3YUXnH/8RpAaFve+0QS++o+swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNTkxMjQ1Yjc3MWFjYWFmOWQyZmExMjA2NmFhODVhMWJj
MmE4ZmZkNjAzOGNkNDg5ZjM3ZDYzODY0MWVhNGUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5SKvo22Z+Pa8mkKZx5G7eOz9PvWKmVLzBfCVfs3QojGkl
25ihKzR6eC79vBIQcQQq7M9zBTvXlabSdq9lzz+C05EcbNu2nnTpMcr1vSyz5zNS
9vS8LvnroOwF23b4HVKswBMssjzP42jQ4UjSRQ+8blF0RBZ7iYmYtluPFHeJFuQm
n/jQ5gnYioZlCZIulQa7UO6B1yJ6EQpHEdm9upWMIqgTMOqhY3j8UVhzO2D8cqvz
BdwRM+iurIV05ECNFk9Y9hcv8QmkeNPB3YByX4gUpN2Y3O0X0fBVLzuiTjShDcvH
ltlnZpinR8+F+4i4fOoEkvb6tOzBnqYag4okxm4pAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2FXhdViGhqQBV5xlZ21UeETNztMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzllMWRhYzBlLTM5N2QtNDExOC04NzdjLWZhYWI0NGU1NWMxMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo2DANBgkqhkiG9w0BAQsFAAOCAQEAKKniJbtKYDDfP0RI4r1l0grFBDqa
zhUKY0uquNGKC+ft7f6hX8fswdlTmjlkDfZGHzBbAYsY6MzqhjNGGEm1Va8ZobRQ
zPHo4KCmfAVvSFVZ2S/TxOfZQgEC1fEzW9FM9pjCYdEgLlGbedGwV0Y8TZB/TfIb
B5fqFmxeIRwXnkPhqIp5r+oOgrxI/n0UH/jRp8VouYK9AaaHTg5WHr2YaJlDE41H
x/lgbEhLRU+oJKPG1S+Jq0UZ76FltNevpDYvxefmEPkldKD6nUCWe9rJCPLl4HkZ
J9+yrS1fSHBNkmPNMCvvLimXx/Ab7WEZ9A137+JXrjm6OVBdifmnCLDsMg==
-----END CERTIFICATE-----