Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b572893b-29c7-4c92-a48a-a28bfd0da852.roa
File:                     b572893b-29c7-4c92-a48a-a28bfd0da852.roa (raw, json)
Hash identifier:          HDmuykoPxd+H2wRxXaaJTj59+7Je8o6mS8co5Q0P+M4=
Subject key identifier:   83:14:2B:F1:3C:94:4E:60:2C:7E:25:95:B4:07:1F:CF:8B:4B:E0:4C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2864E6A7B1BCE9C9F88C230A2A5767272C321D7C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b572893b-29c7-4c92-a48a-a28bfd0da852.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.195.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:64:e6:a7:b1:bc:e9:c9:f8:8c:23:0a:2a:57:67:27:2c:32:1d:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=0d00f257b2e88779e3e855f369d6d393ee7fe44f0e8193035eb86030ea2dc337, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:4e:1a:8d:66:d2:07:f5:44:7f:23:94:0a:f4:
                    60:a2:02:e3:4d:87:b7:50:5d:f3:5f:1c:e7:c7:fc:
                    fd:53:39:70:15:b9:5c:28:9d:dd:ed:97:7f:f6:06:
                    f1:47:fa:81:68:f9:90:85:8e:16:1b:d6:f4:9c:d7:
                    88:ff:54:ca:d3:39:34:40:9a:7c:4c:d3:2a:b3:d3:
                    b8:19:37:bd:31:b1:c7:9c:cd:0f:00:73:5d:55:72:
                    3d:a4:1b:ac:58:25:05:d2:cd:a6:18:aa:ce:5c:e3:
                    aa:5b:62:e1:06:05:52:a9:da:5d:11:f7:7f:5c:5e:
                    fa:ea:4f:46:4b:51:3c:b1:15:b1:31:06:68:0a:26:
                    e4:07:1f:38:13:0f:f5:7c:c1:39:de:47:02:5c:e6:
                    1e:7d:9e:65:7f:66:15:d3:f7:66:e3:35:04:64:5a:
                    0a:99:b2:d7:af:76:db:b8:4d:28:0a:74:56:79:ec:
                    a8:27:91:86:37:5d:33:de:b9:57:99:e5:29:4a:02:
                    f6:0f:d5:92:86:8c:39:9f:fa:9b:fb:65:b7:f0:8d:
                    44:a2:2f:b2:22:e4:99:e5:73:65:a3:31:34:52:e7:
                    fc:8d:4b:9c:8b:b1:ef:69:eb:dc:11:ff:4e:8d:4b:
                    11:44:e8:f4:d4:35:3b:92:f1:06:49:a4:59:00:a0:
                    7e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:14:2B:F1:3C:94:4E:60:2C:7E:25:95:B4:07:1F:CF:8B:4B:E0:4C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b572893b-29c7-4c92-a48a-a28bfd0da852.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.195.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3b:b9:04:4a:67:97:f0:65:ee:6b:65:eb:c7:49:a1:36:66:46:
         25:50:72:de:a7:c5:2e:7a:43:2d:15:09:27:21:80:c9:30:d3:
         07:04:90:6e:71:b8:50:75:53:25:9d:f9:6b:64:f8:17:3b:6d:
         f1:64:25:0e:5b:40:a0:ce:e2:5d:50:87:11:70:99:f5:0e:9f:
         b2:64:c0:67:34:43:c1:05:06:12:45:b7:43:0c:cc:61:20:38:
         ea:21:d7:f3:95:13:de:6c:09:fd:89:64:9b:98:ae:00:1c:21:
         2c:f2:ed:42:7d:7f:7f:40:b7:36:c5:19:c5:62:f4:51:74:f8:
         d5:1c:73:bc:d4:31:12:00:06:19:9d:13:01:88:ea:62:1e:e4:
         fe:32:17:fe:97:d0:db:a1:d7:0d:43:0f:19:ce:cb:24:c3:c2:
         a4:1a:73:c5:28:1a:4a:cc:38:76:96:7f:a7:d1:b0:92:7f:db:
         cd:57:2b:06:87:38:3c:cc:fa:f4:3e:b9:7b:c4:9b:ca:78:4a:
         bc:74:53:33:70:b7:db:e8:98:e8:13:28:bd:64:47:63:2e:9d:
         29:52:b1:5d:5c:0f:1f:37:6f:f7:8f:df:86:60:47:d1:5f:9a:
         c9:12:50:db:84:29:ad:8b:9c:5f:15:88:2f:4f:35:25:ec:e2:
         59:ff:49:06
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKGTmp7G86cn4jCMKKldnJywyHXwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AwZDAwZjI1N2IyZTg4Nzc5ZTNlODU1ZjM2OWQ2ZDM5M2Vl
N2ZlNDRmMGU4MTkzMDM1ZWI4NjAzMGVhMmRjMzM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCHThqNZtIH9UR/I5QK9GCiAuNNh7dQXfNfHOfH/P1TOXAV
uVwond3tl3/2BvFH+oFo+ZCFjhYb1vSc14j/VMrTOTRAmnxM0yqz07gZN70xscec
zQ8Ac11Vcj2kG6xYJQXSzaYYqs5c46pbYuEGBVKp2l0R939cXvrqT0ZLUTyxFbEx
BmgKJuQHHzgTD/V8wTneRwJc5h59nmV/ZhXT92bjNQRkWgqZstevdtu4TSgKdFZ5
7KgnkYY3XTPeuVeZ5SlKAvYP1ZKGjDmf+pv7ZbfwjUSiL7Ii5Jnlc2WjMTRS5/yN
S5yLse9p69wR/06NSxFE6PTUNTuS8QZJpFkAoH5jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgxQr8TyUTmAsfiWVtAcfz4tL4EwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1NzI4OTNiLTI5YzctNGM5Mi1hNDhhLWEyOGJmZDBkYTg1Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAowzANBgkqhkiG9w0BAQsFAAOCAQEAO7kESmeX8GXua2Xrx0mhNmZGJVBy
3qfFLnpDLRUJJyGAyTDTBwSQbnG4UHVTJZ35a2T4Fztt8WQlDltAoM7iXVCHEXCZ
9Q6fsmTAZzRDwQUGEkW3QwzMYSA46iHX85UT3mwJ/Ylkm5iuABwhLPLtQn1/f0C3
NsUZxWL0UXT41RxzvNQxEgAGGZ0TAYjqYh7k/jIX/pfQ26HXDUMPGc7LJMPCpBpz
xSgaSsw4dpZ/p9Gwkn/bzVcrBoc4PMz69D65e8SbynhKvHRTM3C32+iY6BMovWRH
Yy6dKVKxXVwPHzdv94/fhmBH0V+ayRJQ24QprYucXxWIL081JeziWf9JBg==
-----END CERTIFICATE-----