Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b610f593-1db0-4ed8-b933-b30e2b3cf7e6.roa
File:                     b610f593-1db0-4ed8-b933-b30e2b3cf7e6.roa (raw, json)
Hash identifier:          7PsuSuhuTDnxZ+0Ah5n0fkbH9xI8BBPVOLGHYpGyPwA=
Subject key identifier:   E7:58:2D:04:12:E0:CF:CD:74:F9:BF:04:E8:22:0C:CA:BF:B6:71:94
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       52922EC34D2E339EC116C0E45A3EEDFE9585FC42
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b610f593-1db0-4ed8-b933-b30e2b3cf7e6.roa
Signing time:             Tue 03 Dec 2024 00:00:00 +0000
ROA not before:           Tue 03 Dec 2024 00:00:00 +0000
ROA not after:            Tue 07 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.176.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:92:2e:c3:4d:2e:33:9e:c1:16:c0:e4:5a:3e:ed:fe:95:85:fc:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  3 00:00:00 2024 GMT
            Not After : Jan  7 23:59:59 2025 GMT
        Subject: serialNumber=8f84d1300ea561daf95dd8523961c5be4422d4b5558a6809773d9ffc50028416, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:84:a7:3b:87:3f:92:e3:f7:3c:6c:f2:72:4f:
                    0e:1f:ef:77:5d:8a:25:18:d2:0c:79:c8:af:e2:23:
                    6f:53:cb:1a:dd:2f:fe:97:18:4d:98:01:1f:98:c0:
                    ff:b2:c1:75:25:01:19:26:51:12:33:f2:b3:fd:cd:
                    56:01:00:e6:a1:e7:22:6d:79:7d:16:9b:74:8e:b3:
                    b7:24:32:0d:52:dd:84:38:25:d8:8e:7e:53:33:7b:
                    b3:19:ec:81:e9:a0:61:b1:2e:5a:a8:03:d3:ef:3b:
                    58:e7:36:1d:59:71:4b:73:57:37:35:87:64:d0:ee:
                    93:6e:17:12:db:3c:a7:03:9f:0c:c0:1c:91:55:ce:
                    dc:ac:b8:e9:35:42:55:d5:8a:e7:e3:55:db:f7:9a:
                    e7:bf:69:85:fa:7a:a6:9a:8e:67:80:30:c6:5b:51:
                    74:b2:24:e4:ee:96:8b:53:af:bd:e5:5c:05:d9:d4:
                    7f:25:57:07:3e:c4:51:a3:29:da:6e:a7:3e:8e:61:
                    1d:c2:70:70:f3:e7:ce:18:39:b6:8c:6a:ad:32:e8:
                    fd:17:94:d2:a8:12:ca:3e:1e:4b:14:b8:34:89:c6:
                    a4:9e:de:00:ed:c0:c2:4e:2e:83:d3:d4:5d:95:7e:
                    a1:c8:70:de:ea:c7:b7:96:c2:37:74:3d:1f:79:26:
                    49:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:58:2D:04:12:E0:CF:CD:74:F9:BF:04:E8:22:0C:CA:BF:B6:71:94
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b610f593-1db0-4ed8-b933-b30e2b3cf7e6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.176.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         39:fe:a4:b0:0e:e1:20:01:e5:c0:fa:ca:18:24:1a:15:e7:4b:
         e6:51:34:fb:5d:f1:ee:85:83:d1:74:99:d8:1d:35:93:00:ba:
         01:7a:86:d9:91:b0:7a:ca:67:d4:ef:bf:1d:ba:05:15:cf:af:
         3c:13:ff:c1:33:d7:ef:f2:46:b8:79:0a:ff:80:e1:5c:e9:d1:
         68:f2:fe:d9:30:50:85:78:0b:1d:47:3d:eb:c1:e7:1c:c8:a2:
         b6:ea:80:90:72:55:8f:77:5d:9d:97:27:67:84:34:5b:00:27:
         12:43:fa:33:72:77:8f:04:bc:12:5c:d7:14:8a:d6:e6:ca:4a:
         88:9d:30:3f:46:28:b3:c2:b4:a1:b1:98:b9:83:8a:9e:46:16:
         a6:c9:65:69:69:8f:8e:c9:c9:00:b6:00:ab:f0:f9:84:9c:6c:
         28:cd:7b:8a:83:0c:fd:d2:51:3d:97:c1:a9:1b:ad:47:5e:f0:
         f9:69:ba:33:e4:ea:a9:90:12:59:9d:f6:88:8d:54:b1:2d:50:
         f3:4b:50:cc:65:8c:5e:17:3e:a5:f5:e7:f3:d2:d7:23:86:7f:
         6e:96:43:d8:f8:e2:dd:42:12:2a:31:21:27:ce:0d:7b:58:0d:
         aa:da:6b:d9:3b:86:06:f2:5a:31:d1:4b:e8:48:85:f5:e1:67:
         4b:77:32:54
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUpIuw00uM57BFsDkWj7t/pWF/EIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAzMDAwMDAwWhcNMjUwMTA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Zjg0ZDEzMDBlYTU2MWRhZjk1ZGQ4NTIzOTYxYzViZTQ0
MjJkNGI1NTU4YTY4MDk3NzNkOWZmYzUwMDI4NDE2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYhKc7hz+S4/c8bPJyTw4f73ddiiUY0gx5yK/iI29Tyxrd
L/6XGE2YAR+YwP+ywXUlARkmURIz8rP9zVYBAOah5yJteX0Wm3SOs7ckMg1S3YQ4
JdiOflMze7MZ7IHpoGGxLlqoA9PvO1jnNh1ZcUtzVzc1h2TQ7pNuFxLbPKcDnwzA
HJFVztysuOk1QlXViufjVdv3mue/aYX6eqaajmeAMMZbUXSyJOTulotTr73lXAXZ
1H8lVwc+xFGjKdpupz6OYR3CcHDz584YObaMaq0y6P0XlNKoEso+HksUuDSJxqSe
3gDtwMJOLoPT1F2VfqHIcN7qx7eWwjd0PR95JknBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU51gtBBLgz810+b8E6CIMyr+2cZQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I2MTBmNTkzLTFkYjAtNGVkOC1iOTMzLWIzMGUyYjNjZjdlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIosDANBgkqhkiG9w0BAQsFAAOCAQEAOf6ksA7hIAHlwPrKGCQaFedL5lE0
+13x7oWD0XSZ2B01kwC6AXqG2ZGwespn1O+/HboFFc+vPBP/wTPX7/JGuHkK/4Dh
XOnRaPL+2TBQhXgLHUc968HnHMiituqAkHJVj3ddnZcnZ4Q0WwAnEkP6M3J3jwS8
ElzXFIrW5spKiJ0wP0Yos8K0obGYuYOKnkYWpsllaWmPjsnJALYAq/D5hJxsKM17
ioMM/dJRPZfBqRutR17w+Wm6M+TqqZASWZ32iI1UsS1Q80tQzGWMXhc+pfXn89LX
I4Z/bpZD2Pji3UISKjEhJ84Ne1gNqtpr2TuGBvJaMdFL6EiF9eFnS3cyVA==
-----END CERTIFICATE-----