Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d39e8571-dd75-4fa7-8974-4183693302fd.roa
File:                     d39e8571-dd75-4fa7-8974-4183693302fd.roa (raw, json)
Hash identifier:          uuPVe3ckY+pOQnGkUpaTbq/66THgbajLmLhM9QdcCAM=
Subject key identifier:   45:E3:75:54:40:E6:C6:1A:2E:F8:FB:98:8A:96:B5:C1:03:D3:64:B9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2C998C29FE1B37936A675165E9D365691DBD8B05
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d39e8571-dd75-4fa7-8974-4183693302fd.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.210.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:99:8c:29:fe:1b:37:93:6a:67:51:65:e9:d3:65:69:1d:bd:8b:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=541bf15281c9176a86ca5fda2901a307251fa052a23724d6afb90c06a1b2f1ed, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a7:4c:c2:6f:3b:fa:1e:f0:0f:83:c3:84:98:
                    e5:0e:94:30:7b:c4:48:61:e3:8a:dc:ba:8a:a0:35:
                    5c:b3:52:b6:09:6a:2a:82:fb:b9:45:0e:ff:b6:10:
                    d2:1f:f9:71:14:b6:98:ba:87:03:f3:b6:03:0d:8c:
                    73:09:6e:13:ae:3c:a7:a2:3b:35:a6:ea:e1:76:d1:
                    8a:88:77:74:aa:90:60:06:4f:08:59:08:96:09:de:
                    e1:9d:1b:33:1d:c1:e4:c9:47:b6:13:58:82:db:2e:
                    dd:06:5d:1f:a6:bd:38:1d:ba:72:5c:60:c1:1a:8b:
                    8b:94:43:25:7d:84:6e:40:25:2c:d2:7a:a3:ef:ff:
                    1a:e1:fe:46:9f:93:4e:23:96:c4:4b:ed:a8:a8:3c:
                    b3:2a:d2:f2:8d:f7:79:75:d5:69:d5:89:a5:43:93:
                    70:6e:95:46:c0:be:70:5d:7f:1e:ee:fe:a7:16:3b:
                    60:7d:5f:99:b6:56:fa:94:73:76:ce:21:ea:c8:cf:
                    63:c9:80:b8:3a:72:d1:b5:0d:e5:b5:fc:54:f8:21:
                    2c:11:ff:c7:5e:e4:74:f0:95:db:9e:b7:8f:2c:4c:
                    07:da:b4:f4:49:0d:aa:68:ab:41:0d:ab:e0:df:97:
                    43:eb:43:70:c7:18:b2:bb:ac:ca:9e:da:c6:80:f2:
                    73:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:E3:75:54:40:E6:C6:1A:2E:F8:FB:98:8A:96:B5:C1:03:D3:64:B9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d39e8571-dd75-4fa7-8974-4183693302fd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.210.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2c:b1:08:1b:a1:b5:23:e7:45:21:b4:c8:51:94:c5:82:ae:a5:
         77:d6:ef:83:5e:2b:3a:60:7f:85:4b:fb:91:ad:5b:80:36:0c:
         1b:d9:e2:16:9c:30:d9:e0:e5:ff:9e:d1:67:c3:37:67:ac:4a:
         c5:a8:cf:35:5d:99:06:a9:05:16:3a:60:d8:44:70:ce:5e:ec:
         9d:54:bb:98:f9:36:19:9b:61:d6:62:60:3a:46:d4:0c:ff:6a:
         b9:02:e5:b5:47:6f:18:57:44:ed:d4:12:6c:b3:09:24:61:b1:
         ef:ff:a0:cd:2e:28:d1:c0:9c:e6:a7:d0:c6:1e:ab:c5:25:f6:
         f9:f7:be:9b:18:11:e9:00:09:14:d2:a3:a0:cb:25:37:98:11:
         13:9e:8e:f2:99:12:e9:7d:c6:22:21:02:1f:39:ca:cc:e2:04:
         8d:ba:95:e5:27:a9:48:9f:fd:65:21:1f:bb:35:ed:96:80:53:
         14:1d:ff:68:93:a8:c9:b1:c0:a1:2c:1b:55:9c:dd:56:29:b2:
         14:f0:7d:ba:f5:84:56:b8:c1:ca:ee:da:80:63:f2:ba:bb:d5:
         0c:08:77:1a:d0:85:4d:09:34:83:4e:33:f7:59:6f:df:07:aa:
         2f:52:ff:40:5d:42:2c:eb:4d:a0:1b:6b:c0:aa:cc:d8:b0:7e:
         99:a4:9e:33
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIULJmMKf4bN5NqZ1Fl6dNlaR29iwUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDFiZjE1MjgxYzkxNzZhODZjYTVmZGEyOTAxYTMwNzI1
MWZhMDUyYTIzNzI0ZDZhZmI5MGMwNmExYjJmMWVkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCip0zCbzv6HvAPg8OEmOUOlDB7xEhh44rcuoqgNVyzUrYJ
aiqC+7lFDv+2ENIf+XEUtpi6hwPztgMNjHMJbhOuPKeiOzWm6uF20YqId3SqkGAG
TwhZCJYJ3uGdGzMdweTJR7YTWILbLt0GXR+mvTgdunJcYMEai4uUQyV9hG5AJSzS
eqPv/xrh/kafk04jlsRL7aioPLMq0vKN93l11WnViaVDk3BulUbAvnBdfx7u/qcW
O2B9X5m2VvqUc3bOIerIz2PJgLg6ctG1DeW1/FT4ISwR/8de5HTwlduet48sTAfa
tPRJDapoq0ENq+Dfl0PrQ3DHGLK7rMqe2saA8nOjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUReN1VEDmxhou+PuYipa1wQPTZLkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzOWU4NTcxLWRkNzUtNGZhNy04OTc0LTQxODM2OTMzMDJmZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAo0jANBgkqhkiG9w0BAQsFAAOCAQEALLEIG6G1I+dFIbTIUZTFgq6ld9bv
g14rOmB/hUv7ka1bgDYMG9niFpww2eDl/57RZ8M3Z6xKxajPNV2ZBqkFFjpg2ERw
zl7snVS7mPk2GZth1mJgOkbUDP9quQLltUdvGFdE7dQSbLMJJGGx7/+gzS4o0cCc
5qfQxh6rxSX2+fe+mxgR6QAJFNKjoMslN5gRE56O8pkS6X3GIiECHznKzOIEjbqV
5SepSJ/9ZSEfuzXtloBTFB3/aJOoybHAoSwbVZzdVimyFPB9uvWEVrjByu7agGPy
urvVDAh3GtCFTQk0g04z91lv3weqL1L/QF1CLOtNoBtrwKrM2LB+maSeMw==
-----END CERTIFICATE-----