Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea060e9a-045e-45f5-a5af-c6d17b1c9251.roa
File:                     ea060e9a-045e-45f5-a5af-c6d17b1c9251.roa (raw, json)
Hash identifier:          vBmQZVO5eSObg1plKaB7v55tb9FhbhwSq9OmAtEyaqk=
Subject key identifier:   5D:08:B1:66:D7:99:52:27:EE:84:49:3A:C8:A4:C9:AD:CB:78:1F:36
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       016BF6CF769A5BBE3C854690321B72B6540A0B79
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea060e9a-045e-45f5-a5af-c6d17b1c9251.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.235.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:6b:f6:cf:76:9a:5b:be:3c:85:46:90:32:1b:72:b6:54:0a:0b:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:19:57:14:10:38:00:bd:17:dc:2a:d5:86:6a:
                    03:ca:52:d1:27:64:72:a0:1c:6e:48:a3:f1:9c:bc:
                    39:36:21:3c:ce:31:28:9f:a0:54:51:91:04:dc:9a:
                    0a:f1:63:94:c4:0e:21:92:d6:cc:c3:da:6b:7f:45:
                    42:28:29:9f:8a:60:7a:75:a1:cb:10:69:d9:63:f1:
                    91:b4:c1:f4:65:c4:b3:46:35:5c:cf:24:78:d5:5c:
                    53:95:11:9e:51:b0:b6:0a:85:36:de:1d:a9:a9:d0:
                    64:71:63:59:b0:d7:88:19:d7:4b:28:2f:e2:b1:0e:
                    dd:34:90:01:4b:26:cb:37:4c:28:37:9b:08:cb:d1:
                    c9:91:bc:e9:2b:2a:bb:56:29:48:77:d3:15:32:04:
                    c6:19:05:ed:82:fe:b0:5e:0f:d2:5e:fc:df:25:1d:
                    bb:8a:08:fd:f4:ff:0e:99:cd:86:8a:21:c6:7f:da:
                    8c:ef:df:fa:81:49:29:9f:e7:d6:1f:d9:04:dc:fd:
                    9b:37:2e:15:dd:56:e2:f5:fb:97:db:66:a9:13:d7:
                    94:9a:6b:b3:cc:65:40:1c:35:a9:91:10:e7:03:a5:
                    5c:bc:11:da:92:09:35:24:6c:52:c4:78:9b:6e:c9:
                    01:2f:2a:d5:f8:88:2d:d8:9d:b0:f4:30:0d:eb:0e:
                    21:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:08:B1:66:D7:99:52:27:EE:84:49:3A:C8:A4:C9:AD:CB:78:1F:36
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ea060e9a-045e-45f5-a5af-c6d17b1c9251.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.235.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         20:4b:58:45:29:0f:6f:ea:b5:60:15:2f:e3:75:d5:a3:6a:0f:
         68:b7:ea:03:5e:0b:ef:d9:de:7a:ef:cc:c1:cb:9f:14:8e:88:
         34:31:bf:ac:49:c2:b9:c9:ea:e9:8e:0b:e3:e5:0d:df:68:b9:
         89:d1:f6:1c:dd:51:c3:c0:b1:75:22:94:65:92:82:8e:e6:5e:
         89:1d:e1:64:3b:2d:ed:60:6b:73:b9:51:f8:96:23:db:e0:77:
         97:df:36:9c:6b:cf:c3:ac:58:63:d0:fc:51:b5:f9:5b:1f:b3:
         8d:c7:67:f6:15:18:de:d2:cb:db:ff:9e:5d:1f:2c:ea:a4:bc:
         4b:31:3a:f2:16:c6:ae:53:72:ee:cf:5d:50:31:d8:94:e5:40:
         8f:40:66:77:0e:9a:05:e1:31:aa:3d:83:1a:3e:14:4f:fe:81:
         4b:58:86:76:75:12:5f:3b:a9:35:ea:47:aa:77:e0:51:ed:eb:
         25:c6:62:df:46:94:d9:03:72:a0:a5:60:19:fd:ce:ee:58:98:
         8b:e5:98:a8:8e:0b:86:b5:aa:8b:85:cd:21:fe:6c:6d:3c:43:
         6a:fd:78:c6:13:76:95:e0:f1:c1:11:48:8b:18:c3:d5:02:89:
         99:a7:47:b8:04:55:b0:52:18:d0:21:16:4a:18:ae:48:83:10:
         35:6e:1e:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAWv2z3aaW748hUaQMhtytlQKC3kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiY2E2MzI3ZmViMGUyYTg3ZmQyNTIyMDlhZWE3M2QxYjkz
M2FlYWRjMzRiYmVhOGQ3YTIzNjk1YzA5NDM3MzJlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwGVcUEDgAvRfcKtWGagPKUtEnZHKgHG5Io/GcvDk2ITzO
MSifoFRRkQTcmgrxY5TEDiGS1szD2mt/RUIoKZ+KYHp1ocsQadlj8ZG0wfRlxLNG
NVzPJHjVXFOVEZ5RsLYKhTbeHamp0GRxY1mw14gZ10soL+KxDt00kAFLJss3TCg3
mwjL0cmRvOkrKrtWKUh30xUyBMYZBe2C/rBeD9Je/N8lHbuKCP30/w6ZzYaKIcZ/
2ozv3/qBSSmf59Yf2QTc/Zs3LhXdVuL1+5fbZqkT15Saa7PMZUAcNamREOcDpVy8
EdqSCTUkbFLEeJtuyQEvKtX4iC3YnbD0MA3rDiEPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXQixZteZUifuhEk6yKTJrct4HzYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VhMDYwZTlhLTA0NWUtNDVmNS1hNWFmLWM2ZDE3YjFjOTI1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYo64AwDQYJKoZIhvcNAQELBQADggEBACBLWEUpD2/qtWAVL+N11aNqD2i3
6gNeC+/Z3nrvzMHLnxSOiDQxv6xJwrnJ6umOC+PlDd9ouYnR9hzdUcPAsXUilGWS
go7mXokd4WQ7Le1ga3O5UfiWI9vgd5ffNpxrz8OsWGPQ/FG1+Vsfs43HZ/YVGN7S
y9v/nl0fLOqkvEsxOvIWxq5Tcu7PXVAx2JTlQI9AZncOmgXhMao9gxo+FE/+gUtY
hnZ1El87qTXqR6p34FHt6yXGYt9GlNkDcqClYBn9zu5YmIvlmKiOC4a1qouFzSH+
bG08Q2r9eMYTdpXg8cERSIsYw9UCiZmnR7gEVbBSGNAhFkoYrkiDEDVuHvA=
-----END CERTIFICATE-----