Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0a9f070-281a-4ab7-9ec7-e0a20bafd1bd.roa
File:                     f0a9f070-281a-4ab7-9ec7-e0a20bafd1bd.roa (raw, json)
Hash identifier:          sWXgu7Ymvo8lXk7KxsBPeX5YrKhZMBURM87bnwdMghc=
Subject key identifier:   0E:D4:89:87:69:80:BC:0D:1D:C2:7B:87:D7:7F:7B:91:AA:C6:6C:C6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A6C1DA9A241B0514A640A3F7CE9E3BCAF12626F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0a9f070-281a-4ab7-9ec7-e0a20bafd1bd.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        167.234.40.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:6c:1d:a9:a2:41:b0:51:4a:64:0a:3f:7c:e9:e3:bc:af:12:62:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: serialNumber=e668aeb8f31d75c6f2d93aa0f4b5de6c4564229feb361ef36c0999cf2d3e6dd3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8b:20:5b:21:d7:5b:5c:f1:a2:66:dc:05:fd:
                    db:e3:60:6f:71:3a:02:49:9a:cf:dd:aa:cc:77:fc:
                    b5:8a:58:72:d5:f5:80:7f:54:75:9b:33:ea:12:2d:
                    94:25:d3:2e:75:28:9f:e8:14:40:fe:20:39:30:a3:
                    f0:3e:d1:63:3d:bb:ca:6e:a7:c6:1b:94:af:6f:b4:
                    e3:1b:4f:8d:ad:96:2a:18:28:02:b2:59:83:27:88:
                    74:3b:a7:12:80:77:bb:d3:77:6d:db:c4:8d:69:8c:
                    70:a9:f7:0f:f5:0b:bf:ff:fe:e1:b7:e0:6f:a9:ff:
                    ad:3b:90:13:d7:67:91:d8:d3:eb:c2:9f:35:ae:3c:
                    86:26:43:fe:45:d7:b0:d3:bc:d4:7a:50:1c:c0:86:
                    17:3f:8a:e6:6a:ed:d6:cf:e7:2f:9f:67:18:97:8a:
                    81:71:3f:dc:2f:85:19:46:ec:bb:ee:db:c7:f5:9d:
                    2c:e9:08:d4:96:69:95:ed:42:6d:69:c1:b2:eb:69:
                    12:a0:ce:32:d3:36:9c:78:5a:c1:22:3f:be:2a:a2:
                    cb:a6:c2:fc:69:f7:1a:1a:62:c2:50:ae:b2:28:ad:
                    07:5b:e4:cf:28:61:b4:ec:51:30:89:93:ff:8b:3c:
                    cf:0d:86:31:d7:30:8f:21:36:b5:d1:2a:35:63:d0:
                    84:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D4:89:87:69:80:BC:0D:1D:C2:7B:87:D7:7F:7B:91:AA:C6:6C:C6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f0a9f070-281a-4ab7-9ec7-e0a20bafd1bd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.234.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:cb:54:9c:63:20:13:fb:a5:9d:69:b9:74:d0:89:43:0d:9d:
         dc:8d:df:c4:cf:e4:6c:3c:38:26:c0:57:87:27:0d:6f:fb:ea:
         4f:1e:58:a8:51:30:f0:59:11:25:71:e2:78:2c:37:86:f6:94:
         f4:95:a9:7c:99:dc:2c:89:e9:a5:01:76:c3:e3:cb:9b:b5:0b:
         5a:5a:0f:8b:ed:11:42:c2:ac:57:a6:29:b8:2a:14:7a:ec:c1:
         6a:81:a4:49:36:19:dc:e5:de:68:12:d4:c5:fc:a1:ab:1b:2e:
         0f:2a:a7:72:cf:2a:fe:4f:07:a7:68:fb:44:1f:dd:87:35:99:
         f4:d0:87:53:fd:1d:5a:70:69:75:5a:09:eb:71:87:24:e6:2e:
         a3:cb:be:0f:81:a9:ca:78:09:76:d4:23:83:b4:63:25:dc:5e:
         b6:89:e1:03:85:39:f3:98:68:92:ad:e5:8c:30:a9:3c:24:85:
         cf:7c:19:1c:95:94:4f:69:3c:99:b5:c4:92:85:db:48:62:f9:
         d3:6d:aa:92:40:13:ee:91:cb:f0:41:a6:6a:02:3c:b0:d8:62:
         1e:14:f2:55:4d:cc:6d:b3:f1:d9:84:b7:20:15:d6:1d:c5:02:
         ea:b0:22:3d:05:27:9e:07:41:0f:a8:d5:69:80:c0:aa:fb:73:
         a8:7a:75:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSmwdqaJBsFFKZAo/fOnjvK8SYm8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNjY4YWViOGYzMWQ3NWM2ZjJkOTNhYTBmNGI1ZGU2YzQ1
NjQyMjlmZWIzNjFlZjM2YzA5OTljZjJkM2U2ZGQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCiyBbIddbXPGiZtwF/dvjYG9xOgJJms/dqsx3/LWKWHLV
9YB/VHWbM+oSLZQl0y51KJ/oFED+IDkwo/A+0WM9u8pup8YblK9vtOMbT42tlioY
KAKyWYMniHQ7pxKAd7vTd23bxI1pjHCp9w/1C7///uG34G+p/607kBPXZ5HY0+vC
nzWuPIYmQ/5F17DTvNR6UBzAhhc/iuZq7dbP5y+fZxiXioFxP9wvhRlG7Lvu28f1
nSzpCNSWaZXtQm1pwbLraRKgzjLTNpx4WsEiP74qosumwvxp9xoaYsJQrrIorQdb
5M8oYbTsUTCJk/+LPM8NhjHXMI8hNrXRKjVj0IQvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUDtSJh2mAvA0dwnuH1397karGbMYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YwYTlmMDcwLTI4MWEtNGFiNy05ZWM3LWUwYTIwYmFmZDFiZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAOn6igwDQYJKoZIhvcNAQELBQADggEBADXLVJxjIBP7pZ1puXTQiUMNndyN
38TP5Gw8OCbAV4cnDW/76k8eWKhRMPBZESVx4ngsN4b2lPSVqXyZ3CyJ6aUBdsPj
y5u1C1paD4vtEULCrFemKbgqFHrswWqBpEk2Gdzl3mgS1MX8oasbLg8qp3LPKv5P
B6do+0Qf3Yc1mfTQh1P9HVpwaXVaCetxhyTmLqPLvg+Bqcp4CXbUI4O0YyXcXraJ
4QOFOfOYaJKt5YwwqTwkhc98GRyVlE9pPJm1xJKF20hi+dNtqpJAE+6Ry/BBpmoC
PLDYYh4U8lVNzG2z8dmEtyAV1h3FAuqwIj0FJ54HQQ+o1WmAwKr7c6h6dXk=
-----END CERTIFICATE-----