Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f937d8e2-2601-4005-814f-c548f4e1e8ac.roa
File:                     f937d8e2-2601-4005-814f-c548f4e1e8ac.roa (raw, json)
Hash identifier:          ucT/J8J7ewDJnPX8OtodcYd1PRktHyGle29g3ZOW4Nw=
Subject key identifier:   B7:52:1D:EF:EE:EB:73:05:1B:B0:C8:BF:63:93:72:F4:F4:22:A9:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C45804FADA22336E679757333394C6D0B2DF26D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f937d8e2-2601-4005-814f-c548f4e1e8ac.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        40.192.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:45:80:4f:ad:a2:23:36:e6:79:75:73:33:39:4c:6d:0b:2d:f2:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:85:f6:9d:d5:33:b4:fd:ce:e9:73:c5:80:ab:
                    ce:90:d8:60:8f:3e:8a:54:2a:6b:01:fd:10:25:7b:
                    67:9e:be:66:e1:66:d3:70:3a:67:8f:73:64:73:72:
                    1e:d4:63:ed:89:a6:97:45:62:3f:86:43:1c:95:48:
                    6e:1d:77:b0:e9:44:5e:e3:58:81:78:10:0c:e0:39:
                    1e:98:86:b6:30:24:48:12:ed:fc:45:05:86:46:fb:
                    9a:2b:9b:1e:32:e4:a9:9d:c3:b0:31:d6:6d:fa:25:
                    78:70:2a:4d:a2:1d:75:44:02:01:be:cf:de:26:09:
                    14:67:3e:fb:93:eb:49:c0:df:2e:ff:ae:28:d0:62:
                    d2:0e:e9:0e:61:97:b6:93:d1:87:63:27:4c:33:3b:
                    05:4d:55:ac:f2:c8:74:44:fb:01:81:be:04:b7:40:
                    5c:2f:53:63:c7:2d:08:4c:85:6e:af:ac:cc:5e:a2:
                    e2:7e:82:00:7e:20:cf:d4:13:3b:96:aa:9f:6f:72:
                    8a:f5:2f:3a:87:a9:95:48:11:e1:aa:f4:76:24:f3:
                    e3:1d:23:db:cb:1e:b9:4b:b3:42:24:81:0d:a1:92:
                    ec:01:ae:e9:5f:db:6b:b8:60:eb:be:8b:e4:80:59:
                    3c:d0:fb:b2:af:75:b7:b2:b3:e3:fe:6e:4f:d4:c9:
                    cb:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:52:1D:EF:EE:EB:73:05:1B:B0:C8:BF:63:93:72:F4:F4:22:A9:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f937d8e2-2601-4005-814f-c548f4e1e8ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.192.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         9e:97:c9:3c:59:2e:9f:8d:03:59:4a:06:98:72:1a:22:b8:ac:
         9b:4f:b8:4a:a9:8c:8b:91:05:d0:11:b7:29:20:e1:6c:d8:59:
         84:d9:f8:6f:ee:31:d5:61:7c:0f:33:01:b2:fd:83:df:f5:38:
         36:d6:50:6d:0f:22:bd:d1:ac:67:ce:32:62:6f:8a:fa:9b:07:
         02:59:5b:9e:96:03:f0:1d:5b:83:6b:b9:e0:7d:a4:d3:7c:cd:
         b0:c5:0d:20:f3:46:9b:fa:85:64:f0:08:a4:03:c5:09:2c:be:
         3f:25:7d:fd:75:b6:cc:c8:69:1e:cc:1b:95:ab:a2:b8:48:04:
         63:12:66:be:08:f7:32:b4:bf:96:89:f1:f2:47:bc:e5:c7:86:
         7b:01:ca:55:6b:83:9f:64:61:ca:e7:79:ed:da:e3:77:d8:28:
         19:a2:84:15:48:01:f2:38:a2:4d:2c:17:b8:b3:bd:e8:81:5a:
         0f:8c:05:f5:76:9c:a7:3a:41:eb:d7:71:a1:87:9d:cf:2a:03:
         36:e2:8a:bc:dc:b7:cf:c3:b5:f7:07:c8:b1:e4:cc:d7:7b:e4:
         8c:e6:c8:1e:29:12:d8:f5:d9:fb:e3:16:6f:69:08:a7:a0:7b:
         6a:db:25:ae:13:f3:1d:b4:ed:86:d5:7d:cb:27:be:40:dc:e2:
         45:f5:f3:ec
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPEWAT62iIzbmeXVzMzlMbQst8m0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjQyMDQ3MTMxZDU0YTUxMjc1NDRiNGI1YWRlZTAxY2Ux
NjkzZGFlYTg5OTI1NjM4NmZlN2IwNGE3YWNiMjBkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCchfad1TO0/c7pc8WAq86Q2GCPPopUKmsB/RAle2eevmbh
ZtNwOmePc2Rzch7UY+2JppdFYj+GQxyVSG4dd7DpRF7jWIF4EAzgOR6YhrYwJEgS
7fxFBYZG+5ormx4y5Kmdw7Ax1m36JXhwKk2iHXVEAgG+z94mCRRnPvuT60nA3y7/
rijQYtIO6Q5hl7aT0YdjJ0wzOwVNVazyyHRE+wGBvgS3QFwvU2PHLQhMhW6vrMxe
ouJ+ggB+IM/UEzuWqp9vcor1LzqHqZVIEeGq9HYk8+MdI9vLHrlLs0IkgQ2hkuwB
rulf22u4YOu+i+SAWTzQ+7Kvdbeys+P+bk/UycvvAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUt1Id7+7rcwUbsMi/Y5Ny9PQiqQUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Y5MzdkOGUyLTI2MDEtNDAwNS04MTRmLWM1NDhmNGUxZThhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAowDANBgkqhkiG9w0BAQsFAAOCAQEAnpfJPFkun40DWUoGmHIaIrism0+4
SqmMi5EF0BG3KSDhbNhZhNn4b+4x1WF8DzMBsv2D3/U4NtZQbQ8ivdGsZ84yYm+K
+psHAllbnpYD8B1bg2u54H2k03zNsMUNIPNGm/qFZPAIpAPFCSy+PyV9/XW2zMhp
HswblauiuEgEYxJmvgj3MrS/lonx8ke85ceGewHKVWuDn2Rhyud57drjd9goGaKE
FUgB8jiiTSwXuLO96IFaD4wF9XacpzpB69dxoYedzyoDNuKKvNy3z8O19wfIseTM
13vkjObIHikS2PXZ++MWb2kIp6B7atslrhPzHbTthtV9yye+QNziRfXz7A==
-----END CERTIFICATE-----