Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40b3b09f-480a-4149-bfe2-ffb4077e4849.roa
File:                     40b3b09f-480a-4149-bfe2-ffb4077e4849.roa (raw, json)
Hash identifier:          9h7Cig1DqfR28rDIMqphqCctR/3T9HQ7oZNCSjFcTaw=
Subject key identifier:   04:83:38:DB:BB:D8:E2:E7:AF:9F:FA:07:24:0B:39:63:7E:71:11:16
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       710E7EECF81B4EEE1A2BD1AE557B417E41F4CCC5
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40b3b09f-480a-4149-bfe2-ffb4077e4849.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.212.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:0e:7e:ec:f8:1b:4e:ee:1a:2b:d1:ae:55:7b:41:7e:41:f4:cc:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1f:28:98:85:b4:58:9f:3d:4b:af:be:3c:8d:
                    e8:42:52:ed:59:53:b3:1b:07:c5:7b:0b:ca:2b:f6:
                    9f:a1:88:9f:ec:9a:03:e4:68:fd:67:f7:a0:15:ef:
                    eb:78:68:58:f4:26:cc:d2:fd:4e:ef:2e:a9:d0:9e:
                    c9:c7:dc:6b:35:49:c5:3a:a5:c4:8d:b7:50:1c:14:
                    04:05:88:03:40:60:58:5b:a9:da:1f:91:66:c0:e9:
                    cf:b7:c1:48:12:1a:cf:b8:5e:d5:35:10:0f:e1:d6:
                    87:67:c2:bc:f9:e2:c0:2a:c7:8a:63:03:76:47:e1:
                    31:be:9b:28:1c:a6:60:2c:0a:9a:b5:81:0a:f7:a6:
                    ef:c0:d5:2a:77:58:67:5f:a6:3c:0d:4c:ee:f3:45:
                    1a:1d:da:d0:29:4b:03:13:0f:c3:38:ad:9d:72:fb:
                    c4:3d:43:f4:f7:b9:17:d1:e5:bf:9f:91:86:87:a6:
                    77:c3:1d:db:00:d7:fe:eb:b7:6c:a8:c6:8d:1b:e8:
                    5b:0c:d6:5d:ba:8f:27:bb:10:1f:a8:95:7a:e4:4e:
                    5a:ec:00:26:d6:1e:90:ce:8b:a3:cb:d1:98:c1:0b:
                    cf:d6:c3:13:c7:56:55:a3:6f:bf:00:44:70:cb:7e:
                    bc:cd:23:86:c9:e6:d1:fd:22:46:74:98:ca:5c:88:
                    59:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:83:38:DB:BB:D8:E2:E7:AF:9F:FA:07:24:0B:39:63:7E:71:11:16
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/40b3b09f-480a-4149-bfe2-ffb4077e4849.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.212.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         09:80:7a:81:65:b5:90:96:70:37:53:d1:cd:5a:ae:2c:dd:9b:
         1d:18:de:9e:19:5f:22:b9:53:4d:b9:07:e2:5d:ea:8e:30:a9:
         61:0c:1e:2a:07:b7:dc:d5:96:9f:31:31:99:99:6b:cc:2a:1a:
         b5:39:b6:fb:d0:86:c0:e4:71:6a:46:f5:b9:c9:23:0b:2d:49:
         7f:69:b3:92:2a:d2:97:cb:19:a8:3c:30:48:ae:04:2e:62:37:
         62:82:8e:62:04:f8:bb:1d:34:86:a5:38:80:9b:78:c1:73:e2:
         f4:58:6f:df:ec:37:91:b5:b7:f3:af:bd:e3:9b:10:a7:78:d8:
         34:48:fb:a1:31:e4:29:f2:79:62:86:91:78:3e:76:1a:22:27:
         c8:27:c1:b2:c7:39:a3:4a:9e:28:6e:00:9e:4a:b4:17:69:af:
         bf:97:e2:cc:0e:5e:a0:18:8f:66:de:6c:e6:ad:2c:21:47:79:
         4b:c6:55:db:f7:a4:64:50:2e:8d:98:2e:80:32:3b:bf:58:56:
         12:92:e8:fd:5c:30:1a:44:06:7c:32:e4:86:f6:b5:3c:0f:cc:
         96:77:34:21:2a:4c:01:c4:3e:de:df:3b:82:a7:ac:a1:2e:12:
         24:57:ac:23:47:9d:47:ce:63:e3:0f:43:cf:a0:db:f6:10:7b:
         dd:1c:a9:eb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcQ5+7PgbTu4aK9GuVXtBfkH0zMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A3Yjk4MmQyYjA3MGU4ODA1OGU3NDRlNzA2MmNmZGY1YTlk
MGI3MzEwZDIxYmFhMTZmMDVmNzczMTFjMWRjZjY1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTHyiYhbRYnz1Lr748jehCUu1ZU7MbB8V7C8or9p+hiJ/s
mgPkaP1n96AV7+t4aFj0JszS/U7vLqnQnsnH3Gs1ScU6pcSNt1AcFAQFiANAYFhb
qdofkWbA6c+3wUgSGs+4XtU1EA/h1odnwrz54sAqx4pjA3ZH4TG+mygcpmAsCpq1
gQr3pu/A1Sp3WGdfpjwNTO7zRRod2tApSwMTD8M4rZ1y+8Q9Q/T3uRfR5b+fkYaH
pnfDHdsA1/7rt2yoxo0b6FsM1l26jye7EB+olXrkTlrsACbWHpDOi6PL0ZjBC8/W
wxPHVlWjb78ARHDLfrzNI4bJ5tH9IkZ0mMpciFljAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUBIM427vY4uevn/oHJAs5Y35xERYwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQwYjNiMDlmLTQ4MGEtNDE0OS1iZmUyLWZmYjQwNzdlNDg0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwIN1DANBgkqhkiG9w0BAQsFAAOCAQEACYB6gWW1kJZwN1PRzVquLN2bHRje
nhlfIrlTTbkH4l3qjjCpYQweKge33NWWnzExmZlrzCoatTm2+9CGwORxakb1uckj
Cy1Jf2mzkirSl8sZqDwwSK4ELmI3YoKOYgT4ux00hqU4gJt4wXPi9Fhv3+w3kbW3
86+945sQp3jYNEj7oTHkKfJ5YoaReD52GiInyCfBssc5o0qeKG4Ankq0F2mvv5fi
zA5eoBiPZt5s5q0sIUd5S8ZV2/ekZFAujZgugDI7v1hWEpLo/VwwGkQGfDLkhva1
PA/Mlnc0ISpMAcQ+3t87gqesoS4SJFesI0edR85j4w9Dz6Db9hB73Ryp6w==
-----END CERTIFICATE-----