Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/068f87ed-2c30-422c-8608-b989cbeb914e.roa
File:                     068f87ed-2c30-422c-8608-b989cbeb914e.roa (raw, json)
Hash identifier:          d8g+R+1Gmo+MPSLOm5+XrPxuUwvurH73uiCOggllng4=
Subject key identifier:   39:A4:55:6B:8D:9F:EF:59:F7:86:6C:2F:8C:FA:11:55:32:7F:69:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01672EDCF44F0177662B6D82CBE190C44F89A5EF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/068f87ed-2c30-422c-8608-b989cbeb914e.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.186.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:67:2e:dc:f4:4f:01:77:66:2b:6d:82:cb:e1:90:c4:4f:89:a5:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=75a6e35c8355b6522cd5fd501b1b6b74a45f11d682bb2d1f7ed838f9bab54381, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:05:6c:93:d0:d4:c3:20:a1:88:bd:c0:0b:48:
                    71:d7:c8:5e:ca:95:ee:b7:3b:50:ac:01:cc:7a:f3:
                    db:a6:2b:61:81:2c:a9:f6:9b:f6:f5:33:5c:42:00:
                    ef:ec:22:bb:bc:5d:b9:7f:c3:75:d5:7b:45:0a:f8:
                    4b:e6:a7:1e:45:cd:b0:2d:5e:4a:cd:67:fc:d3:d2:
                    1e:6e:27:28:09:a2:50:2d:0b:d9:25:87:26:76:fd:
                    33:1d:92:9b:63:9c:85:c3:43:75:87:98:3b:84:df:
                    f4:03:0a:92:ac:dc:6f:b1:87:7d:93:6d:84:f8:fd:
                    94:db:cd:2d:84:1e:f5:87:4c:66:86:6d:86:b1:fd:
                    8b:d8:36:8c:21:d4:2f:1f:18:35:f9:b9:04:22:b4:
                    56:2d:81:20:46:e9:e4:c2:40:17:ea:6d:de:71:6f:
                    5b:6d:22:ca:44:71:22:29:3a:ba:3a:bf:10:ce:c1:
                    62:30:06:32:29:bd:7b:c8:7e:9a:dc:6c:ce:f1:95:
                    bf:42:c7:28:c4:01:8e:67:9b:74:96:dd:9c:9b:1f:
                    3a:65:a6:ba:e1:f6:58:ac:ee:23:31:4b:b4:c5:5f:
                    51:f8:c5:0c:53:2a:31:f2:eb:09:2b:97:65:8e:1e:
                    9f:5c:02:af:13:28:e4:d7:a8:45:6c:7d:3a:3c:46:
                    b0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:A4:55:6B:8D:9F:EF:59:F7:86:6C:2F:8C:FA:11:55:32:7F:69:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/068f87ed-2c30-422c-8608-b989cbeb914e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.186.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         32:d3:0b:56:1a:e9:ee:17:81:d9:f9:cf:28:26:6a:82:d5:96:
         1b:7a:81:08:fc:53:e0:fd:56:43:24:db:5e:4b:5e:03:9b:42:
         57:99:0c:8c:a7:73:cc:99:44:a7:b6:56:1b:94:0f:20:cd:6a:
         b2:47:52:93:fa:e9:70:94:cb:29:82:ec:bc:bd:0b:b0:52:e9:
         dc:9a:94:15:c9:2f:99:e3:c5:54:6a:3c:ea:1b:8d:38:22:51:
         04:5a:65:66:9b:6c:b8:84:7a:6f:18:a2:63:90:35:15:14:54:
         86:7f:7b:71:81:4b:35:74:d5:f0:b5:fa:ae:1c:69:e0:0d:dc:
         85:5a:91:ad:cf:3d:c2:08:ba:b2:36:3b:29:be:4b:94:64:b3:
         51:43:3d:1c:fb:fb:f1:6c:3b:ba:77:4b:d9:f6:7e:5e:13:dd:
         a8:63:ae:e9:85:6c:33:e7:ac:5f:cc:bb:e1:33:3b:f1:24:7d:
         59:d5:27:0d:3e:3d:a7:a6:ee:e1:11:93:b2:eb:76:fb:ec:36:
         9a:4b:f7:cf:c7:20:82:20:a7:65:3d:52:9a:6f:02:39:9e:bc:
         a7:c6:57:0c:bd:d3:32:27:16:ea:05:14:8e:3f:7e:a8:31:9c:
         97:cc:b9:24:10:b9:df:e2:d9:76:6c:79:e1:3e:55:64:c3:0b:
         41:71:3c:7c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAWcu3PRPAXdmK22Cy+GQxE+Jpe8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NWE2ZTM1YzgzNTViNjUyMmNkNWZkNTAxYjFiNmI3NGE0
NWYxMWQ2ODJiYjJkMWY3ZWQ4MzhmOWJhYjU0MzgxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDABWyT0NTDIKGIvcALSHHXyF7Kle63O1CsAcx689umK2GB
LKn2m/b1M1xCAO/sIru8Xbl/w3XVe0UK+Evmpx5FzbAtXkrNZ/zT0h5uJygJolAt
C9klhyZ2/TMdkptjnIXDQ3WHmDuE3/QDCpKs3G+xh32TbYT4/ZTbzS2EHvWHTGaG
bYax/YvYNowh1C8fGDX5uQQitFYtgSBG6eTCQBfqbd5xb1ttIspEcSIpOro6vxDO
wWIwBjIpvXvIfprcbM7xlb9CxyjEAY5nm3SW3ZybHzplprrh9lis7iMxS7TFX1H4
xQxTKjHy6wkrl2WOHp9cAq8TKOTXqEVsfTo8RrBtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUOaRVa42f71n3hmwvjPoRVTJ/aVswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA2OGY4N2VkLTJjMzAtNDIyYy04NjA4LWI5ODljYmViOTE0ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4ujANBgkqhkiG9w0BAQsFAAOCAQEAMtMLVhrp7heB2fnPKCZqgtWWG3qB
CPxT4P1WQyTbXkteA5tCV5kMjKdzzJlEp7ZWG5QPIM1qskdSk/rpcJTLKYLsvL0L
sFLp3JqUFckvmePFVGo86huNOCJRBFplZptsuIR6bxiiY5A1FRRUhn97cYFLNXTV
8LX6rhxp4A3chVqRrc89wgi6sjY7Kb5LlGSzUUM9HPv78Ww7undL2fZ+XhPdqGOu
6YVsM+esX8y74TM78SR9WdUnDT49p6bu4RGTsut2++w2mkv3z8cggiCnZT1Smm8C
OZ68p8ZXDL3TMicW6gUUjj9+qDGcl8y5JBC53+LZdmx54T5VZMMLQXE8fA==
-----END CERTIFICATE-----