Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20d22df0-a23a-4acb-a534-4abcc4c03f74.roa
File:                     20d22df0-a23a-4acb-a534-4abcc4c03f74.roa (raw, json)
Hash identifier:          nWoVte5kviYhNwPt1rjPpVGzdumwRxRlMyx+W78U1pI=
Subject key identifier:   A2:64:5E:9A:4B:DF:71:9A:4D:79:66:28:46:51:45:39:B1:BF:CD:15
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       35A216BE976D5145AF51DD8F8E4D60DEF04E825A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20d22df0-a23a-4acb-a534-4abcc4c03f74.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.63.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:a2:16:be:97:6d:51:45:af:51:dd:8f:8e:4d:60:de:f0:4e:82:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=499475ec130416a146baf0528862e2fbc58569b433fdef4dbf2064028b1d4e53, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:6c:36:ff:44:6f:fe:90:2e:b8:8f:d8:b0:95:
                    ec:77:e6:92:75:b4:f5:37:50:78:38:3f:dc:b8:20:
                    5a:0c:6f:9f:2e:22:39:88:e6:f1:fc:14:f4:54:72:
                    84:3f:40:9d:a2:53:d6:62:ff:98:ef:89:7b:b0:4a:
                    e5:b3:89:28:c1:0c:f8:7b:12:78:77:99:05:6f:a4:
                    7a:8c:17:4b:ae:36:92:ab:5e:e7:68:98:de:05:0b:
                    de:b5:c9:c6:25:5a:78:dc:0d:57:28:3b:0f:e1:7f:
                    f3:33:1e:e8:34:86:db:5a:30:2e:85:2f:67:bd:5b:
                    ff:18:59:b1:6e:7d:28:98:8c:b6:02:9a:c7:43:d5:
                    76:28:7a:09:45:bd:07:cf:be:0f:2d:c7:8e:be:47:
                    17:0d:a1:62:1a:a9:be:d4:19:ef:ca:f6:16:7f:18:
                    b5:df:5e:82:4a:93:20:b3:76:8e:c6:3a:32:a8:2b:
                    1a:d4:29:36:3a:ef:e5:94:0d:da:bc:69:62:d0:02:
                    e9:0d:11:d0:6d:f2:1a:98:fc:d1:97:6d:8a:7f:85:
                    91:65:f2:fc:b3:c1:61:18:76:a5:01:55:69:25:c8:
                    7d:97:ec:28:29:98:58:42:33:4e:40:b5:4c:87:13:
                    7c:e0:2d:a7:62:6f:c9:08:56:4b:5f:e2:61:ed:5d:
                    a4:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:64:5E:9A:4B:DF:71:9A:4D:79:66:28:46:51:45:39:B1:BF:CD:15
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/20d22df0-a23a-4acb-a534-4abcc4c03f74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.63.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:c7:7f:8f:c1:f7:89:15:73:a5:e3:ec:a1:f1:78:d9:47:b0:
         d1:b0:b3:42:52:7f:7d:b2:70:1b:76:c1:c2:82:99:f3:e0:25:
         67:d9:46:e8:b6:ee:3f:0a:b6:a0:82:92:ce:50:c5:0f:57:c8:
         c0:cb:2c:c0:6c:7d:8e:d2:b1:35:fb:f9:a8:44:89:f8:7a:7c:
         69:87:9b:20:2e:c1:7f:f7:a4:af:e7:49:22:c4:88:60:0f:a9:
         f5:4e:a8:fe:69:03:f9:7b:aa:46:d2:25:3b:a1:11:67:7e:a4:
         80:e0:5f:4a:b8:41:bd:8e:48:87:d5:d7:f6:42:15:0c:84:5d:
         d6:00:75:4e:38:58:4f:86:18:2d:95:00:ef:7b:bf:d0:5a:6d:
         63:e5:05:24:be:d8:c4:8c:89:67:e7:bb:2a:89:96:fa:03:82:
         3b:b3:e6:e3:a4:42:eb:99:84:99:44:ac:e5:70:72:f1:44:1b:
         b5:f4:6c:5e:ce:66:57:81:12:a1:16:d1:bb:4f:03:83:ba:7a:
         63:54:db:ac:6a:6c:2f:80:a1:36:35:62:ea:55:3d:3c:8c:d1:
         72:5c:12:f0:3a:35:ea:bb:34:d8:05:79:67:cf:23:71:09:66:
         d4:b6:4c:15:4e:0e:4f:69:f8:1a:6d:35:52:fc:4d:cb:2d:d1:
         69:50:5c:0a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUNaIWvpdtUUWvUd2Pjk1g3vBOglowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A0OTk0NzVlYzEzMDQxNmExNDZiYWYwNTI4ODYyZTJmYmM1
ODU2OWI0MzNmZGVmNGRiZjIwNjQwMjhiMWQ0ZTUzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0bDb/RG/+kC64j9iwlex35pJ1tPU3UHg4P9y4IFoMb58u
IjmI5vH8FPRUcoQ/QJ2iU9Zi/5jviXuwSuWziSjBDPh7Enh3mQVvpHqMF0uuNpKr
XudomN4FC961ycYlWnjcDVcoOw/hf/MzHug0httaMC6FL2e9W/8YWbFufSiYjLYC
msdD1XYoeglFvQfPvg8tx46+RxcNoWIaqb7UGe/K9hZ/GLXfXoJKkyCzdo7GOjKo
KxrUKTY67+WUDdq8aWLQAukNEdBt8hqY/NGXbYp/hZFl8vyzwWEYdqUBVWklyH2X
7CgpmFhCM05AtUyHE3zgLadib8kIVktf4mHtXaTfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUomRemkvfcZpNeWYoRlFFObG/zRUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIwZDIyZGYwLWEyM2EtNGFjYi1hNTM0LTRhYmNjNGMwM2Y3NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4PzANBgkqhkiG9w0BAQsFAAOCAQEAJMd/j8H3iRVzpePsofF42Uew0bCz
QlJ/fbJwG3bBwoKZ8+AlZ9lG6LbuPwq2oIKSzlDFD1fIwMsswGx9jtKxNfv5qESJ
+Hp8aYebIC7Bf/ekr+dJIsSIYA+p9U6o/mkD+XuqRtIlO6ERZ36kgOBfSrhBvY5I
h9XX9kIVDIRd1gB1TjhYT4YYLZUA73u/0FptY+UFJL7YxIyJZ+e7KomW+gOCO7Pm
46RC65mEmUSs5XBy8UQbtfRsXs5mV4ESoRbRu08Dg7p6Y1TbrGpsL4ChNjVi6lU9
PIzRclwS8Do16rs02AV5Z88jcQlm1LZMFU4OT2n4Gm01UvxNyy3RaVBcCg==
-----END CERTIFICATE-----