Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ede5543-1eed-4473-8969-df0ce3aefd61.roa
File:                     2ede5543-1eed-4473-8969-df0ce3aefd61.roa (raw, json)
Hash identifier:          LdISsLWMk1O0yxR8sAumz980jW+7v9HRyeLRlslULkI=
Subject key identifier:   93:9D:D7:1A:3E:38:4D:4A:32:15:70:07:74:D2:90:A6:FB:7A:FD:69
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F56E86734DC70BFC53050ED25AA06CFD5AE9274
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ede5543-1eed-4473-8969-df0ce3aefd61.roa
Signing time:             Mon 25 Nov 2024 00:00:00 +0000
ROA not before:           Mon 25 Nov 2024 00:00:00 +0000
ROA not after:            Mon 30 Dec 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        56.125.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:56:e8:67:34:dc:70:bf:c5:30:50:ed:25:aa:06:cf:d5:ae:92:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 25 00:00:00 2024 GMT
            Not After : Dec 30 23:59:59 2024 GMT
        Subject: serialNumber=23662a8dc081e4e973da5b1aa1de8f5963dceb2ce9f15d8563790939165a6a0b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:54:4a:61:0a:80:5a:81:56:3a:fb:73:cd:9e:
                    bc:1a:84:2f:a8:1f:99:15:b8:10:86:3f:39:b9:82:
                    3a:21:a1:92:d6:2a:27:52:a2:51:b2:ee:ae:41:1f:
                    f4:78:89:04:a2:54:7f:28:e2:08:a6:eb:54:07:ec:
                    07:b5:9a:36:62:6a:78:87:ce:57:f5:21:d8:91:d3:
                    92:ed:86:ed:8b:c6:5c:76:d5:c7:01:6e:46:86:17:
                    32:b4:fe:5c:f7:8f:f4:af:42:b9:2c:5e:c4:e5:ea:
                    46:d2:d7:2d:8e:b8:dd:db:6d:ed:b7:82:fd:21:f9:
                    3b:01:07:e3:c1:2f:69:0e:b7:7c:a1:d8:89:8e:8b:
                    8b:d1:8b:59:72:fe:bd:5f:79:4a:06:ba:4b:7d:f5:
                    be:60:f8:a4:4d:3b:10:74:33:da:9c:a5:42:c7:3a:
                    e2:f0:55:3d:64:33:fe:16:46:b4:4c:2c:09:06:f1:
                    43:e4:e0:f7:88:ab:71:7b:23:75:5f:e9:39:7b:f4:
                    f6:e6:37:bc:ff:7c:fa:d5:3e:4e:70:92:d4:23:26:
                    8f:94:98:86:df:39:5a:b4:60:eb:fd:f9:ba:40:b0:
                    b7:b1:71:49:ae:81:68:2f:48:7c:9d:b1:fd:90:aa:
                    18:a9:9f:20:56:84:a4:c5:e5:45:f5:25:b2:7a:f6:
                    a4:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9D:D7:1A:3E:38:4D:4A:32:15:70:07:74:D2:90:A6:FB:7A:FD:69
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ede5543-1eed-4473-8969-df0ce3aefd61.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.125.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         91:b7:01:c5:a3:df:cb:4b:a6:22:ea:17:0b:3d:2d:2b:77:8a:
         99:dd:41:47:97:5e:ac:a8:c2:10:5a:c7:07:00:d3:8a:17:01:
         69:1e:7e:11:de:91:51:6b:ab:33:cd:6a:56:30:b0:ad:de:63:
         f4:44:c2:93:32:2f:0f:93:68:1b:fa:28:34:50:c4:7a:85:a5:
         8b:1c:42:ee:d6:2f:90:52:ba:5b:e0:95:5e:bc:eb:0f:03:da:
         4a:9b:b1:3c:e8:d9:20:21:47:3d:b3:d6:4a:dc:38:d2:0f:2a:
         d1:df:86:9e:01:a6:7c:89:b3:7a:be:13:85:6f:ce:9c:5c:88:
         a4:13:76:2e:58:ba:ba:97:e2:b2:a3:9e:8c:db:6b:e5:79:ae:
         5a:c7:6e:fa:91:c9:7e:fd:fd:dd:2a:db:b9:3e:89:24:b8:49:
         5f:a0:fb:ee:af:d1:ab:f6:56:b7:fb:28:9a:a6:c4:ba:ef:a4:
         b4:26:ba:77:ad:83:c0:56:c1:68:82:31:c2:f9:14:93:2c:90:
         b1:07:c0:db:0a:ce:79:53:10:c8:e8:6e:c2:2b:ce:d0:45:3b:
         42:64:67:79:be:0b:0d:1f:0c:37:37:86:d7:a0:d6:8d:b6:1a:
         c7:74:69:2e:fb:65:f2:86:ba:42:dc:e4:bd:f4:15:95:92:7f:
         a0:af:52:a8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUb1boZzTccL/FMFDtJaoGz9WuknQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI1MDAwMDAwWhcNMjQxMjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMzY2MmE4ZGMwODFlNGU5NzNkYTViMWFhMWRlOGY1OTYz
ZGNlYjJjZTlmMTVkODU2Mzc5MDkzOTE2NWE2YTBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD5VEphCoBagVY6+3PNnrwahC+oH5kVuBCGPzm5gjohoZLW
KidSolGy7q5BH/R4iQSiVH8o4gim61QH7Ae1mjZianiHzlf1IdiR05Lthu2Lxlx2
1ccBbkaGFzK0/lz3j/SvQrksXsTl6kbS1y2OuN3bbe23gv0h+TsBB+PBL2kOt3yh
2ImOi4vRi1ly/r1feUoGukt99b5g+KRNOxB0M9qcpULHOuLwVT1kM/4WRrRMLAkG
8UPk4PeIq3F7I3Vf6Tl79PbmN7z/fPrVPk5wktQjJo+UmIbfOVq0YOv9+bpAsLex
cUmugWgvSHydsf2QqhipnyBWhKTF5UX1JbJ69qSXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUk53XGj44TUoyFXAHdNKQpvt6/WkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlZGU1NTQzLTFlZWQtNDQ3My04OTY5LWRmMGNlM2FlZmQ2MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4fTANBgkqhkiG9w0BAQsFAAOCAQEAkbcBxaPfy0umIuoXCz0tK3eKmd1B
R5derKjCEFrHBwDTihcBaR5+Ed6RUWurM81qVjCwrd5j9ETCkzIvD5NoG/ooNFDE
eoWlixxC7tYvkFK6W+CVXrzrDwPaSpuxPOjZICFHPbPWStw40g8q0d+GngGmfImz
er4ThW/OnFyIpBN2Lli6upfisqOejNtr5XmuWsdu+pHJfv393SrbuT6JJLhJX6D7
7q/Rq/ZWt/somqbEuu+ktCa6d62DwFbBaIIxwvkUkyyQsQfA2wrOeVMQyOhuwivO
0EU7QmRneb4LDR8MNzeG16DWjbYax3RpLvtl8oa6QtzkvfQVlZJ/oK9SqA==
-----END CERTIFICATE-----