Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32e77c6f-6ea6-42b2-882a-1ef8a9703b94.roa
File:                     32e77c6f-6ea6-42b2-882a-1ef8a9703b94.roa (raw, json)
Hash identifier:          t7P5uXGwIwfPAYXuREfotUiLoShdPAwk1P3DzdP317g=
Subject key identifier:   F2:3F:68:61:2A:DB:37:ED:B0:B6:07:D9:EE:30:06:AC:83:29:3B:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       30CDB2207798FA28FAB565B7449902F95E727BAF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32e77c6f-6ea6-42b2-882a-1ef8a9703b94.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.255.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:cd:b2:20:77:98:fa:28:fa:b5:65:b7:44:99:02:f9:5e:72:7b:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=a3934ea7b4d9cfe2ba4dab0a565f2789ff387cc16ce72abc3b20f2afc9a178aa, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ef:45:16:42:c5:f2:50:ba:ee:19:75:0b:68:
                    dd:cb:1f:3d:8f:4d:13:a9:65:9c:33:1e:6d:c9:f6:
                    36:52:79:ca:9b:d3:04:f9:95:82:65:56:74:e6:81:
                    a1:b7:e4:4d:b6:ff:07:36:1e:49:23:a4:22:84:6f:
                    03:7a:a8:ad:b3:13:b5:b8:3e:0d:9d:ac:15:c6:03:
                    42:99:92:e9:9c:18:1c:b2:f4:b3:97:4f:a6:00:b5:
                    1f:94:5c:19:3f:ff:a9:f7:eb:b3:95:e5:61:0f:8e:
                    3a:86:82:d6:91:81:a8:c6:2e:ce:33:f5:15:ee:c4:
                    b1:b1:d0:e3:a9:42:55:3b:de:21:ae:0e:76:30:74:
                    69:82:83:6d:21:f7:60:4d:96:c8:cb:ea:b7:50:07:
                    0a:4c:3a:03:30:89:1f:5f:4d:6f:43:9c:5f:95:f4:
                    6f:fc:ff:68:ac:cf:c8:27:b7:45:33:e5:f0:59:4e:
                    a9:00:71:f0:3f:65:d9:37:31:51:0a:08:9c:58:cb:
                    18:96:b0:f1:57:8f:05:3e:fc:05:f2:ff:22:16:81:
                    af:43:b9:34:7b:10:cf:f2:8c:40:21:a6:5d:5b:cf:
                    18:e7:75:e2:ad:01:c8:af:ac:28:f4:ed:47:db:72:
                    a7:a8:d9:e6:a2:ad:d9:9b:5e:08:a7:fa:38:e8:50:
                    fd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3F:68:61:2A:DB:37:ED:B0:B6:07:D9:EE:30:06:AC:83:29:3B:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/32e77c6f-6ea6-42b2-882a-1ef8a9703b94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.255.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         bd:33:8e:57:0b:0d:4f:7e:b2:12:99:da:da:b4:eb:3c:d0:6a:
         ae:3a:11:72:bc:31:26:28:3b:45:0c:ae:5e:a5:b9:e4:e6:5b:
         9f:1d:e4:81:84:8d:ee:64:51:50:c2:34:2e:15:ad:e8:5b:aa:
         f6:0e:49:94:60:64:10:f5:b0:0f:6b:f6:76:c3:79:6c:9e:18:
         2e:1e:2d:c2:f3:29:4f:b1:d8:8d:5c:53:c8:8e:52:c6:cb:1f:
         d4:bd:5f:92:31:4b:fa:b2:a6:53:5c:44:a7:22:72:2c:46:85:
         11:03:11:44:47:d4:c4:ef:bb:37:7e:ff:17:86:7f:c5:b1:46:
         f8:80:01:1e:08:a3:6b:66:c6:2d:bb:01:c1:b8:eb:98:81:08:
         fe:65:fd:ca:c3:31:82:85:b8:74:b7:47:1b:5f:e9:c1:6a:10:
         3d:55:10:3b:b7:21:56:14:1e:fc:3a:ea:11:3b:17:b3:05:62:
         82:6a:e5:fa:d8:d9:8a:32:a3:9e:d2:4e:be:9b:23:bf:bb:67:
         e5:50:e7:6b:6f:4e:af:d6:dc:62:f6:d8:ac:d5:5d:3a:7b:6f:
         24:63:4d:31:24:5c:c6:8d:52:12:52:de:c1:a5:85:d3:4f:23:
         29:6d:a2:52:fe:36:1d:3e:44:7c:29:26:fc:ce:f9:cd:6d:44:
         0f:ab:18:fa
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMM2yIHeY+ij6tWW3RJkC+V5ye68wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzkzNGVhN2I0ZDljZmUyYmE0ZGFiMGE1NjVmMjc4OWZm
Mzg3Y2MxNmNlNzJhYmMzYjIwZjJhZmM5YTE3OGFhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC170UWQsXyULruGXULaN3LHz2PTROpZZwzHm3J9jZSecqb
0wT5lYJlVnTmgaG35E22/wc2HkkjpCKEbwN6qK2zE7W4Pg2drBXGA0KZkumcGByy
9LOXT6YAtR+UXBk//6n367OV5WEPjjqGgtaRgajGLs4z9RXuxLGx0OOpQlU73iGu
DnYwdGmCg20h92BNlsjL6rdQBwpMOgMwiR9fTW9DnF+V9G/8/2isz8gnt0Uz5fBZ
TqkAcfA/Zdk3MVEKCJxYyxiWsPFXjwU+/AXy/yIWga9DuTR7EM/yjEAhpl1bzxjn
deKtAcivrCj07Ufbcqeo2eairdmbXgin+jjoUP0HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU8j9oYSrbN+2wtgfZ7jAGrIMpO5UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMyZTc3YzZmLTZlYTYtNDJiMi04ODJhLTFlZjhhOTcwM2I5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4/zANBgkqhkiG9w0BAQsFAAOCAQEAvTOOVwsNT36yEpna2rTrPNBqrjoR
crwxJig7RQyuXqW55OZbnx3kgYSN7mRRUMI0LhWt6Fuq9g5JlGBkEPWwD2v2dsN5
bJ4YLh4twvMpT7HYjVxTyI5Sxssf1L1fkjFL+rKmU1xEpyJyLEaFEQMRREfUxO+7
N37/F4Z/xbFG+IABHgija2bGLbsBwbjrmIEI/mX9ysMxgoW4dLdHG1/pwWoQPVUQ
O7chVhQe/DrqETsXswVigmrl+tjZijKjntJOvpsjv7tn5VDna29Or9bcYvbYrNVd
OntvJGNNMSRcxo1SElLewaWF008jKW2iUv42HT5EfCkm/M75zW1ED6sY+g==
-----END CERTIFICATE-----