Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434182f4-255e-444e-a41c-db33d5aca2b9.roa
File:                     434182f4-255e-444e-a41c-db33d5aca2b9.roa (raw, json)
Hash identifier:          innzGKzvZSqER/hdQ2u8KP3cdo0WFKPqHE65by+R/rM=
Subject key identifier:   43:45:64:AA:3F:3A:F2:DE:F4:F7:BC:7B:FB:85:F1:29:B2:BA:70:6A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       39D3DD734B757D8076EAE76B6E7D5473B166042C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434182f4-255e-444e-a41c-db33d5aca2b9.roa
Signing time:             Fri 07 Mar 2025 00:01:35 +0000
ROA not before:           Fri 07 Mar 2025 00:01:35 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        139.56.3.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:d3:dd:73:4b:75:7d:80:76:ea:e7:6b:6e:7d:54:73:b1:66:04:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  7 00:01:35 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: serialNumber=ce986f4715a5bed29bc40f0be79b592f914c3c1b4dee1586c2975d63e25b8fe6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:59:a6:1b:64:a2:d9:d6:58:6a:a4:16:db:83:
                    69:61:5f:d2:c1:4a:eb:d0:ed:11:bb:f0:24:44:57:
                    df:87:91:3d:aa:5b:0a:39:3b:01:f6:4c:24:d3:4f:
                    be:da:57:8b:56:31:78:b6:69:04:bb:b7:3c:ff:8c:
                    63:98:d0:44:b1:24:c7:04:bc:53:cd:51:69:e0:6e:
                    f3:d9:65:0f:e9:df:a9:e1:d3:ca:aa:72:59:b5:e4:
                    f8:94:a7:ab:c5:39:1f:46:1f:cb:b5:ba:ea:2d:6d:
                    2b:10:04:9e:0a:24:c6:8e:82:8e:fe:22:37:15:fb:
                    01:e6:55:8a:8a:8f:5a:bc:d4:61:d9:5c:be:f6:64:
                    73:71:f8:6e:7c:61:27:2a:d3:45:c9:07:f3:3e:62:
                    60:4d:67:1c:e4:61:9c:89:b3:c5:d3:a8:3a:99:b3:
                    21:1a:a7:ae:e1:b0:13:4d:37:f1:8a:33:58:bb:f2:
                    18:4a:db:46:12:88:a4:ea:6f:17:ac:a6:b6:1a:7f:
                    ba:e0:20:75:7c:39:d6:eb:77:56:6e:36:d7:11:42:
                    ce:19:65:74:68:b1:11:12:83:4b:d7:27:d4:a6:a1:
                    99:6e:cf:d7:27:93:f9:e8:d5:50:c5:34:32:c7:ba:
                    9f:ff:9f:e6:5b:d3:20:81:f5:f2:21:4a:b2:ac:33:
                    c9:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:45:64:AA:3F:3A:F2:DE:F4:F7:BC:7B:FB:85:F1:29:B2:BA:70:6A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/434182f4-255e-444e-a41c-db33d5aca2b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:94:da:96:9d:4e:92:23:2f:d9:77:08:16:ef:df:70:96:4e:
         2c:1e:81:b1:e4:34:86:d5:13:79:c9:5f:3a:06:d4:a2:0b:8d:
         68:aa:cf:60:05:bb:d1:35:e5:e8:fb:22:e2:23:8b:50:50:35:
         0f:68:b0:b8:eb:a6:1e:ec:18:97:e7:bb:53:84:9f:d4:48:ff:
         ce:63:19:f1:61:a8:8b:ef:18:70:da:f8:af:6a:e4:9f:ff:7b:
         25:f4:20:93:a1:94:af:32:12:46:82:ef:2c:0f:f4:97:29:0a:
         4e:29:a7:f7:0a:75:1d:5b:0a:4a:18:91:3f:c2:24:d5:06:2e:
         bd:ce:80:42:86:d7:45:73:ef:f5:6e:62:6f:04:56:fe:1b:60:
         d1:96:0f:7e:46:18:d9:16:f2:34:7e:5b:71:cd:5c:6c:e9:d9:
         e8:65:4a:a5:04:7c:6e:c8:1f:6f:62:dc:96:9c:52:5f:92:7f:
         b7:c7:b9:88:39:e8:31:75:10:37:33:f2:2f:f2:ce:ba:f6:c2:
         eb:aa:99:8a:df:d1:e4:d4:15:ef:cf:c1:8e:2d:56:15:39:5d:
         78:16:c1:f4:f5:ac:30:01:41:b3:7e:05:8b:5e:c8:af:51:57:
         5b:36:ec:cd:1a:69:7e:9d:c0:6d:ea:56:9c:58:7b:64:73:a3:
         28:49:5f:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOdPdc0t1fYB26udrbn1Uc7FmBCwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA3MDAwMTM1WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTk4NmY0NzE1YTViZWQyOWJjNDBmMGJlNzliNTkyZjkx
NGMzYzFiNGRlZTE1ODZjMjk3NWQ2M2UyNWI4ZmU2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2WaYbZKLZ1lhqpBbbg2lhX9LBSuvQ7RG78CREV9+HkT2q
Wwo5OwH2TCTTT77aV4tWMXi2aQS7tzz/jGOY0ESxJMcEvFPNUWngbvPZZQ/p36nh
08qqclm15PiUp6vFOR9GH8u1uuotbSsQBJ4KJMaOgo7+IjcV+wHmVYqKj1q81GHZ
XL72ZHNx+G58YScq00XJB/M+YmBNZxzkYZyJs8XTqDqZsyEap67hsBNNN/GKM1i7
8hhK20YSiKTqbxesprYaf7rgIHV8Odbrd1ZuNtcRQs4ZZXRosRESg0vXJ9SmoZlu
z9cnk/no1VDFNDLHup//n+Zb0yCB9fIhSrKsM8khAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQ0Vkqj868t7097x7+4XxKbK6cGowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzNDE4MmY0LTI1NWUtNDQ0ZS1hNDFjLWRiMzNkNWFjYTJiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACLOAMwDQYJKoZIhvcNAQELBQADggEBAByU2padTpIjL9l3CBbv33CWTiwe
gbHkNIbVE3nJXzoG1KILjWiqz2AFu9E15ej7IuIji1BQNQ9osLjrph7sGJfnu1OE
n9RI/85jGfFhqIvvGHDa+K9q5J//eyX0IJOhlK8yEkaC7ywP9JcpCk4pp/cKdR1b
CkoYkT/CJNUGLr3OgEKG10Vz7/VuYm8EVv4bYNGWD35GGNkW8jR+W3HNXGzp2ehl
SqUEfG7IH29i3JacUl+Sf7fHuYg56DF1EDcz8i/yzrr2wuuqmYrf0eTUFe/PwY4t
VhU5XXgWwfT1rDABQbN+BYteyK9RV1s27M0aaX6dwG3qVpxYe2RzoyhJX54=
-----END CERTIFICATE-----