Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/489cd053-7758-46e7-8b64-3fb90765e375.roa
File:                     489cd053-7758-46e7-8b64-3fb90765e375.roa (raw, json)
Hash identifier:          hPWxFnEGNJu3/rA63h0pu+8mAc4r251LziDnrh6rD0w=
Subject key identifier:   86:81:04:4B:15:BC:8E:6C:63:D3:08:9C:EE:11:95:77:0E:1D:09:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5064D241020A6D8531C06B7AD13970548320C9DD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/489cd053-7758-46e7-8b64-3fb90765e375.roa
Signing time:             Wed 12 Mar 2025 00:00:26 +0000
ROA not before:           Wed 12 Mar 2025 00:00:26 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        139.56.0.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:64:d2:41:02:0a:6d:85:31:c0:6b:7a:d1:39:70:54:83:20:c9:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:00:26 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: serialNumber=5c3e97d119644d59bf59d4bd3a7276777d06ba83b77a61afe88e1647e0457929, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c4:4b:47:c5:53:b2:bd:01:01:02:37:48:33:
                    5c:7f:5f:04:aa:71:36:f7:45:70:f7:77:bd:76:88:
                    e4:a0:8f:0f:a3:57:35:bf:37:45:b3:81:ba:65:3c:
                    de:cc:ac:09:92:35:9d:dc:c6:eb:90:76:0f:99:95:
                    e8:f6:59:8e:0e:fb:2c:18:a3:1c:2a:b0:4d:e1:78:
                    a4:44:65:02:8a:8a:35:ed:29:f9:04:15:e2:4b:a8:
                    2c:f4:b7:48:10:c1:0f:1a:7d:d6:6f:be:38:c8:84:
                    7f:4c:35:9b:be:63:31:4e:fd:dc:b0:14:3c:10:3e:
                    0f:88:57:cf:49:ef:c3:d0:9f:23:66:20:65:6a:66:
                    78:21:34:0f:7d:fd:6d:f6:38:f1:a5:7e:5a:48:71:
                    2b:c1:c6:7d:10:3d:ac:d5:53:8f:96:4b:8c:59:0a:
                    29:8a:17:12:e4:42:53:48:2d:8b:b6:26:c7:a1:f2:
                    24:37:72:05:99:b7:13:12:46:ba:b3:db:85:c7:0c:
                    a8:13:74:50:45:f5:9f:26:92:25:ba:50:16:a6:aa:
                    bc:db:54:87:d5:af:c8:cd:3c:aa:1a:cf:cc:d0:85:
                    dc:0f:8a:8c:a6:06:2b:7f:d5:6c:3e:34:57:b4:79:
                    22:8f:36:1e:7f:0e:52:ae:8c:e7:fd:3e:15:d6:df:
                    e8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:81:04:4B:15:BC:8E:6C:63:D3:08:9C:EE:11:95:77:0E:1D:09:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/489cd053-7758-46e7-8b64-3fb90765e375.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:ae:33:6c:cc:00:00:0e:d7:66:31:13:12:28:13:39:69:63:
         18:be:bc:81:33:01:aa:91:da:0e:76:89:7a:5b:3b:02:56:0e:
         2c:bd:55:37:b7:96:93:ee:92:98:36:88:9b:e4:94:54:09:6d:
         be:a9:c3:bf:fa:ea:d5:2b:9c:3e:f0:6a:8b:53:19:30:57:41:
         6d:3d:d9:a5:dd:e2:45:2d:fb:f8:2f:80:b7:2f:3a:f7:52:b4:
         ed:11:89:f6:73:db:dd:ab:1b:08:2b:8e:cb:ad:7c:d8:85:79:
         b5:1d:0f:33:ab:10:4c:12:ec:bc:ad:ce:da:60:e5:83:64:91:
         30:b4:a0:6d:9f:0a:48:bd:7e:8e:47:af:b4:ba:5b:f7:af:6e:
         1a:59:c5:ba:0a:23:af:8c:9d:9b:e2:e8:51:3f:7d:25:91:26:
         9b:a4:c6:1c:7e:0c:cc:da:d9:f8:8b:4c:55:bc:c0:c6:60:96:
         5e:60:d2:af:85:57:ab:33:13:c5:87:9b:9c:71:1b:95:92:4f:
         58:fe:5a:5f:c2:55:dd:ee:aa:1e:cc:a9:1d:6b:7a:42:7f:3e:
         1b:11:fa:3f:c4:58:ee:83:66:2a:a6:44:e3:77:60:cd:de:f0:
         35:64:e3:c4:2c:d6:09:61:23:83:37:34:4b:20:dc:34:6d:53:
         ad:1f:fd:28
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUGTSQQIKbYUxwGt60TlwVIMgyd0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAwMDI2WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YzNlOTdkMTE5NjQ0ZDU5YmY1OWQ0YmQzYTcyNzY3Nzdk
MDZiYTgzYjc3YTYxYWZlODhlMTY0N2UwNDU3OTI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLxEtHxVOyvQEBAjdIM1x/XwSqcTb3RXD3d712iOSgjw+j
VzW/N0WzgbplPN7MrAmSNZ3cxuuQdg+Zlej2WY4O+ywYoxwqsE3heKREZQKKijXt
KfkEFeJLqCz0t0gQwQ8afdZvvjjIhH9MNZu+YzFO/dywFDwQPg+IV89J78PQnyNm
IGVqZnghNA99/W32OPGlflpIcSvBxn0QPazVU4+WS4xZCimKFxLkQlNILYu2Jseh
8iQ3cgWZtxMSRrqz24XHDKgTdFBF9Z8mkiW6UBamqrzbVIfVr8jNPKoaz8zQhdwP
ioymBit/1Ww+NFe0eSKPNh5/DlKujOf9PhXW3+iTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhoEESxW8jmxj0wic7hGVdw4dCWAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4OWNkMDUzLTc3NTgtNDZlNy04YjY0LTNmYjkwNzY1ZTM3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACLOAAwDQYJKoZIhvcNAQELBQADggEBALCuM2zMAAAO12YxExIoEzlpYxi+
vIEzAaqR2g52iXpbOwJWDiy9VTe3lpPukpg2iJvklFQJbb6pw7/66tUrnD7waotT
GTBXQW092aXd4kUt+/gvgLcvOvdStO0RifZz292rGwgrjsutfNiFebUdDzOrEEwS
7Lytztpg5YNkkTC0oG2fCki9fo5Hr7S6W/evbhpZxboKI6+MnZvi6FE/fSWRJpuk
xhx+DMza2fiLTFW8wMZgll5g0q+FV6szE8WHm5xxG5WST1j+Wl/CVd3uqh7MqR1r
ekJ/PhsR+j/EWO6DZiqmRON3YM3e8DVk48Qs1glhI4M3NEsg3DRtU60f/Sg=
-----END CERTIFICATE-----