Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/599d7948-45f6-4d90-a4c7-9b9d61599eed.roa
File:                     599d7948-45f6-4d90-a4c7-9b9d61599eed.roa (raw, json)
Hash identifier:          u+rin2EdSj8UTt81jduJ1SJa1/50UsTqWkeFweJ7yRc=
Subject key identifier:   C4:AB:7B:8E:69:D7:9C:81:88:F9:1D:59:76:83:76:2B:E0:EA:18:33
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D6F70764A7B9465D53321521CD5688817F08186
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/599d7948-45f6-4d90-a4c7-9b9d61599eed.roa
Signing time:             Fri 29 Nov 2024 00:00:00 +0000
ROA not before:           Fri 29 Nov 2024 00:00:00 +0000
ROA not after:            Fri 03 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.124.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:6f:70:76:4a:7b:94:65:d5:33:21:52:1c:d5:68:88:17:f0:81:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 29 00:00:00 2024 GMT
            Not After : Jan  3 23:59:59 2025 GMT
        Subject: serialNumber=0f24372b7e4404912ff6d3ab89c2d3c4393244abb58fa8c2279eabe532f86a36, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b2:91:32:4b:d0:22:cd:79:4f:12:04:be:9f:
                    28:6f:d9:14:be:33:db:7f:33:e6:b4:88:cd:d2:54:
                    07:78:fe:06:ae:03:8e:1f:71:97:49:2a:cf:76:8c:
                    3e:3a:4c:25:d8:3c:f2:dd:68:c3:5c:c7:64:19:5b:
                    81:f8:09:f4:25:ac:c9:27:82:e1:bc:90:84:d5:ef:
                    40:2b:ad:15:ee:34:46:05:4d:ed:0c:27:f3:a5:2d:
                    02:e9:6f:72:9a:15:fa:ab:c8:8a:70:af:fd:4d:f9:
                    8b:97:b9:54:9b:ae:6f:f1:8a:00:3e:25:86:8f:15:
                    76:cf:0f:fb:c5:dc:52:ce:1e:e6:9a:e5:3d:aa:95:
                    17:42:f9:a4:51:bb:49:93:b5:f9:fe:73:f1:1b:73:
                    2f:93:05:fd:ba:6a:e2:8d:db:ee:3f:ec:d7:f4:e9:
                    8a:e6:16:7f:47:50:2a:88:93:1f:88:c5:09:d5:86:
                    37:53:e4:57:a1:b8:8f:61:e2:27:74:2b:ff:7f:9c:
                    a2:fd:41:a2:72:82:21:5b:b3:df:a0:37:1e:77:9f:
                    1f:4b:87:2f:24:5b:31:3e:00:3c:95:b2:c3:b9:fa:
                    0d:23:05:88:20:c4:a6:a9:e9:f9:ff:14:1e:15:74:
                    ff:88:28:a6:60:be:e1:0e:d4:15:9d:1f:c2:95:d1:
                    fc:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:AB:7B:8E:69:D7:9C:81:88:F9:1D:59:76:83:76:2B:E0:EA:18:33
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/599d7948-45f6-4d90-a4c7-9b9d61599eed.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.124.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d2:eb:66:17:7c:27:a0:32:73:a1:9b:39:05:61:81:a4:d6:83:
         b9:53:6c:5f:6c:3e:f2:03:4a:5b:31:61:d6:71:93:e3:af:83:
         e5:6a:1e:b8:ff:93:fa:4e:2b:a2:05:62:0d:6a:39:f0:ea:65:
         cf:54:66:3d:c7:41:44:63:d1:95:08:a9:54:34:7e:b1:b8:e5:
         02:78:27:31:de:8a:9b:c1:f2:c6:7a:16:33:f6:bd:2f:e7:88:
         f0:1e:ad:fa:af:28:72:58:a3:f8:1a:00:dc:c1:ef:24:56:55:
         be:9c:ce:f7:cd:b8:85:d9:25:38:c7:c8:90:2d:08:4e:3a:65:
         43:e0:00:12:8f:d5:62:42:30:1a:ea:b8:4d:29:5e:9e:69:85:
         b5:d7:a7:b3:bf:ba:8f:07:a6:3e:0c:27:fd:a2:d1:14:8e:4e:
         01:bd:dd:6f:ad:8b:7f:61:4b:ef:e0:83:ba:11:4f:5a:14:d0:
         8b:c5:f9:34:e3:0a:4c:6a:c9:85:8d:e4:e0:e5:76:79:62:4d:
         e3:fd:6f:48:5e:b9:22:ef:11:76:e3:3a:9f:9e:b2:e3:b4:a7:
         39:9c:0c:58:5e:46:a1:1c:ad:04:7c:40:1e:cd:57:fc:aa:2e:
         70:ea:48:69:99:3f:97:5d:6d:ea:a8:4b:05:ef:ec:41:d2:d9:
         98:bb:12:b6
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTW9wdkp7lGXVMyFSHNVoiBfwgYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTI5MDAwMDAwWhcNMjUwMTAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZjI0MzcyYjdlNDQwNDkxMmZmNmQzYWI4OWMyZDNjNDM5
MzI0NGFiYjU4ZmE4YzIyNzllYWJlNTMyZjg2YTM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLspEyS9AizXlPEgS+nyhv2RS+M9t/M+a0iM3SVAd4/gau
A44fcZdJKs92jD46TCXYPPLdaMNcx2QZW4H4CfQlrMknguG8kITV70ArrRXuNEYF
Te0MJ/OlLQLpb3KaFfqryIpwr/1N+YuXuVSbrm/xigA+JYaPFXbPD/vF3FLOHuaa
5T2qlRdC+aRRu0mTtfn+c/Ebcy+TBf26auKN2+4/7Nf06YrmFn9HUCqIkx+IxQnV
hjdT5FehuI9h4id0K/9/nKL9QaJygiFbs9+gNx53nx9Lhy8kWzE+ADyVssO5+g0j
BYggxKap6fn/FB4VdP+IKKZgvuEO1BWdH8KV0fwZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUxKt7jmnXnIGI+R1ZdoN2K+DqGDMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU5OWQ3OTQ4LTQ1ZjYtNGQ5MC1hNGM3LTliOWQ2MTU5OWVlZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4fDANBgkqhkiG9w0BAQsFAAOCAQEA0utmF3wnoDJzoZs5BWGBpNaDuVNs
X2w+8gNKWzFh1nGT46+D5WoeuP+T+k4rogViDWo58Oplz1RmPcdBRGPRlQipVDR+
sbjlAngnMd6Km8HyxnoWM/a9L+eI8B6t+q8oclij+BoA3MHvJFZVvpzO9824hdkl
OMfIkC0ITjplQ+AAEo/VYkIwGuq4TSlenmmFtdens7+6jwemPgwn/aLRFI5OAb3d
b62Lf2FL7+CDuhFPWhTQi8X5NOMKTGrJhY3k4OV2eWJN4/1vSF65Iu8RduM6n56y
47SnOZwMWF5GoRytBHxAHs1X/KoucOpIaZk/l11t6qhLBe/sQdLZmLsStg==
-----END CERTIFICATE-----