Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/609a62e2-5912-4a73-90de-1c26a8d590f3.roa
File:                     609a62e2-5912-4a73-90de-1c26a8d590f3.roa (raw, json)
Hash identifier:          ke+X//7ZRaQoQp6vc+5nrbdfJG368yjOqw7obo5xY5w=
Subject key identifier:   83:AF:1E:92:D3:9A:0C:04:48:1E:72:BA:0B:52:F2:AC:D9:92:57:D0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4D0D2D64B802B7B84D2EABDF8A9F57B8E4A21AA9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/609a62e2-5912-4a73-90de-1c26a8d590f3.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.56.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:0d:2d:64:b8:02:b7:b8:4d:2e:ab:df:8a:9f:57:b8:e4:a2:1a:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=243c2b23109b5842ac9303dc54ceec6cf581c4e978270fe195a5ce5724c20399, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:19:e4:fc:51:89:5f:b5:c7:39:69:e8:29:6d:
                    03:58:b7:67:95:34:1a:68:a8:61:13:47:63:6f:fa:
                    eb:be:00:55:9b:9e:dc:8c:d6:36:2c:78:87:c9:f5:
                    74:cf:d9:7a:b0:75:cf:02:15:b2:dd:1a:7a:08:a2:
                    78:14:65:36:80:25:95:d3:9f:ab:76:a1:a8:70:49:
                    07:85:a4:26:0b:5e:11:f0:a6:a9:27:ac:84:19:8c:
                    e6:1a:b3:bd:8b:dd:2a:72:c6:34:3d:f7:6b:2e:d3:
                    08:a1:8d:07:4a:b8:7a:ce:6c:2c:04:6a:e0:38:7b:
                    38:2c:05:d4:7e:7d:28:22:32:2f:0c:36:6e:56:76:
                    85:29:59:c3:0d:df:77:b4:77:65:24:8b:48:e2:4d:
                    83:a8:a0:99:ca:d8:93:0f:61:f6:a7:d6:d3:cc:c9:
                    78:f7:e9:4e:5c:61:27:6a:2b:5f:e0:4a:f5:18:6e:
                    b2:84:44:6b:00:13:fe:4b:4b:f3:ed:4d:70:ad:c8:
                    63:5c:5f:b6:b9:6a:df:51:57:0f:13:4f:51:52:57:
                    10:b4:d8:c5:d9:18:af:b1:72:c0:c4:c8:78:02:8e:
                    10:83:9d:21:34:be:75:db:15:dd:14:19:07:de:86:
                    ad:05:b0:ca:b2:7d:f4:4d:3a:9d:62:0e:c6:e6:0c:
                    c3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:AF:1E:92:D3:9A:0C:04:48:1E:72:BA:0B:52:F2:AC:D9:92:57:D0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/609a62e2-5912-4a73-90de-1c26a8d590f3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         45:4a:49:49:1b:7e:6d:2e:12:66:ed:a4:03:1e:6b:76:62:61:
         e6:59:a1:2a:1f:db:c0:c5:11:c7:3c:89:05:20:c4:87:8d:f8:
         be:1c:8b:ef:db:3e:a7:57:37:68:37:91:93:99:c5:0a:b7:de:
         52:8e:cc:a6:65:3e:dc:a8:b6:0a:35:08:6a:30:50:33:fc:ae:
         8f:de:fa:5d:c5:c0:a6:11:59:5b:a0:23:72:61:7b:a0:db:0e:
         53:91:e5:8e:4e:9c:d0:c3:15:b9:9c:17:ac:bf:0b:f0:f0:5a:
         ce:cc:65:93:05:af:3f:4c:f6:dd:1b:23:80:bf:67:89:22:e0:
         80:db:7e:91:16:5f:5f:51:86:52:2c:ab:bf:d8:22:b8:31:3e:
         8a:9a:f5:3e:7e:27:bf:4d:5b:e3:b8:f4:11:f2:94:73:bb:2d:
         eb:10:5f:63:b3:a4:46:46:7f:2e:03:f8:cb:0e:63:42:69:3d:
         0d:c9:b0:19:6c:19:95:96:b1:7e:57:37:25:91:b7:c1:0e:86:
         78:da:32:61:dc:dc:6e:23:6d:f4:03:51:58:93:2a:e7:49:c4:
         8d:70:8a:2b:6b:39:7b:98:9d:39:21:fb:e7:fd:29:72:c6:87:
         eb:16:71:93:a7:1b:ee:5c:c4:af:86:b7:99:d4:aa:b5:59:92:
         01:74:63:41
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTQ0tZLgCt7hNLqvfip9XuOSiGqkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNDNjMmIyMzEwOWI1ODQyYWM5MzAzZGM1NGNlZWM2Y2Y1
ODFjNGU5NzgyNzBmZTE5NWE1Y2U1NzI0YzIwMzk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqGeT8UYlftcc5aegpbQNYt2eVNBpoqGETR2Nv+uu+AFWb
ntyM1jYseIfJ9XTP2Xqwdc8CFbLdGnoIongUZTaAJZXTn6t2oahwSQeFpCYLXhHw
pqknrIQZjOYas72L3SpyxjQ992su0wihjQdKuHrObCwEauA4ezgsBdR+fSgiMi8M
Nm5WdoUpWcMN33e0d2Uki0jiTYOooJnK2JMPYfan1tPMyXj36U5cYSdqK1/gSvUY
brKERGsAE/5LS/PtTXCtyGNcX7a5at9RVw8TT1FSVxC02MXZGK+xcsDEyHgCjhCD
nSE0vnXbFd0UGQfehq0FsMqyffRNOp1iDsbmDMMrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUg68ektOaDARIHnK6C1LyrNmSV9AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwOWE2MmUyLTU5MTItNGE3My05MGRlLTFjMjZhOGQ1OTBmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4ODANBgkqhkiG9w0BAQsFAAOCAQEARUpJSRt+bS4SZu2kAx5rdmJh5lmh
Kh/bwMURxzyJBSDEh434vhyL79s+p1c3aDeRk5nFCrfeUo7MpmU+3Ki2CjUIajBQ
M/yuj976XcXAphFZW6AjcmF7oNsOU5Hljk6c0MMVuZwXrL8L8PBazsxlkwWvP0z2
3RsjgL9niSLggNt+kRZfX1GGUiyrv9giuDE+ipr1Pn4nv01b47j0EfKUc7st6xBf
Y7OkRkZ/LgP4yw5jQmk9DcmwGWwZlZaxflc3JZG3wQ6GeNoyYdzcbiNt9ANRWJMq
50nEjXCKK2s5e5idOSH75/0pcsaH6xZxk6cb7lzEr4a3mdSqtVmSAXRjQQ==
-----END CERTIFICATE-----