Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60b17ed8-248e-4398-ab16-c9f1ef60e1d3.roa
File:                     60b17ed8-248e-4398-ab16-c9f1ef60e1d3.roa (raw, json)
Hash identifier:          mQ5IyMcjMLtj8pG+6dLWEBJrVUlLg9z4Hj4U0cVccXw=
Subject key identifier:   0B:2D:29:67:86:BC:17:98:D1:7F:62:BF:BE:CE:FF:A8:FA:7D:F4:BB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       05C2A0C2C858D7EB06C79590D8CD10275F44C165
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60b17ed8-248e-4398-ab16-c9f1ef60e1d3.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.65.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:c2:a0:c2:c8:58:d7:eb:06:c7:95:90:d8:cd:10:27:5f:44:c1:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: serialNumber=a8731741cc3b14db4fb90af621873893d0ece6fd3a9e6be8bc47f778b8f8979f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:68:d2:d7:fe:78:85:a7:8f:19:f1:70:fa:41:
                    12:da:11:44:e9:0c:55:3a:b0:e4:3f:82:17:9a:f0:
                    e9:a2:40:fe:8b:4a:c6:53:2d:1b:5b:87:71:d6:b5:
                    88:9c:29:e2:51:95:39:34:a3:3f:30:19:00:27:4e:
                    f5:87:80:bb:e9:42:ae:8a:54:8a:ee:22:e0:78:7a:
                    e7:33:f1:4c:6e:2e:73:cf:80:e7:ca:ce:ce:d5:50:
                    71:f4:d2:26:d1:b9:57:af:2a:4a:2d:a0:57:28:9c:
                    e4:05:66:60:52:e1:53:5c:3c:93:3f:8a:7e:40:46:
                    7d:70:97:a1:cc:7f:b2:cd:42:0c:97:f6:c2:01:d1:
                    55:75:51:3a:26:d6:b2:c2:df:9b:75:83:fd:ca:54:
                    46:f4:20:c4:74:10:eb:04:2b:b8:f8:23:cf:5e:29:
                    4e:cb:5c:ec:f6:75:dd:a0:9e:94:9a:f9:f1:49:41:
                    ea:56:49:4d:dc:9f:29:20:0f:e6:85:e0:2c:64:4c:
                    6d:2d:9b:bf:b1:1f:22:81:57:41:26:00:ca:94:08:
                    4d:7c:91:b3:bf:3e:6a:24:a1:3a:36:7c:78:d4:54:
                    e8:ee:5f:f1:03:22:06:25:04:08:30:26:1b:52:88:
                    84:15:fc:02:f8:b0:bd:87:c8:9f:6e:75:b1:09:4d:
                    af:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:2D:29:67:86:BC:17:98:D1:7F:62:BF:BE:CE:FF:A8:FA:7D:F4:BB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/60b17ed8-248e-4398-ab16-c9f1ef60e1d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a2:b3:2d:a9:22:8d:c2:22:a8:65:f5:85:9b:fd:91:0a:12:72:
         81:e8:b5:c9:b7:a0:5b:c4:35:6f:7a:4e:05:01:cf:bf:85:10:
         28:a1:41:63:84:c9:c8:1d:f2:77:53:a3:61:94:a9:20:b8:3e:
         e8:48:da:8f:c7:02:1e:21:10:43:3d:05:f0:87:d0:8d:14:15:
         71:9a:b6:17:b0:5f:4e:00:9d:39:93:cb:1b:d8:ac:3a:e3:79:
         f2:01:bc:0c:ca:5d:b7:ee:f0:5c:1b:d6:51:e2:2f:d6:6e:4d:
         77:4f:0b:fd:6f:ba:60:72:08:25:1f:97:1d:2d:7c:42:15:28:
         33:a3:0e:c4:1e:d4:b1:38:e5:30:95:34:39:b8:68:21:04:31:
         57:57:61:ca:59:55:1d:55:7b:74:95:f6:0e:02:1b:96:57:7b:
         c2:d3:17:ac:63:69:b6:65:ba:4d:84:cd:9a:81:23:d4:47:32:
         0a:b3:74:bd:f0:5b:df:c6:c9:f3:bd:7d:61:f1:98:2a:09:54:
         25:b7:09:7d:e3:69:57:5a:97:1d:fc:3a:36:bd:a4:64:91:90:
         93:89:1d:49:88:f3:cb:0e:9c:d0:6c:5b:bf:04:7e:d6:60:7d:
         b5:b2:29:a0:a6:22:be:23:02:95:79:8f:e2:9c:1b:fa:66:57:
         32:87:3d:cb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBcKgwshY1+sGx5WQ2M0QJ19EwWUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODczMTc0MWNjM2IxNGRiNGZiOTBhZjYyMTg3Mzg5M2Qw
ZWNlNmZkM2E5ZTZiZThiYzQ3Zjc3OGI4Zjg5NzlmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLaNLX/niFp48Z8XD6QRLaEUTpDFU6sOQ/ghea8OmiQP6L
SsZTLRtbh3HWtYicKeJRlTk0oz8wGQAnTvWHgLvpQq6KVIruIuB4eucz8UxuLnPP
gOfKzs7VUHH00ibRuVevKkotoFconOQFZmBS4VNcPJM/in5ARn1wl6HMf7LNQgyX
9sIB0VV1UTom1rLC35t1g/3KVEb0IMR0EOsEK7j4I89eKU7LXOz2dd2gnpSa+fFJ
QepWSU3cnykgD+aF4CxkTG0tm7+xHyKBV0EmAMqUCE18kbO/PmokoTo2fHjUVOju
X/EDIgYlBAgwJhtSiIQV/AL4sL2HyJ9udbEJTa/hAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUCy0pZ4a8F5jRf2K/vs7/qPp99LswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYwYjE3ZWQ4LTI0OGUtNDM5OC1hYjE2LWM5ZjFlZjYwZTFkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4QTANBgkqhkiG9w0BAQsFAAOCAQEAorMtqSKNwiKoZfWFm/2RChJygei1
ybegW8Q1b3pOBQHPv4UQKKFBY4TJyB3yd1OjYZSpILg+6Ejaj8cCHiEQQz0F8IfQ
jRQVcZq2F7BfTgCdOZPLG9isOuN58gG8DMpdt+7wXBvWUeIv1m5Nd08L/W+6YHII
JR+XHS18QhUoM6MOxB7UsTjlMJU0ObhoIQQxV1dhyllVHVV7dJX2DgIblld7wtMX
rGNptmW6TYTNmoEj1EcyCrN0vfBb38bJ8719YfGYKglUJbcJfeNpV1qXHfw6Nr2k
ZJGQk4kdSYjzyw6c0GxbvwR+1mB9tbIpoKYiviMClXmP4pwb+mZXMoc9yw==
-----END CERTIFICATE-----