Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/618ee729-4829-454b-98f1-745ddc00a543.roa
File:                     618ee729-4829-454b-98f1-745ddc00a543.roa (raw, json)
Hash identifier:          sdAT0enSTsqViUxWhegnGAHEta+IiTiB60w6h7sjbMM=
Subject key identifier:   2D:90:DC:CE:47:34:30:70:5C:E6:13:29:12:BC:B0:DE:6D:49:FE:57
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       55E3A15142C8D43361F6D3D34D56154C4ED38D40
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/618ee729-4829-454b-98f1-745ddc00a543.roa
Signing time:             Fri 14 Mar 2025 00:00:34 +0000
ROA not before:           Fri 14 Mar 2025 00:00:34 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     22394
IP address blocks:        139.56.12.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:e3:a1:51:42:c8:d4:33:61:f6:d3:d3:4d:56:15:4c:4e:d3:8d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:00:34 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=9754af572dd56f041962a2c87c664f9d96d1efe29ef2beca01d197160aaa535b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d5:b6:f6:18:ea:59:97:da:e8:84:ba:41:c1:
                    95:37:a7:ae:0d:03:bd:8d:76:6c:b9:7f:8c:d8:26:
                    87:96:e6:cc:60:1d:39:fc:b3:a6:99:d0:aa:cb:8a:
                    31:50:0d:c2:27:8c:55:e3:01:05:39:0e:dc:3b:56:
                    0e:6c:85:bf:f1:4b:41:cb:4b:23:ce:f9:35:0f:68:
                    68:b8:8e:12:38:9a:09:1a:9f:60:30:62:60:fe:56:
                    d2:86:81:ee:67:7e:96:29:23:7f:8d:34:74:76:49:
                    d7:2e:5d:63:ed:a7:87:3b:64:da:30:2b:34:7d:0e:
                    99:81:2f:50:a8:74:b9:88:df:df:14:c3:62:52:22:
                    b1:ce:e9:d6:65:0c:6e:5b:8f:06:ea:27:70:3b:5f:
                    07:dd:df:81:b1:6a:b1:6a:ad:36:b6:2e:2d:33:c0:
                    52:13:46:cb:06:3e:ef:18:25:c0:5f:71:43:7e:3a:
                    b9:a6:9c:2c:e2:85:53:27:7a:8c:41:0f:a9:b6:a6:
                    b5:74:23:65:f1:97:1e:2e:f6:e0:f7:af:36:61:83:
                    07:b0:2b:04:2a:07:1f:b4:8f:06:4a:c7:ac:88:ee:
                    91:ab:d0:96:4c:ac:d6:72:d8:9b:ca:9f:b2:79:2b:
                    f2:37:ee:07:f5:f4:da:fd:cc:b8:e6:43:57:99:6f:
                    bd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:90:DC:CE:47:34:30:70:5C:E6:13:29:12:BC:B0:DE:6D:49:FE:57
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/618ee729-4829-454b-98f1-745ddc00a543.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c2:54:a7:c2:f5:dd:d3:8f:e2:7d:03:b2:73:e2:d0:99:db:40:
         4c:a5:47:f5:e2:c5:c7:a1:7c:da:3a:3e:02:48:20:f1:e3:1d:
         7a:26:af:ab:4e:09:de:4c:c6:a9:a6:39:de:d6:88:40:b0:33:
         7c:9c:5d:12:54:78:bc:bd:5e:a6:62:2d:95:36:2b:38:43:b9:
         c9:ce:1b:da:09:6b:5d:82:62:d2:1d:b6:a6:70:f6:1b:d0:84:
         33:1d:8b:3c:dc:7d:6e:d3:bb:f5:1f:43:7f:5c:ff:ce:11:2b:
         c9:64:a8:ff:ce:e8:6c:9f:4d:fd:21:5b:15:3e:72:93:fa:62:
         d3:e0:dd:d1:a1:4a:0e:78:4e:31:33:71:16:0e:fa:b0:7c:a9:
         bb:bc:79:62:cb:40:bc:83:8e:42:82:e3:e5:66:16:90:c2:c5:
         b9:01:55:f3:cf:59:aa:ed:77:95:e9:d4:b3:42:66:13:44:9a:
         91:2d:91:55:e7:92:51:7e:4e:74:90:2d:43:24:42:02:24:74:
         32:83:dd:e4:19:7d:97:94:7d:2b:37:32:dc:48:f6:0f:7d:69:
         02:85:18:42:bf:a3:56:31:5f:02:49:35:01:0e:71:9f:84:0a:
         30:17:22:fc:ee:48:99:77:e8:59:36:72:ad:87:aa:f5:97:40:
         e6:40:ab:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVeOhUULI1DNh9tPTTVYVTE7TjUAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAwMDM0WhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NzU0YWY1NzJkZDU2ZjA0MTk2MmEyYzg3YzY2NGY5ZDk2
ZDFlZmUyOWVmMmJlY2EwMWQxOTcxNjBhYWE1MzViMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj1bb2GOpZl9rohLpBwZU3p64NA72Ndmy5f4zYJoeW5sxg
HTn8s6aZ0KrLijFQDcInjFXjAQU5Dtw7Vg5shb/xS0HLSyPO+TUPaGi4jhI4mgka
n2AwYmD+VtKGge5nfpYpI3+NNHR2SdcuXWPtp4c7ZNowKzR9DpmBL1CodLmI398U
w2JSIrHO6dZlDG5bjwbqJ3A7Xwfd34GxarFqrTa2Li0zwFITRssGPu8YJcBfcUN+
OrmmnCzihVMneoxBD6m2prV0I2Xxlx4u9uD3rzZhgwewKwQqBx+0jwZKx6yI7pGr
0JZMrNZy2JvKn7J5K/I37gf19Nr9zLjmQ1eZb71ZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULZDczkc0MHBc5hMpEryw3m1J/lcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYxOGVlNzI5LTQ4MjktNDU0Yi05OGYxLTc0NWRkYzAwYTU0My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAGLOAwwDQYJKoZIhvcNAQELBQADggEBAMJUp8L13dOP4n0DsnPi0JnbQEyl
R/XixcehfNo6PgJIIPHjHXomr6tOCd5MxqmmOd7WiECwM3ycXRJUeLy9XqZiLZU2
KzhDucnOG9oJa12CYtIdtqZw9hvQhDMdizzcfW7Tu/UfQ39c/84RK8lkqP/O6Gyf
Tf0hWxU+cpP6YtPg3dGhSg54TjEzcRYO+rB8qbu8eWLLQLyDjkKC4+VmFpDCxbkB
VfPPWartd5Xp1LNCZhNEmpEtkVXnklF+TnSQLUMkQgIkdDKD3eQZfZeUfSs3MtxI
9g99aQKFGEK/o1YxXwJJNQEOcZ+ECjAXIvzuSJl36Fk2cq2HqvWXQOZAq58=
-----END CERTIFICATE-----