Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/680dafc3-df4f-4de3-8bbb-f05df742d1ab.roa
File:                     680dafc3-df4f-4de3-8bbb-f05df742d1ab.roa (raw, json)
Hash identifier:          zi2wLIKFscWCM/05b/xZTVz8Wqwi2KaOQ5DeXODkg/k=
Subject key identifier:   E2:00:AA:49:45:CC:63:09:7E:6D:92:D9:06:A2:2D:84:E6:0A:0A:BE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       225218D5ED3E13B1963B3ADC51905C16D52B4B93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/680dafc3-df4f-4de3-8bbb-f05df742d1ab.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.249.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:52:18:d5:ed:3e:13:b1:96:3b:3a:dc:51:90:5c:16:d5:2b:4b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=8e238dd24115c8f417fe50e3adc6504770dd32a96da05b4e67bf76bef7310537, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ed:d4:95:39:38:fe:0e:67:6f:31:80:46:c5:
                    7d:87:da:f6:4c:e2:40:66:02:4b:72:88:4d:21:3a:
                    b3:75:10:45:2a:56:a3:b1:9c:2a:d0:33:be:3d:aa:
                    53:db:98:7e:bf:83:0d:53:f1:cc:d2:ea:69:6d:ec:
                    61:ce:e9:79:93:44:24:18:1a:8a:19:4d:72:0e:80:
                    19:dd:49:d7:64:1e:6e:f0:73:9a:01:66:9f:1c:19:
                    e7:20:54:88:9b:76:73:42:24:de:c2:1c:0e:5f:3b:
                    52:b0:c3:cf:59:44:27:15:ba:1f:f2:2f:78:34:27:
                    e8:91:c3:07:1b:0a:de:82:d9:bb:20:d7:26:2b:3e:
                    5f:66:03:89:0d:0d:a5:82:67:ba:71:96:d0:9d:87:
                    0b:b1:b2:45:c2:1a:2d:e5:45:57:7a:6f:17:7f:1a:
                    5e:ab:03:28:a2:11:09:71:74:b8:d1:25:5a:22:a6:
                    90:c6:f6:d3:d1:46:59:46:34:73:3d:05:c1:01:61:
                    cd:2a:2f:0d:2e:79:1d:be:da:51:d5:df:07:ff:7b:
                    53:92:4f:91:4f:b0:fe:1c:b1:99:6f:13:ab:07:91:
                    81:34:f8:7d:a5:d2:43:86:f5:2c:23:b4:90:ef:f1:
                    2a:cf:9c:f6:ef:2a:86:d0:ae:53:87:74:f3:2b:9d:
                    01:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:00:AA:49:45:CC:63:09:7E:6D:92:D9:06:A2:2D:84:E6:0A:0A:BE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/680dafc3-df4f-4de3-8bbb-f05df742d1ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.249.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ac:d6:07:f2:80:69:21:36:98:2a:87:a5:7b:94:52:58:e6:13:
         73:c1:54:f7:fa:c7:39:41:b0:77:e3:ca:c5:45:2b:e1:97:c2:
         61:9e:95:3e:39:aa:6b:e1:02:d7:4f:57:ae:2a:7f:9c:55:78:
         dd:ba:d8:8f:7b:c9:20:f0:12:bc:eb:52:4b:2f:f1:37:34:82:
         69:17:32:19:e0:bd:b4:9f:8a:51:85:db:a7:40:11:8e:1d:28:
         79:39:43:7d:c1:3f:e2:87:43:eb:67:cb:d2:fc:27:cb:6b:29:
         07:34:71:b5:88:67:a9:15:12:dd:4c:78:4e:bb:31:86:89:b4:
         87:37:a6:cd:2d:bb:f0:80:04:3a:b3:c1:43:ff:a8:0f:99:20:
         fc:5e:52:d3:38:20:f3:c1:5a:b0:14:81:c3:75:a1:d0:37:67:
         b9:3e:45:6e:87:e4:8a:ef:16:88:b1:5d:9d:17:1b:65:95:82:
         63:3f:12:f2:eb:61:49:b2:50:ab:9e:14:a6:04:00:a2:99:38:
         45:87:0c:21:51:48:03:66:64:cc:de:8b:52:9a:ec:b4:8f:53:
         f8:96:a2:88:9c:74:87:04:b5:d9:dc:d8:d8:18:05:d9:a3:8c:
         40:d9:ad:53:e6:be:2a:c8:1b:67:e8:21:88:d5:2d:27:b6:29:
         b5:a5:a9:1d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIlIY1e0+E7GWOzrcUZBcFtUrS5MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZTIzOGRkMjQxMTVjOGY0MTdmZTUwZTNhZGM2NTA0Nzcw
ZGQzMmE5NmRhMDViNGU2N2JmNzZiZWY3MzEwNTM3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDC7dSVOTj+DmdvMYBGxX2H2vZM4kBmAktyiE0hOrN1EEUq
VqOxnCrQM749qlPbmH6/gw1T8czS6mlt7GHO6XmTRCQYGooZTXIOgBndSddkHm7w
c5oBZp8cGecgVIibdnNCJN7CHA5fO1Kww89ZRCcVuh/yL3g0J+iRwwcbCt6C2bsg
1yYrPl9mA4kNDaWCZ7pxltCdhwuxskXCGi3lRVd6bxd/Gl6rAyiiEQlxdLjRJVoi
ppDG9tPRRllGNHM9BcEBYc0qLw0ueR2+2lHV3wf/e1OST5FPsP4csZlvE6sHkYE0
+H2l0kOG9SwjtJDv8SrPnPbvKobQrlOHdPMrnQFjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4gCqSUXMYwl+bZLZBqIthOYKCr4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4MGRhZmMzLWRmNGYtNGRlMy04YmJiLWYwNWRmNzQyZDFhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4+TANBgkqhkiG9w0BAQsFAAOCAQEArNYH8oBpITaYKoele5RSWOYTc8FU
9/rHOUGwd+PKxUUr4ZfCYZ6VPjmqa+EC109Xrip/nFV43brYj3vJIPASvOtSSy/x
NzSCaRcyGeC9tJ+KUYXbp0ARjh0oeTlDfcE/4odD62fL0vwny2spBzRxtYhnqRUS
3Ux4Trsxhom0hzemzS278IAEOrPBQ/+oD5kg/F5S0zgg88FasBSBw3Wh0DdnuT5F
bofkiu8WiLFdnRcbZZWCYz8S8uthSbJQq54UpgQAopk4RYcMIVFIA2ZkzN6LUprs
tI9T+JaiiJx0hwS12dzY2BgF2aOMQNmtU+a+KsgbZ+ghiNUtJ7YptaWpHQ==
-----END CERTIFICATE-----