Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8dcff05a-b485-4af0-b517-7423dc28da41.roa
File:                     8dcff05a-b485-4af0-b517-7423dc28da41.roa (raw, json)
Hash identifier:          Dn+Kq3SAT5HRhrZs82LFaHpcdZGaL2ItjH7E+rQ+5hA=
Subject key identifier:   4F:C9:3D:83:7D:F5:7F:95:F2:B4:0E:02:49:1F:CA:A5:04:D0:56:DF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17C33CD6391F3BDE951B0B5CFFC161211DD46951
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8dcff05a-b485-4af0-b517-7423dc28da41.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.244.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:c3:3c:d6:39:1f:3b:de:95:1b:0b:5c:ff:c1:61:21:1d:d4:69:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=d880ba4319e1275575dbd3e91a7ad1c7ee3a5820a391bda4668fd84af75f714c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ca:d6:64:ea:18:d8:1d:51:6c:4d:fc:42:7e:
                    35:0e:37:27:8c:44:75:fb:3e:d2:11:c6:81:19:e3:
                    52:f4:d9:58:28:45:a8:9c:9c:d0:70:64:24:4d:e2:
                    9b:81:0b:47:5b:a0:b8:95:86:4f:54:62:e3:94:5c:
                    6d:97:14:ec:a5:50:dd:b0:03:be:3d:13:ec:c3:4d:
                    1f:7d:3c:2a:8e:69:d0:18:2d:7e:e8:c7:7e:bf:b7:
                    af:64:72:ec:da:eb:3c:09:9a:4c:10:04:52:de:6d:
                    9a:15:81:6e:c6:fe:7e:80:f1:d0:49:4c:a6:dd:de:
                    dc:25:b9:60:e4:05:46:53:ea:3b:52:5d:11:f0:f2:
                    25:68:52:6a:2d:21:06:99:5e:1f:f0:37:af:61:0f:
                    96:4e:bc:20:06:bb:e5:4d:b4:9b:a1:db:10:69:34:
                    c4:37:c9:e1:00:ed:3b:62:bf:fa:25:af:95:55:51:
                    fc:65:56:81:cb:61:6b:88:f2:44:23:f1:2a:a4:18:
                    57:b4:45:fe:bb:fd:38:d8:c1:86:ec:2c:71:48:2d:
                    67:ab:ac:ce:b9:0c:fd:3c:d1:de:17:cb:c3:e7:48:
                    4c:be:31:24:ce:9e:23:c4:bf:7c:7a:88:dc:2d:d8:
                    18:3b:19:2d:f5:88:cc:2d:0b:68:70:cd:b5:f9:a6:
                    48:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C9:3D:83:7D:F5:7F:95:F2:B4:0E:02:49:1F:CA:A5:04:D0:56:DF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8dcff05a-b485-4af0-b517-7423dc28da41.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.244.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:67:12:9b:4a:3c:b3:9c:9a:95:11:1a:5e:b4:4f:ed:6c:cc:
         99:ec:06:93:8d:45:79:59:6d:15:8e:55:72:de:f5:9a:80:8c:
         73:2f:30:65:8b:fb:ab:b8:dc:b4:7b:df:98:bc:87:63:09:59:
         c5:6b:3f:35:0a:8a:53:9e:c0:00:55:d2:de:fd:45:26:8f:72:
         70:76:f2:f6:e5:6a:ac:fd:56:b5:e5:98:a0:b3:3f:35:e3:6a:
         d1:2d:1e:fa:16:b0:eb:1c:65:65:50:b8:09:5c:f2:75:73:b0:
         57:7f:2d:d6:97:0e:ef:6f:4b:3d:ad:c5:67:4e:6b:82:96:e6:
         28:88:3f:57:21:bd:3a:a6:08:fa:83:71:56:69:bb:6b:c5:52:
         1b:98:81:78:fd:6a:b1:16:b4:07:fb:03:3e:dd:81:f9:71:bc:
         88:ba:c5:5e:1f:f9:95:e8:56:75:75:ec:69:88:86:55:26:13:
         1e:8d:17:13:50:7a:81:91:44:b3:57:5e:8b:01:b5:78:7d:cb:
         5c:43:2b:aa:05:39:5e:ae:df:01:e0:62:d7:17:ac:c6:3b:f5:
         5e:49:40:b9:70:66:c9:96:d4:c0:a1:65:9c:6a:94:dc:19:88:
         5f:4c:db:1a:43:d5:a6:96:96:6c:d2:f0:1d:ed:1a:4b:b8:39:
         f5:89:32:49
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF8M81jkfO96VGwtc/8FhIR3UaVEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODgwYmE0MzE5ZTEyNzU1NzVkYmQzZTkxYTdhZDFjN2Vl
M2E1ODIwYTM5MWJkYTQ2NjhmZDg0YWY3NWY3MTRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeytZk6hjYHVFsTfxCfjUONyeMRHX7PtIRxoEZ41L02Vgo
RaicnNBwZCRN4puBC0dboLiVhk9UYuOUXG2XFOylUN2wA749E+zDTR99PCqOadAY
LX7ox36/t69kcuza6zwJmkwQBFLebZoVgW7G/n6A8dBJTKbd3twluWDkBUZT6jtS
XRHw8iVoUmotIQaZXh/wN69hD5ZOvCAGu+VNtJuh2xBpNMQ3yeEA7Ttiv/olr5VV
UfxlVoHLYWuI8kQj8SqkGFe0Rf67/TjYwYbsLHFILWerrM65DP080d4Xy8PnSEy+
MSTOniPEv3x6iNwt2Bg7GS31iMwtC2hwzbX5pkgfAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUT8k9g331f5XytA4CSR/KpQTQVt8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzhkY2ZmMDVhLWI0ODUtNGFmMC1iNTE3LTc0MjNkYzI4ZGE0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA49DANBgkqhkiG9w0BAQsFAAOCAQEAJGcSm0o8s5yalREaXrRP7WzMmewG
k41FeVltFY5Vct71moCMcy8wZYv7q7jctHvfmLyHYwlZxWs/NQqKU57AAFXS3v1F
Jo9ycHby9uVqrP1WteWYoLM/NeNq0S0e+haw6xxlZVC4CVzydXOwV38t1pcO729L
Pa3FZ05rgpbmKIg/VyG9OqYI+oNxVmm7a8VSG5iBeP1qsRa0B/sDPt2B+XG8iLrF
Xh/5lehWdXXsaYiGVSYTHo0XE1B6gZFEs1deiwG1eH3LXEMrqgU5Xq7fAeBi1xes
xjv1XklAuXBmyZbUwKFlnGqU3BmIX0zbGkPVppaWbNLwHe0aS7g59YkySQ==
-----END CERTIFICATE-----