Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/945446da-d9f8-480f-888d-b44f88ec209e.roa
File:                     945446da-d9f8-480f-888d-b44f88ec209e.roa (raw, json)
Hash identifier:          HB1B/k5InmSOa5U8VUd4jLjhmzpMzXHBrOQESis+s/Y=
Subject key identifier:   46:DB:7E:CE:EC:51:D3:4D:09:19:5E:6D:D3:72:CE:56:F0:FD:12:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       22F549211FE089A0EF72A848B03AAA23817F45C3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/945446da-d9f8-480f-888d-b44f88ec209e.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.231.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:f5:49:21:1f:e0:89:a0:ef:72:a8:48:b0:3a:aa:23:81:7f:45:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: serialNumber=ad2b71f5e92f460e697ae188b37fe0d4f10128ce9ea9c05f00bbf64a7eb5b49a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:43:c5:b8:30:2a:93:9b:bc:a6:7c:6e:5a:1f:
                    68:9e:ed:68:2e:e4:fb:e4:05:e6:84:43:ce:90:69:
                    db:8e:ee:d2:6d:ca:34:55:12:5b:49:54:8e:76:79:
                    dd:ef:39:f4:8b:ed:34:ca:cb:e2:88:93:17:52:da:
                    8f:29:ba:3a:a1:f1:c6:23:f7:fe:23:80:61:84:30:
                    ae:0b:fd:53:df:08:a3:fa:18:d6:b4:d5:1c:c0:64:
                    80:1b:e7:3d:f8:89:f0:47:9d:86:fd:c4:09:1a:70:
                    7c:67:13:9d:0c:8e:32:08:e1:89:5e:c1:1d:e1:56:
                    02:cd:62:34:81:3c:54:56:31:77:c5:a2:91:f0:10:
                    95:e2:aa:77:8f:a2:62:f1:4a:14:8c:39:50:ea:d3:
                    bf:ca:39:9e:7c:45:97:67:10:93:40:47:66:f1:4b:
                    be:8d:7c:cd:80:45:62:37:e3:6e:63:af:14:b0:cb:
                    b7:fe:8f:a7:26:f6:60:05:4f:20:db:bc:89:d9:8b:
                    b3:33:19:e3:4a:38:c8:30:91:68:2b:df:c5:70:eb:
                    ba:08:ab:22:d1:13:ce:3b:a6:09:a2:78:61:e6:98:
                    61:86:c4:60:98:ec:36:ec:38:5b:a3:1c:86:fb:0e:
                    86:9a:74:51:29:72:14:ea:e7:44:68:1a:fc:f2:7e:
                    11:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:DB:7E:CE:EC:51:D3:4D:09:19:5E:6D:D3:72:CE:56:F0:FD:12:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/945446da-d9f8-480f-888d-b44f88ec209e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.231.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:14:c5:a4:12:0c:4c:4e:2a:76:ef:8a:37:ff:8b:44:18:05:
         92:83:a6:bd:7e:52:cc:1a:b4:32:cb:15:64:56:8d:99:44:7a:
         75:63:81:03:98:e9:67:f7:f2:4a:b1:1e:a7:b7:c5:2d:fc:2f:
         40:f8:18:36:a3:12:cc:bc:a8:05:44:d2:37:d6:bd:f3:ed:dd:
         f2:af:19:88:68:2b:13:d8:63:ca:3c:15:9e:c3:cb:60:17:7d:
         0b:4f:d2:fe:ed:91:08:53:8f:a7:68:0a:eb:e7:86:8e:29:19:
         b6:8f:8f:73:9e:f3:cb:f6:ad:78:f6:20:a2:d3:99:97:45:87:
         23:30:ac:45:46:95:7f:ea:27:41:fa:43:94:4d:fe:3f:30:8a:
         ec:44:69:64:d3:f8:4c:79:4c:83:b4:3b:24:ab:6b:39:30:ed:
         1c:7e:f4:0e:9f:2d:38:5b:58:4f:48:44:d7:fd:9b:e3:8e:c9:
         ed:6b:31:2b:79:24:df:57:35:09:d7:36:26:46:d4:d8:3a:98:
         46:98:c6:b2:f3:95:8a:a7:d0:ac:9c:7d:c9:f8:74:70:15:03:
         6d:83:00:bb:9f:9f:13:d2:45:8a:cb:d1:e3:95:95:19:77:b3:
         12:4e:a9:a2:42:f9:99:0a:ef:49:d4:7e:84:2b:22:66:8f:b7:
         c1:78:00:23
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIvVJIR/giaDvcqhIsDqqI4F/RcMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDJiNzFmNWU5MmY0NjBlNjk3YWUxODhiMzdmZTBkNGYx
MDEyOGNlOWVhOWMwNWYwMGJiZjY0YTdlYjViNDlhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeQ8W4MCqTm7ymfG5aH2ie7Wgu5PvkBeaEQ86QaduO7tJt
yjRVEltJVI52ed3vOfSL7TTKy+KIkxdS2o8pujqh8cYj9/4jgGGEMK4L/VPfCKP6
GNa01RzAZIAb5z34ifBHnYb9xAkacHxnE50MjjII4YlewR3hVgLNYjSBPFRWMXfF
opHwEJXiqnePomLxShSMOVDq07/KOZ58RZdnEJNAR2bxS76NfM2ARWI3425jrxSw
y7f+j6cm9mAFTyDbvInZi7MzGeNKOMgwkWgr38Vw67oIqyLRE847pgmieGHmmGGG
xGCY7DbsOFujHIb7DoaadFEpchTq50RoGvzyfhEDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURtt+zuxR000JGV5t03LOVvD9ElMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk0NTQ0NmRhLWQ5ZjgtNDgwZi04ODhkLWI0NGY4OGVjMjA5ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA45zANBgkqhkiG9w0BAQsFAAOCAQEAoBTFpBIMTE4qdu+KN/+LRBgFkoOm
vX5SzBq0MssVZFaNmUR6dWOBA5jpZ/fySrEep7fFLfwvQPgYNqMSzLyoBUTSN9a9
8+3d8q8ZiGgrE9hjyjwVnsPLYBd9C0/S/u2RCFOPp2gK6+eGjikZto+Pc57zy/at
ePYgotOZl0WHIzCsRUaVf+onQfpDlE3+PzCK7ERpZNP4THlMg7Q7JKtrOTDtHH70
Dp8tOFtYT0hE1/2b447J7WsxK3kk31c1Cdc2JkbU2DqYRpjGsvOViqfQrJx9yfh0
cBUDbYMAu5+fE9JFisvR45WVGXezEk6pokL5mQrvSdR+hCsiZo+3wXgAIw==
-----END CERTIFICATE-----