Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0cc4e7a-fc91-41b5-bbdc-5fecd799998a.roa
File:                     a0cc4e7a-fc91-41b5-bbdc-5fecd799998a.roa (raw, json)
Hash identifier:          Cmeyrd9Li+H7iM0jFQDs9u3cn7RlRkYmMpUZDgIU/xQ=
Subject key identifier:   D4:5A:33:74:CB:8C:5E:16:4C:65:37:E9:0F:42:0E:8A:F9:AC:B7:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3BEC23656365AAF786BD1F1D5442F3E92C0561FA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0cc4e7a-fc91-41b5-bbdc-5fecd799998a.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.108.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:ec:23:65:63:65:aa:f7:86:bd:1f:1d:54:42:f3:e9:2c:05:61:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=19e0b146523f6e475948af719fa9f5cca1f64c0eb8e4f346efe3dc0b0396daae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:5a:77:3e:77:46:78:32:46:7a:e2:17:78:a0:
                    c6:29:c6:a9:e8:52:03:78:c7:db:df:6c:cc:ff:af:
                    dd:68:9e:73:e9:65:c5:f9:ef:fd:49:26:cf:2b:b0:
                    2c:6d:b2:f4:58:8e:41:6f:be:e2:08:ad:cf:a3:de:
                    cc:12:c7:e7:0d:46:08:37:52:3a:7c:20:ae:ec:e5:
                    98:0a:33:8f:b2:9c:5a:31:b8:a1:33:51:54:f2:91:
                    a3:be:92:d0:76:85:cc:9f:63:f3:1b:dd:0c:be:98:
                    50:17:5d:63:34:85:78:1f:28:fa:66:43:c5:e4:07:
                    85:28:25:fc:e6:f3:17:e0:20:bf:cb:d0:53:ef:67:
                    28:5c:4f:7a:e9:63:a9:2b:2c:94:d9:60:ae:e3:b2:
                    f6:af:50:9d:7e:a3:43:6f:47:c8:78:cc:22:07:b8:
                    6e:e8:b8:de:01:31:68:ce:65:b8:9b:8e:67:1e:2e:
                    f9:1b:d3:24:bc:de:f4:20:6d:6b:a3:3e:fc:5b:03:
                    e5:2f:6b:5e:62:ee:bc:c6:25:e9:2a:c7:7e:a8:da:
                    a0:8f:03:0b:af:e3:08:73:b9:7d:5b:47:0c:04:7f:
                    17:35:bb:f0:cf:a1:02:7d:7e:c8:1d:07:c6:44:cd:
                    30:5b:ab:8a:18:1a:9b:52:d2:3c:d6:95:e1:f7:37:
                    f6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:5A:33:74:CB:8C:5E:16:4C:65:37:E9:0F:42:0E:8A:F9:AC:B7:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a0cc4e7a-fc91-41b5-bbdc-5fecd799998a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.108.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         02:89:92:ef:61:0a:3b:d0:5f:91:73:3e:cd:ad:c2:54:e1:22:
         2f:02:74:36:7c:da:35:c4:63:7f:3f:09:fd:32:c2:70:38:6c:
         12:b6:e8:d8:7d:58:00:22:58:5f:48:91:91:8c:3b:e3:c7:42:
         f9:d3:75:44:b9:53:4a:6b:a3:dd:b5:2a:75:98:b4:5a:ce:c1:
         f9:3a:b9:aa:76:95:4a:6f:13:81:9b:89:3e:9f:58:91:29:1a:
         5f:a6:fa:97:7b:b8:c0:a2:0e:21:86:ed:9f:9f:31:f1:b6:ed:
         63:5f:89:de:64:ec:9b:70:7b:1a:06:e9:f1:e3:49:32:4b:65:
         b7:15:8d:b2:44:10:49:4a:95:4c:6c:95:de:37:f6:ae:73:08:
         fe:cc:86:01:93:f2:5a:c7:9c:10:77:3e:41:43:bc:6b:9e:25:
         99:04:5a:5b:ae:b3:b7:b8:b1:d7:30:77:70:24:3e:a7:3e:27:
         c9:ca:1a:ec:f1:00:5e:86:f0:eb:a8:d0:22:33:78:0e:5a:73:
         44:b3:70:36:f2:dc:dc:ab:75:aa:9c:24:93:d1:67:6a:b1:af:
         10:48:e5:91:52:43:03:dc:88:02:8d:bd:f0:36:6f:95:86:f9:
         f4:dd:6a:a7:38:6b:15:01:0d:b0:2d:e6:a4:8d:53:ea:79:1a:
         b4:06:65:ac
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUO+wjZWNlqveGvR8dVELz6SwFYfowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOWUwYjE0NjUyM2Y2ZTQ3NTk0OGFmNzE5ZmE5ZjVjY2Ex
ZjY0YzBlYjhlNGYzNDZlZmUzZGMwYjAzOTZkYWFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1Wnc+d0Z4MkZ64hd4oMYpxqnoUgN4x9vfbMz/r91onnPp
ZcX57/1JJs8rsCxtsvRYjkFvvuIIrc+j3swSx+cNRgg3Ujp8IK7s5ZgKM4+ynFox
uKEzUVTykaO+ktB2hcyfY/Mb3Qy+mFAXXWM0hXgfKPpmQ8XkB4UoJfzm8xfgIL/L
0FPvZyhcT3rpY6krLJTZYK7jsvavUJ1+o0NvR8h4zCIHuG7ouN4BMWjOZbibjmce
Lvkb0yS83vQgbWujPvxbA+Uva15i7rzGJekqx36o2qCPAwuv4whzuX1bRwwEfxc1
u/DPoQJ9fsgdB8ZEzTBbq4oYGptS0jzWleH3N/apAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1FozdMuMXhZMZTfpD0IOivmst8IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2EwY2M0ZTdhLWZjOTEtNDFiNS1iYmRjLTVmZWNkNzk5OTk4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4bDANBgkqhkiG9w0BAQsFAAOCAQEAAomS72EKO9BfkXM+za3CVOEiLwJ0
NnzaNcRjfz8J/TLCcDhsErbo2H1YACJYX0iRkYw748dC+dN1RLlTSmuj3bUqdZi0
Ws7B+Tq5qnaVSm8TgZuJPp9YkSkaX6b6l3u4wKIOIYbtn58x8bbtY1+J3mTsm3B7
Ggbp8eNJMktltxWNskQQSUqVTGyV3jf2rnMI/syGAZPyWsecEHc+QUO8a54lmQRa
W66zt7ix1zB3cCQ+pz4nycoa7PEAXobw66jQIjN4DlpzRLNwNvLc3Kt1qpwkk9Fn
arGvEEjlkVJDA9yIAo298DZvlYb59N1qpzhrFQENsC3mpI1T6nkatAZlrA==
-----END CERTIFICATE-----