Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad1eb262-a85d-49ea-b6a5-9603466c1860.roa
File:                     ad1eb262-a85d-49ea-b6a5-9603466c1860.roa (raw, json)
Hash identifier:          eQK7V+EfazBs6I322js2aqlCnjb3HlW9u7i0RyvwRss=
Subject key identifier:   60:0F:C9:0D:E1:BE:89:67:92:F5:F4:63:DC:40:30:55:F5:E4:71:DE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2232F77EA6BB8913FEEE514ECC7392880246E285
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad1eb262-a85d-49ea-b6a5-9603466c1860.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.99.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:32:f7:7e:a6:bb:89:13:fe:ee:51:4e:cc:73:92:88:02:46:e2:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: serialNumber=8c806e0b2f41e361671ebf282c8770f6aa33898fe80ecfd4ff2f459e83465ef9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:bb:4f:f5:2e:55:ec:47:49:7f:ce:dc:9f:ac:
                    71:1b:47:9c:b5:c0:c4:ff:a0:cc:8f:4c:96:72:41:
                    d0:50:db:e3:7f:c3:ef:9c:3e:3f:91:ad:02:f4:e1:
                    70:ba:0a:6e:59:db:73:2d:94:d6:82:ac:e7:93:ae:
                    08:49:c6:2e:ad:03:02:4d:a4:55:07:2c:3e:1f:09:
                    dd:6b:97:f9:e5:12:d1:08:97:e5:be:76:29:d6:62:
                    9d:80:82:9f:2f:d9:fb:2e:48:4e:8e:52:ca:d9:2f:
                    e4:d4:5e:69:fe:ff:64:00:da:5e:3d:4c:96:db:95:
                    50:ff:15:7a:e5:fa:3e:c3:a8:c7:e4:0a:31:dc:44:
                    b8:d8:12:d9:00:97:69:35:a3:5d:d8:d9:7e:e5:62:
                    fa:e5:2f:d4:b6:bc:72:ef:4f:d3:8b:be:77:ad:56:
                    12:5c:9a:78:62:30:a7:41:ab:6f:d5:ce:f4:f4:45:
                    65:9b:fd:28:ef:d1:8b:ed:e9:53:64:dd:12:1c:bb:
                    ae:1d:36:37:a0:06:7a:e7:21:46:73:52:24:da:75:
                    6d:02:ef:dc:e0:3c:e6:5c:cb:e4:47:63:8f:95:19:
                    7a:be:75:b6:c3:21:b1:02:3c:f2:8a:71:23:d4:de:
                    a0:b9:92:0b:3b:3b:ce:d5:f2:f3:e8:bc:d7:57:46:
                    9e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:0F:C9:0D:E1:BE:89:67:92:F5:F4:63:DC:40:30:55:F5:E4:71:DE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ad1eb262-a85d-49ea-b6a5-9603466c1860.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.99.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6b:15:18:5e:49:2d:06:12:79:7e:e9:60:43:a4:75:65:17:c7:
         5a:d1:52:e3:15:87:35:a7:07:3a:a4:cd:16:b0:89:32:0e:e0:
         50:22:20:a6:9a:6d:a5:39:4a:87:73:36:b8:58:7f:8c:83:c0:
         85:5f:60:af:2b:b4:bb:87:ce:92:15:02:aa:e2:16:cf:f8:57:
         0f:6d:93:91:18:1b:a0:27:e3:53:29:1a:c6:6e:48:38:fc:4c:
         07:5d:3f:79:ee:6a:8c:64:45:70:6c:0b:a1:45:b7:15:fc:c3:
         a7:f7:e9:30:06:5f:7e:b9:8e:98:07:11:dc:1b:b6:ad:60:26:
         25:85:11:80:c7:dd:9c:c9:de:d8:82:e2:ab:60:5d:8d:51:49:
         1b:b8:60:b9:99:1e:56:85:16:db:14:92:13:f4:53:33:f0:b2:
         c0:e2:1e:9a:13:13:43:7b:dd:f0:24:0f:a8:9e:d2:68:ac:9c:
         9d:f0:01:9b:b0:a2:e9:57:25:d6:72:28:d2:50:14:d0:62:55:
         30:68:bb:69:b8:86:7b:79:19:b3:29:c1:72:50:9c:83:95:38:
         96:64:53:5e:a8:e4:fe:27:2a:c3:be:a6:60:6d:63:2c:9b:da:
         b4:1a:5a:2b:cb:c1:c8:ae:38:e0:bf:98:0f:8f:ce:29:1f:fe:
         2f:c2:13:d9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIjL3fqa7iRP+7lFOzHOSiAJG4oUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzgwNmUwYjJmNDFlMzYxNjcxZWJmMjgyYzg3NzBmNmFh
MzM4OThmZTgwZWNmZDRmZjJmNDU5ZTgzNDY1ZWY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgu0/1LlXsR0l/ztyfrHEbR5y1wMT/oMyPTJZyQdBQ2+N/
w++cPj+RrQL04XC6Cm5Z23MtlNaCrOeTrghJxi6tAwJNpFUHLD4fCd1rl/nlEtEI
l+W+dinWYp2Agp8v2fsuSE6OUsrZL+TUXmn+/2QA2l49TJbblVD/FXrl+j7DqMfk
CjHcRLjYEtkAl2k1o13Y2X7lYvrlL9S2vHLvT9OLvnetVhJcmnhiMKdBq2/VzvT0
RWWb/Sjv0Yvt6VNk3RIcu64dNjegBnrnIUZzUiTadW0C79zgPOZcy+RHY4+VGXq+
dbbDIbECPPKKcSPU3qC5kgs7O87V8vPovNdXRp6bAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUYA/JDeG+iWeS9fRj3EAwVfXkcd4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkMWViMjYyLWE4NWQtNDllYS1iNmE1LTk2MDM0NjZjMTg2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YzANBgkqhkiG9w0BAQsFAAOCAQEAaxUYXkktBhJ5fulgQ6R1ZRfHWtFS
4xWHNacHOqTNFrCJMg7gUCIgppptpTlKh3M2uFh/jIPAhV9gryu0u4fOkhUCquIW
z/hXD22TkRgboCfjUykaxm5IOPxMB10/ee5qjGRFcGwLoUW3FfzDp/fpMAZffrmO
mAcR3Bu2rWAmJYURgMfdnMne2ILiq2BdjVFJG7hguZkeVoUW2xSSE/RTM/CywOIe
mhMTQ3vd8CQPqJ7SaKycnfABm7Ci6Vcl1nIo0lAU0GJVMGi7abiGe3kZsynBclCc
g5U4lmRTXqjk/icqw76mYG1jLJvatBpaK8vByK444L+YD4/OKR/+L8IT2Q==
-----END CERTIFICATE-----