Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0f23499-d3b1-4805-89e8-0c9cb7147a9a.roa
File:                     b0f23499-d3b1-4805-89e8-0c9cb7147a9a.roa (raw, json)
Hash identifier:          L66QbdHfm0ANT29uPMCVqF4KzPcJEyDDQ8qLwMMqG9w=
Subject key identifier:   4C:56:C8:FE:92:A5:AF:AD:55:BA:92:B3:73:47:38:86:F7:E0:87:96
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4E6C2DAE89F14BACAC9F6C9F831F51807850C2EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0f23499-d3b1-4805-89e8-0c9cb7147a9a.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.190.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:6c:2d:ae:89:f1:4b:ac:ac:9f:6c:9f:83:1f:51:80:78:50:c2:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=10cf4ccf1d8cf14dd240b2ee120d79bd113d31b1c180801a726286029d96360b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:71:c2:f8:8f:b1:1b:2a:5a:d9:cd:a7:c8:61:
                    f4:10:13:2a:2e:04:a0:8c:ce:a2:4a:90:09:06:cc:
                    70:18:dd:04:8e:bb:4d:0d:ee:3f:52:94:6b:fd:c9:
                    6d:a7:60:b5:0f:d0:45:2d:1d:10:25:e9:4c:fc:0b:
                    e9:99:8c:19:ea:3b:51:08:5c:31:8d:d8:cf:87:ac:
                    92:35:6f:e9:89:35:1f:21:aa:29:97:27:9f:25:9d:
                    bf:3b:fa:7c:cb:58:5e:03:61:f4:59:8a:49:9d:4c:
                    e0:1b:cb:06:3a:fb:07:e4:97:14:05:cb:9d:6f:11:
                    16:30:9f:72:77:56:af:96:be:c6:19:15:a5:f4:d3:
                    a3:09:3c:31:d9:1b:48:93:e3:4c:3c:36:3d:e3:ce:
                    9e:d8:cd:e8:d1:96:29:08:a5:d4:8a:07:4f:4d:ef:
                    ba:0a:04:60:6e:62:0a:be:aa:6e:1d:fa:e6:4e:ad:
                    4a:c9:ae:11:22:c8:df:3d:56:9c:cd:b3:04:06:3a:
                    0a:2f:e8:71:37:51:2d:5f:86:80:9c:27:4c:1d:77:
                    f5:2c:c0:6d:3c:41:7c:c2:65:8d:db:a7:16:a0:0b:
                    77:7e:c7:68:e5:16:0a:f3:85:e3:0f:97:4f:4a:72:
                    ba:f9:f5:51:2a:ae:1c:f8:5a:6f:e4:23:9c:92:c2:
                    f6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:56:C8:FE:92:A5:AF:AD:55:BA:92:B3:73:47:38:86:F7:E0:87:96
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0f23499-d3b1-4805-89e8-0c9cb7147a9a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.190.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:d0:eb:22:3c:e0:db:a8:48:6e:62:a2:20:03:29:1b:24:c7:
         ab:4f:78:92:93:8e:31:bc:a6:a7:3e:85:90:e5:18:be:77:5b:
         84:fb:b4:ad:28:24:48:06:90:19:08:a0:45:bd:f1:9e:3a:e7:
         ed:b2:44:16:6a:5d:a3:d0:26:65:dd:04:2d:c5:c1:12:91:d5:
         81:32:df:be:c7:fd:2e:d1:bd:fa:ac:ff:e5:c3:58:2c:c4:69:
         09:b9:ac:75:a5:38:4b:66:5c:38:53:2f:57:14:c5:b7:9c:dc:
         9d:99:a3:6f:ed:5b:67:53:b8:09:ba:94:21:63:6d:76:b6:00:
         78:48:19:c0:7a:87:39:cb:51:7f:f7:16:b1:54:04:7d:c8:55:
         0b:db:dd:2a:7b:b2:0e:f0:75:3e:a7:2b:d1:fb:e6:11:f5:a5:
         bc:b7:e4:ca:36:73:5d:4d:73:8d:04:8b:c5:a0:55:04:ae:cf:
         00:81:38:c9:16:a5:38:d6:8c:e4:03:1d:61:f4:47:67:b8:ac:
         7e:c6:89:57:a4:ab:54:f5:cf:e5:24:47:c6:ec:15:28:d8:e3:
         7e:66:df:ff:cd:95:a7:39:b0:9e:22:47:5d:a4:27:77:07:cb:
         de:49:51:c5:18:13:0d:2c:e7:f6:ca:0f:f7:1c:11:fe:06:9b:
         cd:86:df:03
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTmwtronxS6ysn2yfgx9RgHhQwuowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMGNmNGNjZjFkOGNmMTRkZDI0MGIyZWUxMjBkNzliZDEx
M2QzMWIxYzE4MDgwMWE3MjYyODYwMjlkOTYzNjBiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5ccL4j7EbKlrZzafIYfQQEyouBKCMzqJKkAkGzHAY3QSO
u00N7j9SlGv9yW2nYLUP0EUtHRAl6Uz8C+mZjBnqO1EIXDGN2M+HrJI1b+mJNR8h
qimXJ58lnb87+nzLWF4DYfRZikmdTOAbywY6+wfklxQFy51vERYwn3J3Vq+WvsYZ
FaX006MJPDHZG0iT40w8Nj3jzp7YzejRlikIpdSKB09N77oKBGBuYgq+qm4d+uZO
rUrJrhEiyN89VpzNswQGOgov6HE3US1fhoCcJ0wdd/UswG08QXzCZY3bpxagC3d+
x2jlFgrzheMPl09Kcrr59VEqrhz4Wm/kI5ySwvaBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTFbI/pKlr61VupKzc0c4hvfgh5YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IwZjIzNDk5LWQzYjEtNDgwNS04OWU4LTBjOWNiNzE0N2E5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4vjANBgkqhkiG9w0BAQsFAAOCAQEAltDrIjzg26hIbmKiIAMpGyTHq094
kpOOMbympz6FkOUYvndbhPu0rSgkSAaQGQigRb3xnjrn7bJEFmpdo9AmZd0ELcXB
EpHVgTLfvsf9LtG9+qz/5cNYLMRpCbmsdaU4S2ZcOFMvVxTFt5zcnZmjb+1bZ1O4
CbqUIWNtdrYAeEgZwHqHOctRf/cWsVQEfchVC9vdKnuyDvB1Pqcr0fvmEfWlvLfk
yjZzXU1zjQSLxaBVBK7PAIE4yRalONaM5AMdYfRHZ7isfsaJV6SrVPXP5SRHxuwV
KNjjfmbf/82VpzmwniJHXaQndwfL3klRxRgTDSzn9soP9xwR/gabzYbfAw==
-----END CERTIFICATE-----