Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbe29526-8550-4d54-a3ca-edc4a25d90e3.roa
File:                     bbe29526-8550-4d54-a3ca-edc4a25d90e3.roa (raw, json)
Hash identifier:          rhGSf8hlotFnxr3BEe8L8icJzWVLMPvkRzDBgEx1g9A=
Subject key identifier:   56:F0:50:EB:1B:CB:25:05:07:79:F7:75:D6:1A:EC:4F:1C:08:56:DC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       21C3AA95C5A18B9A4FE8CDCFC75423DF4CC0E9A4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbe29526-8550-4d54-a3ca-edc4a25d90e3.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.63.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:c3:aa:95:c5:a1:8b:9a:4f:e8:cd:cf:c7:54:23:df:4c:c0:e9:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=be40b61ca1b8f007f027cbe5c4ab5298ea6b2fdc740e4959f5618cf8b340fb86, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:43:ca:40:35:16:17:bb:ff:6a:89:f6:3a:18:
                    4c:1e:07:53:9c:33:f2:27:25:6f:42:07:8b:51:38:
                    48:de:bc:1b:98:f6:fe:d1:50:05:30:b5:22:b3:f7:
                    aa:a9:d1:1d:a1:0c:42:4e:de:c5:af:f8:80:f0:9d:
                    1c:fe:e5:86:56:e6:85:7b:74:77:84:40:cb:dc:ee:
                    b0:dc:0a:7d:87:69:90:2e:99:31:18:70:71:6a:cd:
                    7a:63:1a:7d:57:33:c1:d5:95:75:b4:54:4e:2d:49:
                    e5:48:53:ed:cc:e5:d9:d3:49:2a:5e:e9:c4:6a:4a:
                    41:c5:29:a0:18:1a:5b:ee:a7:87:c3:1c:62:19:f7:
                    08:f1:ad:41:ad:df:f2:61:42:9c:b8:77:0b:94:00:
                    90:81:ec:0c:e3:5a:ac:8e:be:92:2d:3c:08:08:f8:
                    92:58:2a:45:11:b8:d6:b0:3d:1f:9c:19:50:c4:fd:
                    36:4e:60:73:87:a7:32:b7:8e:5d:cc:5e:c5:7e:6b:
                    2e:33:f3:9d:d6:d2:d0:60:1f:e5:a6:60:37:ae:70:
                    99:22:7d:dc:3c:d0:b2:ca:fd:ce:97:f9:39:49:61:
                    d6:42:d1:af:e1:f5:2b:53:c3:76:df:37:60:11:5a:
                    49:5e:ba:58:ec:fa:07:e0:f5:ee:3c:ce:42:dd:14:
                    bc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:F0:50:EB:1B:CB:25:05:07:79:F7:75:D6:1A:EC:4F:1C:08:56:DC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bbe29526-8550-4d54-a3ca-edc4a25d90e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.63.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d6:9f:bb:a5:84:40:b0:d4:5a:e6:cb:b8:12:27:f1:af:54:61:
         d4:7a:ef:76:ec:70:27:61:cd:91:b4:c4:24:86:cb:49:48:92:
         4c:51:ee:86:91:46:33:f6:30:9b:3e:15:75:79:25:ed:07:76:
         c6:91:56:45:2e:2d:69:d7:a5:d6:9d:fe:ff:b7:ad:38:a4:10:
         93:51:46:22:c8:eb:82:ba:ea:07:e5:7f:67:b6:1a:3a:a1:6b:
         21:26:c3:98:f0:a6:b4:36:e9:cf:0c:8a:27:8c:22:06:b6:eb:
         fb:f1:b2:55:25:d1:54:f0:27:98:ff:7d:ac:a8:92:12:c7:c1:
         e0:a5:75:c2:8b:ae:5e:49:be:ac:90:41:05:95:71:b5:57:b7:
         b9:cc:25:80:f4:9c:ac:0e:6d:f6:4b:e0:c3:cc:07:95:fc:0c:
         20:0c:43:5d:56:64:d5:0a:b4:fa:9c:a2:0a:03:b3:83:0b:c7:
         05:2b:b3:09:95:d6:32:0f:28:2b:87:3d:73:46:53:25:24:90:
         70:03:b3:1b:ff:05:56:41:c5:47:d1:87:1b:10:12:ae:24:95:
         95:f4:58:89:7d:50:b9:4c:25:aa:2c:4c:38:bf:ae:51:84:39:
         25:64:f3:5f:c8:a9:66:2d:6e:26:82:41:a4:e7:da:63:39:23:
         00:a2:4d:1a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIcOqlcWhi5pP6M3Px1Qj30zA6aQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTQwYjYxY2ExYjhmMDA3ZjAyN2NiZTVjNGFiNTI5OGVh
NmIyZmRjNzQwZTQ5NTlmNTYxOGNmOGIzNDBmYjg2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVQ8pANRYXu/9qifY6GEweB1OcM/InJW9CB4tROEjevBuY
9v7RUAUwtSKz96qp0R2hDEJO3sWv+IDwnRz+5YZW5oV7dHeEQMvc7rDcCn2HaZAu
mTEYcHFqzXpjGn1XM8HVlXW0VE4tSeVIU+3M5dnTSSpe6cRqSkHFKaAYGlvup4fD
HGIZ9wjxrUGt3/JhQpy4dwuUAJCB7AzjWqyOvpItPAgI+JJYKkURuNawPR+cGVDE
/TZOYHOHpzK3jl3MXsV+ay4z853W0tBgH+WmYDeucJkifdw80LLK/c6X+TlJYdZC
0a/h9StTw3bfN2ARWkleuljs+gfg9e48zkLdFLxJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVvBQ6xvLJQUHefd11hrsTxwIVtwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JiZTI5NTI2LTg1NTAtNGQ1NC1hM2NhLWVkYzRhMjVkOTBlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4PzANBgkqhkiG9w0BAQsFAAOCAQEA1p+7pYRAsNRa5su4Eifxr1Rh1Hrv
duxwJ2HNkbTEJIbLSUiSTFHuhpFGM/Ywmz4VdXkl7Qd2xpFWRS4tadel1p3+/7et
OKQQk1FGIsjrgrrqB+V/Z7YaOqFrISbDmPCmtDbpzwyKJ4wiBrbr+/GyVSXRVPAn
mP99rKiSEsfB4KV1wouuXkm+rJBBBZVxtVe3ucwlgPScrA5t9kvgw8wHlfwMIAxD
XVZk1Qq0+pyiCgOzgwvHBSuzCZXWMg8oK4c9c0ZTJSSQcAOzG/8FVkHFR9GHGxAS
riSVlfRYiX1QuUwlqixMOL+uUYQ5JWTzX8ipZi1uJoJBpOfaYzkjAKJNGg==
-----END CERTIFICATE-----