Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bcc39e6e-fd55-48ee-9dfa-3e1a428fcf16.roa
File:                     bcc39e6e-fd55-48ee-9dfa-3e1a428fcf16.roa (raw, json)
Hash identifier:          huorg+y51kKoRVwlodueqvSI3eSIj2YcBN5/HvLmg+s=
Subject key identifier:   85:83:64:4D:D5:F8:77:9F:B0:F3:E6:25:10:C0:97:E9:96:B3:E5:AF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       782CE67BCB416460B6A30B8FF18872C353C350DF
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bcc39e6e-fd55-48ee-9dfa-3e1a428fcf16.roa
Signing time:             Fri 07 Mar 2025 00:01:44 +0000
ROA not before:           Fri 07 Mar 2025 00:01:44 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     6167
IP address blocks:        139.56.5.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:2c:e6:7b:cb:41:64:60:b6:a3:0b:8f:f1:88:72:c3:53:c3:50:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  7 00:01:44 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: serialNumber=05a2800a57b214311922450242e1fbc6c2c52ac68a1d0dceb83a1c18a0805e3f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a2:51:cf:3a:dc:87:35:ac:26:27:bc:ba:6c:
                    a4:7f:44:5a:b3:f1:39:6f:35:ea:de:a9:f7:75:5f:
                    1e:d4:95:b7:a9:69:81:82:a3:84:04:7f:2a:90:d9:
                    dc:4b:70:7f:81:be:fc:14:76:63:d4:15:7f:ba:78:
                    1e:dd:54:a5:f1:89:a4:fd:65:75:36:a7:0d:a5:03:
                    bc:f5:e3:03:6f:cb:5b:38:27:23:74:5c:07:cf:de:
                    08:66:4e:a4:e1:70:0e:fa:5e:ae:87:0e:f5:4b:9e:
                    31:9c:ac:61:a4:50:d1:4e:08:42:27:ca:8a:21:a1:
                    5d:bc:95:50:5d:35:2b:02:bc:3e:01:fa:14:19:24:
                    a2:98:74:9a:5d:ca:c9:a5:7d:ee:5d:26:d9:1c:ce:
                    36:57:31:04:2c:ea:e1:03:a7:40:ed:51:7c:24:8f:
                    c7:e3:b9:9a:50:9b:7c:0c:a7:db:4d:9d:36:61:a1:
                    c3:e3:44:f8:d5:21:b0:f5:10:8f:d6:fb:32:62:0e:
                    8e:10:14:71:46:22:d3:34:f8:3c:9a:e2:a0:60:a1:
                    98:87:63:d4:05:d1:41:b5:73:c3:e1:9a:3c:1b:c9:
                    c7:eb:3e:06:c8:25:77:bd:47:d3:3a:76:d9:c7:84:
                    8a:0a:df:b3:c3:a2:5f:0f:34:fc:33:16:4f:e9:d8:
                    10:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:83:64:4D:D5:F8:77:9F:B0:F3:E6:25:10:C0:97:E9:96:B3:E5:AF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bcc39e6e-fd55-48ee-9dfa-3e1a428fcf16.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:9b:38:d1:c8:5d:05:85:f5:38:95:60:de:4f:c5:04:7f:d1:
         c7:d0:d3:54:4d:7c:b3:3a:f2:52:67:56:31:6e:1a:38:ea:0f:
         dd:dd:72:a8:46:76:bc:08:98:93:95:92:95:de:09:c8:06:89:
         41:33:35:72:7d:86:64:64:95:94:a3:78:a7:76:56:ed:90:d3:
         dc:78:5f:ea:ad:aa:7c:5f:53:ec:c3:a0:e6:69:32:02:7d:c6:
         13:68:86:fb:18:17:d5:7a:28:81:31:cd:41:de:ef:3f:83:5a:
         06:89:c3:3e:7c:d7:da:f5:af:8b:a2:5f:7a:b4:8f:13:10:d6:
         3a:76:2d:b0:1b:3e:5b:fb:81:4c:a2:5c:74:29:ab:5a:a4:53:
         89:0e:d2:9a:c7:5b:3a:8e:b1:3d:e0:71:2a:28:86:f4:cd:f0:
         c6:d2:a5:fe:82:31:dc:45:90:12:4d:cd:c4:ac:b7:bd:63:4a:
         b6:23:a6:67:97:2f:3b:8d:f2:2f:29:80:d5:85:a4:25:95:c4:
         b2:38:90:89:d8:65:73:2f:ef:8c:c4:83:c9:98:a0:d5:65:ec:
         15:33:d6:3e:d7:27:ec:e6:c2:e6:fb:0a:1a:d6:9b:f5:c5:2e:
         42:bd:b1:3b:d1:1e:95:ac:98:ad:5f:a4:e2:8c:d9:a2:8b:61:
         d2:da:67:42
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeCzme8tBZGC2owuP8Yhyw1PDUN8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA3MDAwMTQ0WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWEyODAwYTU3YjIxNDMxMTkyMjQ1MDI0MmUxZmJjNmMy
YzUyYWM2OGExZDBkY2ViODNhMWMxOGEwODA1ZTNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvolHPOtyHNawmJ7y6bKR/RFqz8TlvNereqfd1Xx7Ulbep
aYGCo4QEfyqQ2dxLcH+BvvwUdmPUFX+6eB7dVKXxiaT9ZXU2pw2lA7z14wNvy1s4
JyN0XAfP3ghmTqThcA76Xq6HDvVLnjGcrGGkUNFOCEInyoohoV28lVBdNSsCvD4B
+hQZJKKYdJpdysmlfe5dJtkczjZXMQQs6uEDp0DtUXwkj8fjuZpQm3wMp9tNnTZh
ocPjRPjVIbD1EI/W+zJiDo4QFHFGItM0+Dya4qBgoZiHY9QF0UG1c8Phmjwbycfr
PgbIJXe9R9M6dtnHhIoK37PDol8PNPwzFk/p2BBzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhYNkTdX4d5+w8+YlEMCX6Zaz5a8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjYzM5ZTZlLWZkNTUtNDhlZS05ZGZhLTNlMWE0MjhmY2YxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACLOAUwDQYJKoZIhvcNAQELBQADggEBADGbONHIXQWF9TiVYN5PxQR/0cfQ
01RNfLM68lJnVjFuGjjqD93dcqhGdrwImJOVkpXeCcgGiUEzNXJ9hmRklZSjeKd2
Vu2Q09x4X+qtqnxfU+zDoOZpMgJ9xhNohvsYF9V6KIExzUHe7z+DWgaJwz5819r1
r4uiX3q0jxMQ1jp2LbAbPlv7gUyiXHQpq1qkU4kO0prHWzqOsT3gcSoohvTN8MbS
pf6CMdxFkBJNzcSst71jSrYjpmeXLzuN8i8pgNWFpCWVxLI4kInYZXMv74zEg8mY
oNVl7BUz1j7XJ+zmwub7ChrWm/XFLkK9sTvRHpWsmK1fpOKM2aKLYdLaZ0I=
-----END CERTIFICATE-----