Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c115ea9c-d5b5-442d-bed6-73cad097666d.roa
File:                     c115ea9c-d5b5-442d-bed6-73cad097666d.roa (raw, json)
Hash identifier:          pR+qQw025A5HFxZxKv4jedOcABzEjZEKLfpOcrJSAoc=
Subject key identifier:   EE:59:F3:8B:B8:68:31:8D:D7:95:42:10:E3:A8:EE:F4:B8:77:33:F9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0F3DFE62B4A352B27A22F3565BD75AA100E85D86
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c115ea9c-d5b5-442d-bed6-73cad097666d.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.2.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:3d:fe:62:b4:a3:52:b2:7a:22:f3:56:5b:d7:5a:a1:00:e8:5d:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=4309944af9c4fc357f2b03a981248d615b48c2b7836fc5fe3901f531c1a846ad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:51:25:a5:e7:ae:18:f1:a2:a0:23:e4:2f:cd:
                    34:b2:9d:49:67:e5:56:94:31:04:7c:36:bb:3a:b7:
                    83:b5:aa:5f:e6:58:f2:bd:7a:f5:d4:48:bf:94:7f:
                    76:bf:71:31:0f:c8:6e:f5:b2:d8:d5:7d:f0:75:1e:
                    b0:7d:58:38:74:29:2d:19:bc:2f:98:10:f9:e4:b7:
                    03:9f:73:45:41:50:c5:ff:e6:ec:be:a1:68:b3:18:
                    58:27:2c:8c:b4:bb:c3:b2:4b:2a:9f:58:65:71:11:
                    a8:0b:b4:f5:66:a4:ae:6c:3d:d8:34:71:8a:99:d8:
                    59:84:d7:ff:0a:e1:84:86:16:34:7f:3f:4d:62:cb:
                    7e:06:6f:1f:c7:11:22:08:5a:67:db:0b:0d:9f:b2:
                    ae:7f:f3:e8:a2:3b:30:b9:54:84:a2:63:56:ea:03:
                    af:20:16:92:0e:50:f0:22:b8:63:d5:a6:19:e2:2d:
                    b8:ab:62:70:68:58:bd:73:7c:b8:f1:4e:bc:80:e1:
                    5f:07:fb:4c:d0:b2:33:27:45:c3:8a:c5:e4:81:ec:
                    49:b7:32:86:31:19:8c:00:ab:a3:3b:87:4a:c9:18:
                    5b:2d:cd:9d:0b:de:b7:a8:c9:4d:1f:87:8c:fd:d8:
                    c0:ef:3f:5a:9f:d4:dc:dc:1c:9d:ab:9f:08:70:3c:
                    b2:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:59:F3:8B:B8:68:31:8D:D7:95:42:10:E3:A8:EE:F4:B8:77:33:F9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c115ea9c-d5b5-442d-bed6-73cad097666d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.2.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d1:a7:ef:0d:f1:17:e6:fa:95:88:b3:f0:50:dd:d1:e4:29:8f:
         9e:22:50:cc:7f:da:73:16:83:3f:d5:b7:c7:e1:b8:83:ad:8c:
         20:f3:e5:e8:3f:4b:b7:de:47:ee:55:ed:0c:22:40:07:4a:cd:
         dd:9a:91:e4:4b:99:a5:a6:24:5b:9f:52:18:d9:7e:f2:34:73:
         42:bc:cb:b5:94:7c:f4:53:30:59:a4:be:14:6c:58:c6:5e:5d:
         e7:6f:d9:da:66:89:ec:f5:3d:7c:4f:84:8b:39:1c:6d:ae:40:
         bf:4c:4b:0b:e9:ed:9d:c2:26:be:79:f5:4e:17:8a:b3:9a:1d:
         9c:02:b7:66:15:c1:e3:97:71:da:db:2d:9b:e6:8e:68:3c:57:
         e5:7a:77:f7:2e:23:cb:a2:25:39:60:19:ae:d1:0a:01:c7:64:
         bc:68:9b:60:4f:de:4d:05:b2:13:ef:7f:e8:3d:a0:35:5b:73:
         df:51:3e:84:9b:48:8e:6d:b4:96:75:c2:30:fc:cc:71:97:20:
         18:59:0c:7c:8c:bd:81:a3:6e:8d:30:8a:91:39:8e:5b:bc:c5:
         ca:e4:8f:84:36:91:53:41:6e:fe:32:51:2d:ce:b6:f2:4e:a4:
         af:0f:7d:63:19:08:c3:ef:f3:04:a4:bd:0a:68:31:26:6b:1a:
         21:83:a8:f1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDz3+YrSjUrJ6IvNWW9daoQDoXYYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzA5OTQ0YWY5YzRmYzM1N2YyYjAzYTk4MTI0OGQ2MTVi
NDhjMmI3ODM2ZmM1ZmUzOTAxZjUzMWMxYTg0NmFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaUSWl564Y8aKgI+QvzTSynUln5VaUMQR8Nrs6t4O1ql/m
WPK9evXUSL+Uf3a/cTEPyG71stjVffB1HrB9WDh0KS0ZvC+YEPnktwOfc0VBUMX/
5uy+oWizGFgnLIy0u8OySyqfWGVxEagLtPVmpK5sPdg0cYqZ2FmE1/8K4YSGFjR/
P01iy34Gbx/HESIIWmfbCw2fsq5/8+iiOzC5VISiY1bqA68gFpIOUPAiuGPVphni
LbirYnBoWL1zfLjxTryA4V8H+0zQsjMnRcOKxeSB7Em3MoYxGYwAq6M7h0rJGFst
zZ0L3reoyU0fh4z92MDvP1qf1NzcHJ2rnwhwPLITAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU7lnzi7hoMY3XlUIQ46ju9Lh3M/kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MxMTVlYTljLWQ1YjUtNDQyZC1iZWQ2LTczY2FkMDk3NjY2ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4AjANBgkqhkiG9w0BAQsFAAOCAQEA0afvDfEX5vqViLPwUN3R5CmPniJQ
zH/acxaDP9W3x+G4g62MIPPl6D9Lt95H7lXtDCJAB0rN3ZqR5EuZpaYkW59SGNl+
8jRzQrzLtZR89FMwWaS+FGxYxl5d52/Z2maJ7PU9fE+Eizkcba5Av0xLC+ntncIm
vnn1TheKs5odnAK3ZhXB45dx2tstm+aOaDxX5Xp39y4jy6IlOWAZrtEKAcdkvGib
YE/eTQWyE+9/6D2gNVtz31E+hJtIjm20lnXCMPzMcZcgGFkMfIy9gaNujTCKkTmO
W7zFyuSPhDaRU0Fu/jJRLc628k6krw99YxkIw+/zBKS9CmgxJmsaIYOo8Q==
-----END CERTIFICATE-----