Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3101f58-e18f-4236-87ba-eb7db0037151.roa
File:                     d3101f58-e18f-4236-87ba-eb7db0037151.roa (raw, json)
Hash identifier:          sCcSoaHKc8nAWqZwdJKHMlbLaoR3ikAjU/UY3up/hK4=
Subject key identifier:   5E:E2:14:D9:76:8F:63:F1:B8:3F:58:E0:5C:6D:86:17:3B:25:2E:05
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4A35BD03D859E1189D5198A4B763D197282732C8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3101f58-e18f-4236-87ba-eb7db0037151.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.7.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:35:bd:03:d8:59:e1:18:9d:51:98:a4:b7:63:d1:97:28:27:32:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=5819cc652dcdf3bd62ae8d6f2f8801f4e0760772293cf351dc4207a3e6a547a2, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a5:c9:96:8d:9d:79:19:3f:4e:31:82:e2:62:
                    47:0f:8e:4f:32:20:6c:4b:b5:7c:d3:e4:20:93:80:
                    8d:0e:4c:9a:75:0f:2f:1f:2a:b6:f1:51:7a:2f:8c:
                    77:ce:bb:14:dc:e3:aa:c1:81:de:f7:4c:bd:97:52:
                    e7:42:76:ba:e3:7e:2a:57:1b:a8:11:54:3f:53:08:
                    e1:c9:16:6b:a0:38:d1:6d:56:a2:80:36:8d:5f:30:
                    b0:75:fd:5e:04:f4:a6:33:7e:0b:db:16:5a:77:78:
                    70:0f:85:ae:ee:05:29:91:d2:93:17:c5:27:bc:cd:
                    b8:ff:d3:ae:ff:9a:ca:0e:50:1f:d0:52:1f:bb:91:
                    04:54:b6:29:db:13:cd:2a:59:7e:49:6a:fd:b1:12:
                    e2:7f:36:d5:7a:d4:12:bb:ad:46:ed:2c:5f:2c:50:
                    5e:6d:b0:59:19:ce:b8:e3:a2:34:25:f5:d0:f9:b1:
                    d9:3c:4e:21:35:a0:78:22:33:55:91:ce:f4:c7:ef:
                    de:fa:b8:68:de:c1:c3:b2:df:53:ee:b1:f1:0c:e1:
                    78:3e:3d:bb:e6:99:ec:97:4c:fe:75:73:ba:c7:59:
                    83:a9:23:28:43:e5:86:e8:70:2f:a1:0a:f0:fa:30:
                    08:72:0f:3f:04:69:54:c7:71:67:d1:87:ee:49:01:
                    db:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:E2:14:D9:76:8F:63:F1:B8:3F:58:E0:5C:6D:86:17:3B:25:2E:05
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3101f58-e18f-4236-87ba-eb7db0037151.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.7.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         54:89:5d:23:8b:e9:74:b2:7e:45:1e:ae:7b:9f:96:8f:dd:59:
         9e:79:59:24:01:19:d6:5f:aa:05:6e:7e:a6:f0:3f:28:df:0e:
         91:d2:64:10:a0:5d:10:a5:93:28:11:63:80:f3:54:0b:ec:46:
         c4:e3:98:1f:a6:f7:43:b9:9a:64:1b:bc:75:54:83:4e:f7:a8:
         8e:ca:30:26:8b:d8:46:84:e6:e8:de:d0:61:06:f6:8a:4f:d7:
         a6:c2:24:b1:c5:54:1a:c0:a9:02:39:d9:08:7c:eb:97:e7:8c:
         27:95:16:2c:2f:84:44:33:c9:5f:be:5a:3b:1b:64:8d:0d:7c:
         0c:27:78:cb:f1:54:77:c7:3e:07:1c:84:da:24:7f:13:0c:9d:
         2d:55:ed:60:17:98:b0:e7:62:6e:09:ca:6a:60:a5:46:97:cd:
         b3:80:52:24:32:12:81:46:77:52:16:11:73:95:2e:b1:2f:38:
         25:60:43:6f:67:fb:75:23:88:80:db:e4:a5:c3:4a:ef:64:43:
         3f:90:6e:a5:bc:67:f0:e5:6e:ec:aa:d0:0f:00:8e:29:11:a5:
         2d:26:f1:f0:c7:83:31:bb:67:1b:29:42:fe:6e:00:4e:b4:ae:
         06:a1:c0:5f:d9:f1:f4:c2:73:f7:50:28:4b:86:30:4f:61:af:
         f2:74:90:0b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUSjW9A9hZ4RidUZikt2PRlygnMsgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ODE5Y2M2NTJkY2RmM2JkNjJhZThkNmYyZjg4MDFmNGUw
NzYwNzcyMjkzY2YzNTFkYzQyMDdhM2U2YTU0N2EyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgpcmWjZ15GT9OMYLiYkcPjk8yIGxLtXzT5CCTgI0OTJp1
Dy8fKrbxUXovjHfOuxTc46rBgd73TL2XUudCdrrjfipXG6gRVD9TCOHJFmugONFt
VqKANo1fMLB1/V4E9KYzfgvbFlp3eHAPha7uBSmR0pMXxSe8zbj/067/msoOUB/Q
Uh+7kQRUtinbE80qWX5Jav2xEuJ/NtV61BK7rUbtLF8sUF5tsFkZzrjjojQl9dD5
sdk8TiE1oHgiM1WRzvTH7976uGjewcOy31PusfEM4Xg+PbvmmeyXTP51c7rHWYOp
IyhD5YbocC+hCvD6MAhyDz8EaVTHcWfRh+5JAdu/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXuIU2XaPY/G4P1jgXG2GFzslLgUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzMTAxZjU4LWUxOGYtNDIzNi04N2JhLWViN2RiMDAzNzE1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4BzANBgkqhkiG9w0BAQsFAAOCAQEAVIldI4vpdLJ+RR6ue5+Wj91ZnnlZ
JAEZ1l+qBW5+pvA/KN8OkdJkEKBdEKWTKBFjgPNUC+xGxOOYH6b3Q7maZBu8dVSD
TveojsowJovYRoTm6N7QYQb2ik/XpsIkscVUGsCpAjnZCHzrl+eMJ5UWLC+ERDPJ
X75aOxtkjQ18DCd4y/FUd8c+BxyE2iR/EwydLVXtYBeYsOdibgnKamClRpfNs4BS
JDISgUZ3UhYRc5UusS84JWBDb2f7dSOIgNvkpcNK72RDP5Bupbxn8OVu7KrQDwCO
KRGlLSbx8MeDMbtnGylC/m4ATrSuBqHAX9nx9MJz91AoS4YwT2Gv8nSQCw==
-----END CERTIFICATE-----