Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d970cbb6-beb9-41ae-b26e-22b731e5667a.roa
File:                     d970cbb6-beb9-41ae-b26e-22b731e5667a.roa (raw, json)
Hash identifier:          EdaWhENIa3lfG5yI0TJSydMhUvwrK3Ee75PyGGaKdng=
Subject key identifier:   35:8C:80:D5:89:9C:09:52:B1:9D:B6:F4:7C:32:CB:55:7E:EC:23:37
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5F0476AFA9F3298CB276C0ADD760B40176DDF518
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d970cbb6-beb9-41ae-b26e-22b731e5667a.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.230.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:04:76:af:a9:f3:29:8c:b2:76:c0:ad:d7:60:b4:01:76:dd:f5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=eb0b1c1146364f8bf0cfcc17066069098b11fcfc5a4dcfaa8fcf23bbdf127679, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:75:65:67:45:5b:dd:e0:58:5a:48:da:0e:6d:
                    5c:a5:8d:9a:a3:f8:8d:b2:74:81:85:52:9f:01:41:
                    b9:9a:4f:63:40:5f:20:bd:ce:30:6a:4f:3f:91:61:
                    65:92:44:f2:d9:f6:c6:b0:87:1e:43:a0:98:1a:71:
                    5e:90:3e:05:b8:34:13:d5:9a:41:a1:0b:56:5a:13:
                    25:e8:fd:8c:58:ff:db:7d:2f:ef:ea:78:1d:33:9d:
                    8a:99:ef:56:df:73:f3:78:27:4b:46:f8:c9:c7:cb:
                    69:0e:cc:a7:1a:02:61:25:93:1f:c0:11:1b:c4:51:
                    e1:58:2c:25:9b:42:43:08:4e:b1:6a:94:1b:f0:42:
                    d9:9c:a1:5a:8a:51:5c:a1:7a:31:06:9f:90:16:ad:
                    2b:23:02:2b:ef:af:c7:40:91:f7:dd:ed:1e:63:6d:
                    1d:31:83:52:0c:c0:4c:38:7d:dc:a9:e4:c8:44:df:
                    08:57:e6:73:30:dc:13:9c:ed:92:6f:fa:26:84:37:
                    0f:f5:64:76:d1:ba:0e:05:01:ef:e0:f2:50:59:97:
                    4f:17:91:96:d6:f2:66:e6:64:b5:90:3f:df:4c:94:
                    8a:36:67:ec:a6:af:70:f6:97:74:59:83:8e:3b:b1:
                    7f:28:fb:06:74:20:82:06:24:14:e6:54:d7:24:d0:
                    01:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:8C:80:D5:89:9C:09:52:B1:9D:B6:F4:7C:32:CB:55:7E:EC:23:37
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d970cbb6-beb9-41ae-b26e-22b731e5667a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.230.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:fc:02:d4:c6:c5:aa:63:ca:af:bb:db:70:ad:1f:56:3e:c9:
         db:0a:e6:f5:e9:ed:24:69:47:a2:75:c2:38:55:6f:af:6b:45:
         04:64:c5:99:17:c0:b8:58:85:f5:1d:7a:1d:51:4d:b9:3c:35:
         ce:4e:e2:90:25:30:27:06:92:dd:02:72:d7:b3:51:88:96:d4:
         43:5b:f3:fa:0b:e2:29:4c:06:cc:e6:a8:b1:25:02:22:e4:ad:
         24:e5:6e:69:a3:32:31:c6:bd:ad:9b:14:6e:73:21:6c:b6:07:
         cc:9a:aa:aa:7d:15:16:c8:09:4d:91:fa:b0:6e:f0:ae:5f:53:
         10:22:d3:31:4c:de:d5:f4:4d:d1:e3:11:85:76:14:18:88:bb:
         07:de:c9:b7:20:0c:20:08:fe:7f:67:2e:fa:9a:d0:6c:3c:ef:
         95:6c:d4:20:9f:ed:ca:0d:ca:a8:36:39:29:42:e2:b3:d3:32:
         78:d1:7b:c1:69:bc:85:51:11:ae:c5:a7:76:73:1a:5d:cf:e1:
         3b:f6:c6:b5:e4:7c:52:97:5e:f4:69:42:71:c0:22:d9:9a:de:
         4f:a1:46:e8:7d:ab:16:6d:82:a7:05:21:a0:95:5c:0f:d2:6c:
         99:7d:3d:9d:af:f2:5e:a3:fb:13:56:00:58:d8:44:0d:47:c3:
         e5:a5:85:27
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXwR2r6nzKYyydsCt12C0AXbd9RgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjBiMWMxMTQ2MzY0ZjhiZjBjZmNjMTcwNjYwNjkwOThi
MTFmY2ZjNWE0ZGNmYWE4ZmNmMjNiYmRmMTI3Njc5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAdWVnRVvd4FhaSNoObVyljZqj+I2ydIGFUp8BQbmaT2NA
XyC9zjBqTz+RYWWSRPLZ9sawhx5DoJgacV6QPgW4NBPVmkGhC1ZaEyXo/YxY/9t9
L+/qeB0znYqZ71bfc/N4J0tG+MnHy2kOzKcaAmElkx/AERvEUeFYLCWbQkMITrFq
lBvwQtmcoVqKUVyhejEGn5AWrSsjAivvr8dAkffd7R5jbR0xg1IMwEw4fdyp5MhE
3whX5nMw3BOc7ZJv+iaENw/1ZHbRug4FAe/g8lBZl08XkZbW8mbmZLWQP99MlIo2
Z+ymr3D2l3RZg447sX8o+wZ0IIIGJBTmVNck0AH1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUNYyA1YmcCVKxnbb0fDLLVX7sIzcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q5NzBjYmI2LWJlYjktNDFhZS1iMjZlLTIyYjczMWU1NjY3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA45jANBgkqhkiG9w0BAQsFAAOCAQEAxPwC1MbFqmPKr7vbcK0fVj7J2wrm
9entJGlHonXCOFVvr2tFBGTFmRfAuFiF9R16HVFNuTw1zk7ikCUwJwaS3QJy17NR
iJbUQ1vz+gviKUwGzOaosSUCIuStJOVuaaMyMca9rZsUbnMhbLYHzJqqqn0VFsgJ
TZH6sG7wrl9TECLTMUze1fRN0eMRhXYUGIi7B97JtyAMIAj+f2cu+prQbDzvlWzU
IJ/tyg3KqDY5KULis9MyeNF7wWm8hVERrsWndnMaXc/hO/bGteR8Upde9GlCccAi
2ZreT6FG6H2rFm2CpwUhoJVcD9JsmX09na/yXqP7E1YAWNhEDUfD5aWFJw==
-----END CERTIFICATE-----