Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e512bd5d-12d4-4caf-af51-c5a6432142ad.roa
File:                     e512bd5d-12d4-4caf-af51-c5a6432142ad.roa (raw, json)
Hash identifier:          Agi6IgtV7HCq49xOasVMena4w/46PxVHPq4aFcLjIhM=
Subject key identifier:   D6:9D:03:91:99:9F:79:79:68:76:E6:2A:A6:2B:4F:AB:DB:09:F2:1D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       22FEE5D10FE17EE703DFCC9BED387AE4A9132510
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e512bd5d-12d4-4caf-af51-c5a6432142ad.roa
Signing time:             Sat 18 Jan 2025 00:00:00 +0000
ROA not before:           Sat 18 Jan 2025 00:00:00 +0000
ROA not after:            Sat 22 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.69.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:fe:e5:d1:0f:e1:7e:e7:03:df:cc:9b:ed:38:7a:e4:a9:13:25:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 18 00:00:00 2025 GMT
            Not After : Feb 22 23:59:59 2025 GMT
        Subject: serialNumber=dae8c8a8562b55b9b5ed456a91d83390f079da3f400c2c6cb96a002dab33ff4d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:32:0a:60:47:00:38:2d:d0:53:85:89:48:d5:
                    3c:00:03:8c:ed:27:8f:86:9d:46:16:ad:df:dd:be:
                    41:c6:12:10:8b:ab:ac:42:d7:ab:f4:d2:bc:4a:d5:
                    58:ee:2d:dc:fa:3b:73:fa:1d:58:9f:64:2b:2f:9c:
                    68:d8:fd:6b:02:00:d7:5c:f4:cb:64:2c:92:fd:f1:
                    bd:67:77:6b:ca:8e:07:c3:6e:ab:41:67:19:d4:6f:
                    dc:9e:cf:3c:82:e6:75:df:b7:e9:fb:10:9b:b7:39:
                    74:07:45:68:c5:4c:df:5a:3b:0a:64:3c:f3:08:2d:
                    1a:6c:89:e9:a5:33:c4:8a:d0:2d:cc:67:b3:e5:75:
                    34:4d:b6:50:61:2b:25:a7:a2:fc:a0:4f:a8:af:53:
                    7b:c1:00:57:bf:54:26:67:77:63:9c:1e:cc:c0:ff:
                    1e:00:00:36:e8:bf:c0:1c:4e:61:83:76:39:2c:33:
                    79:c8:42:00:f5:27:df:b9:09:43:ab:1d:1d:5c:0f:
                    fb:88:95:6e:14:20:8b:a6:ef:33:9c:c4:50:43:49:
                    4b:89:e2:71:70:8d:aa:97:95:65:56:b3:00:ec:be:
                    d2:22:04:48:18:e3:50:e4:eb:d7:d9:e9:0a:3b:59:
                    d3:9e:f1:61:c8:90:d2:45:be:c0:00:95:c6:04:09:
                    3d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:9D:03:91:99:9F:79:79:68:76:E6:2A:A6:2B:4F:AB:DB:09:F2:1D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e512bd5d-12d4-4caf-af51-c5a6432142ad.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         cf:5c:ba:d4:8c:6f:7c:17:96:a6:c2:80:bc:fa:0b:69:7b:50:
         4b:7b:46:81:48:77:a3:a0:02:46:a5:64:74:c1:39:41:cd:df:
         11:83:41:e9:a4:fb:71:b6:bd:f7:a7:c6:5b:18:eb:3e:ae:e1:
         5e:39:df:d5:be:23:7e:9a:35:6d:ab:26:25:00:9e:76:fd:3a:
         3d:bc:52:bb:d2:a5:f2:bb:36:66:df:ca:3d:17:9d:c9:25:0f:
         3a:91:f4:3f:07:59:04:27:57:b4:68:77:88:da:ba:a9:a0:ed:
         c4:39:d5:97:27:7d:8a:85:b7:3f:9e:5e:90:04:ec:6a:0e:8b:
         09:fe:f2:b9:62:73:26:bb:aa:56:84:bc:76:61:2c:f4:79:81:
         bc:46:33:f4:99:6e:24:3a:70:f8:98:20:2a:08:84:4a:9f:dd:
         f5:79:8e:89:e4:13:17:71:fb:98:c3:a2:f3:83:72:a4:a8:99:
         85:cc:63:4f:e1:7d:85:58:2e:a4:7f:e3:db:ab:85:d7:e8:55:
         47:26:8b:17:1d:39:8b:69:25:63:45:1b:2e:8d:58:2b:d8:51:
         04:e0:88:84:cc:d5:2f:cd:8c:71:aa:18:02:df:73:a8:24:fe:
         ad:c4:d4:e6:76:3b:e8:fd:18:0b:ab:71:19:2a:ad:52:03:d1:
         d4:09:cc:f9
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIv7l0Q/hfucD38yb7Th65KkTJRAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE4MDAwMDAwWhcNMjUwMjIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkYWU4YzhhODU2MmI1NWI5YjVlZDQ1NmE5MWQ4MzM5MGYw
NzlkYTNmNDAwYzJjNmNiOTZhMDAyZGFiMzNmZjRkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8MgpgRwA4LdBThYlI1TwAA4ztJ4+GnUYWrd/dvkHGEhCL
q6xC16v00rxK1VjuLdz6O3P6HVifZCsvnGjY/WsCANdc9MtkLJL98b1nd2vKjgfD
bqtBZxnUb9yezzyC5nXft+n7EJu3OXQHRWjFTN9aOwpkPPMILRpsiemlM8SK0C3M
Z7PldTRNtlBhKyWnovygT6ivU3vBAFe/VCZnd2OcHszA/x4AADbov8AcTmGDdjks
M3nIQgD1J9+5CUOrHR1cD/uIlW4UIIum7zOcxFBDSUuJ4nFwjaqXlWVWswDsvtIi
BEgY41Dk69fZ6Qo7WdOe8WHIkNJFvsAAlcYECT2HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU1p0DkZmfeXloduYqpitPq9sJ8h0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U1MTJiZDVkLTEyZDQtNGNhZi1hZjUxLWM1YTY0MzIxNDJhZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4RTANBgkqhkiG9w0BAQsFAAOCAQEAz1y61IxvfBeWpsKAvPoLaXtQS3tG
gUh3o6ACRqVkdME5Qc3fEYNB6aT7cba996fGWxjrPq7hXjnf1b4jfpo1basmJQCe
dv06PbxSu9Kl8rs2Zt/KPRedySUPOpH0PwdZBCdXtGh3iNq6qaDtxDnVlyd9ioW3
P55ekATsag6LCf7yuWJzJruqVoS8dmEs9HmBvEYz9JluJDpw+JggKgiESp/d9XmO
ieQTF3H7mMOi84NypKiZhcxjT+F9hVgupH/j26uF1+hVRyaLFx05i2klY0UbLo1Y
K9hRBOCIhMzVL82McaoYAt9zqCT+rcTU5nY76P0YC6txGSqtUgPR1AnM+Q==
-----END CERTIFICATE-----