Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0482e303-b3b5-4769-bc97-843c78ddb444.roa
File:                     0482e303-b3b5-4769-bc97-843c78ddb444.roa (raw, json)
Hash identifier:          y72EifJd5qsgXpjvxZ5GRKTY5vbh3W6gVl/icIcNnlA=
Subject key identifier:   CA:C5:17:A7:33:A2:6E:6C:D1:41:55:D1:42:FC:BF:54:B8:40:CF:55
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5C69EA62ACFDB19044570B9C2E6F3692E5730753
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0482e303-b3b5-4769-bc97-843c78ddb444.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.221.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:69:ea:62:ac:fd:b1:90:44:57:0b:9c:2e:6f:36:92:e5:73:07:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3e:f1:57:4d:dc:12:ac:a0:0a:ec:8c:52:ca:
                    50:6f:4a:92:2d:fe:53:d3:08:ed:08:ce:68:8e:1e:
                    28:84:85:8a:5c:5c:d1:6a:12:6b:d5:34:92:c1:bf:
                    82:63:ec:f1:cf:04:37:b2:d1:f3:98:e2:c8:00:d6:
                    62:82:3c:73:cb:c1:37:72:03:de:2c:e0:09:40:f4:
                    62:12:e4:97:ad:fb:cc:d1:ed:47:7f:f6:9d:d6:89:
                    f8:d3:3d:3a:f1:25:14:78:21:be:2b:9a:12:ed:5d:
                    4e:da:cd:d7:44:97:23:71:5b:cb:34:77:13:35:b0:
                    0f:a7:1c:c8:26:87:5b:2a:6b:53:76:e1:34:60:5f:
                    6d:38:0b:11:09:ff:bb:ab:36:0a:52:d8:15:18:2b:
                    b8:96:77:39:10:a4:a8:32:0c:8d:82:00:39:a2:09:
                    26:67:12:85:64:4b:93:ea:81:fc:77:73:c3:57:3c:
                    71:d8:9e:72:cd:37:4a:7a:49:e7:5c:e3:c8:e9:62:
                    09:66:23:c3:51:52:93:89:9f:e4:a6:e1:e5:71:06:
                    27:fa:24:b6:03:c2:9e:fb:ad:40:a4:c6:59:4a:06:
                    5b:d2:38:c9:9e:7a:d9:4b:94:b0:95:0b:b1:2f:f6:
                    0e:6f:21:2b:d4:c2:91:91:90:90:50:3d:f8:6b:18:
                    19:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:C5:17:A7:33:A2:6E:6C:D1:41:55:D1:42:FC:BF:54:B8:40:CF:55
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0482e303-b3b5-4769-bc97-843c78ddb444.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.221.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         51:d0:8a:f3:3a:fd:57:11:f3:d2:a2:2f:b0:cd:8c:67:54:65:
         26:e9:78:3a:22:c5:e0:c9:13:25:a0:af:b8:de:e1:e4:2c:88:
         ae:dc:a3:d3:04:00:94:80:f0:e3:3a:80:f5:35:61:60:c9:85:
         2c:85:4f:76:16:42:0b:d9:99:a7:90:ff:8a:a3:a3:ab:da:5c:
         22:88:a0:aa:04:07:03:5a:a5:90:9f:66:ff:f7:fa:2a:31:c9:
         37:a2:21:1d:16:66:81:72:3a:db:da:d6:ee:11:98:df:c7:6e:
         6e:7b:6c:55:d3:b1:39:38:a5:4b:15:0b:a3:57:73:12:6a:bf:
         50:df:0e:85:5c:ba:8e:b7:9c:b8:89:e0:8a:18:d8:ad:03:3f:
         cc:e2:79:3a:64:64:8f:35:25:45:92:cc:15:a0:7e:31:78:16:
         23:ea:c8:5f:83:c8:95:6a:40:50:bc:f3:c6:f0:ce:44:97:c3:
         fd:6f:08:67:9b:c7:97:a3:32:f3:ce:24:0e:66:a7:b2:4e:9f:
         78:65:a3:67:7d:54:8e:f4:26:bb:77:9d:88:0f:df:c7:79:41:
         62:ca:6f:6c:92:5a:ed:1f:b4:04:ec:67:94:48:74:0f:4c:49:
         89:ff:99:25:e3:75:bb:e3:48:ae:8d:6f:ee:3d:04:bf:67:67:
         15:5e:a9:8a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUXGnqYqz9sZBEVwucLm82kuVzB1MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MDc0N2RmOTc5ODhmYWRhYzU0MDFiYmE0NTAxMzg5MWYz
OWM2Njc2N2JjNjg5MDVjZjEyNTBkZTYxNzFhZDExMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXPvFXTdwSrKAK7IxSylBvSpIt/lPTCO0IzmiOHiiEhYpc
XNFqEmvVNJLBv4Jj7PHPBDey0fOY4sgA1mKCPHPLwTdyA94s4AlA9GIS5Jet+8zR
7Ud/9p3WifjTPTrxJRR4Ib4rmhLtXU7azddElyNxW8s0dxM1sA+nHMgmh1sqa1N2
4TRgX204CxEJ/7urNgpS2BUYK7iWdzkQpKgyDI2CADmiCSZnEoVkS5Pqgfx3c8NX
PHHYnnLNN0p6Sedc48jpYglmI8NRUpOJn+Sm4eVxBif6JLYDwp77rUCkxllKBlvS
OMmeetlLlLCVC7Ev9g5vISvUwpGRkJBQPfhrGBkpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUysUXpzOibmzRQVXRQvy/VLhAz1UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA0ODJlMzAzLWIzYjUtNDc2OS1iYzk3LTg0M2M3OGRkYjQ0NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA43TANBgkqhkiG9w0BAQsFAAOCAQEAUdCK8zr9VxHz0qIvsM2MZ1RlJul4
OiLF4MkTJaCvuN7h5CyIrtyj0wQAlIDw4zqA9TVhYMmFLIVPdhZCC9mZp5D/iqOj
q9pcIoigqgQHA1qlkJ9m//f6KjHJN6IhHRZmgXI629rW7hGY38dubntsVdOxOTil
SxULo1dzEmq/UN8OhVy6jrecuIngihjYrQM/zOJ5OmRkjzUlRZLMFaB+MXgWI+rI
X4PIlWpAULzzxvDORJfD/W8IZ5vHl6My884kDmansk6feGWjZ31UjvQmu3ediA/f
x3lBYspvbJJa7R+0BOxnlEh0D0xJif+ZJeN1u+NIro1v7j0Ev2dnFV6pig==
-----END CERTIFICATE-----