Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1028ee03-83a3-45c2-92fc-4c21a13270fc.roa
File:                     1028ee03-83a3-45c2-92fc-4c21a13270fc.roa (raw, json)
Hash identifier:          OTGBjkO+QNTSD2YzppqjBXTVerMVoIwJHl/KblRJ9yE=
Subject key identifier:   FF:26:F7:A1:AF:37:39:9A:29:43:FE:21:3E:99:7B:93:37:5D:A7:DD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3B40C128301DD725C95A91FB36671DAF6EB661C0
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1028ee03-83a3-45c2-92fc-4c21a13270fc.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.234.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:40:c1:28:30:1d:d7:25:c9:5a:91:fb:36:67:1d:af:6e:b6:61:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=ff21c462a61d65a21da043c84e8ec1f5f86307b703686fa285b65a3fcbcd4700, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:77:f3:17:0f:55:e2:27:0b:43:b6:aa:f5:d0:
                    03:75:fd:ad:e3:75:4b:e9:b3:4a:41:d2:9d:36:a2:
                    83:3b:c3:85:3c:44:2e:fe:53:f4:c5:ac:be:76:a4:
                    69:2b:59:68:66:b8:00:ec:12:e3:8d:a0:3b:85:22:
                    d6:1c:40:12:06:1a:56:ca:b0:44:b7:62:cc:b1:19:
                    76:32:ab:3e:96:09:00:bd:7b:79:4a:79:80:b3:a5:
                    85:60:d2:7a:0e:59:fd:64:b2:00:ff:d5:0e:b9:1b:
                    ca:b4:3e:07:b7:19:39:3f:1b:a8:36:64:50:d9:e4:
                    57:8d:9d:51:2f:36:f7:60:76:ad:77:b7:8f:51:62:
                    fb:57:f5:36:cf:c5:f6:42:73:bf:97:5d:b5:29:c1:
                    0f:e3:82:88:16:79:d8:24:d6:0e:e4:60:d9:6d:b8:
                    b6:4f:5e:62:c0:fc:61:c1:9b:50:2f:59:cf:0e:21:
                    05:10:80:0a:c8:9b:9e:4e:08:69:ad:a2:3d:71:a2:
                    28:94:9e:e1:48:ae:cf:89:c2:4b:f3:3d:81:28:79:
                    6b:e6:b5:d4:c2:6b:d4:11:5e:d6:c7:d4:2b:50:c9:
                    32:3f:da:22:66:77:29:87:ec:92:3e:6f:7f:65:1d:
                    c7:59:9d:48:73:2a:37:c0:dd:51:19:6c:83:4e:cd:
                    13:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:26:F7:A1:AF:37:39:9A:29:43:FE:21:3E:99:7B:93:37:5D:A7:DD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1028ee03-83a3-45c2-92fc-4c21a13270fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.234.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0f:96:13:06:79:65:21:d9:c1:b5:1d:9e:00:b7:36:af:13:80:
         87:00:fb:a2:4c:66:dc:7d:9c:2b:5f:f6:58:17:0d:8b:6f:a1:
         eb:80:b5:38:26:9a:01:ca:4d:6a:bd:61:4b:7e:f5:74:58:71:
         19:47:72:f3:5a:cd:7f:42:e1:83:a2:80:8b:55:39:2c:b5:ab:
         f4:a8:a3:a0:8f:76:0c:5f:d5:f7:e6:7f:98:2c:2a:c7:3b:81:
         c9:07:00:1d:85:57:ce:91:d2:b9:bc:c6:1d:c9:5f:0b:d7:d2:
         20:f3:6e:2d:e9:81:ad:ef:68:46:ce:bd:9e:f4:77:72:af:65:
         ae:63:40:59:53:3a:06:30:a9:db:5e:d5:a2:58:36:c3:56:60:
         1e:cf:a5:aa:19:9d:fd:49:05:ae:57:46:9b:d4:ea:8e:ff:47:
         2a:69:4c:ba:ba:0a:77:42:74:b9:63:30:07:5f:b0:98:dc:42:
         9e:7d:d7:5b:22:fd:9c:36:a3:c0:ff:d2:c2:07:a3:f2:b3:79:
         8a:e8:43:fa:d5:9d:a9:89:15:3b:7a:d1:02:08:c6:2d:16:b9:
         8f:7c:f2:59:f8:1d:7e:48:45:8d:c4:67:4e:ba:f2:2a:bd:69:
         54:8f:08:e9:3f:c2:65:f5:1a:e8:8a:37:ed:07:81:a0:e6:5a:
         d9:f9:f2:62
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUO0DBKDAd1yXJWpH7Nmcdr262YcAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZjIxYzQ2MmE2MWQ2NWEyMWRhMDQzYzg0ZThlYzFmNWY4
NjMwN2I3MDM2ODZmYTI4NWI2NWEzZmNiY2Q0NzAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWd/MXD1XiJwtDtqr10AN1/a3jdUvps0pB0p02ooM7w4U8
RC7+U/TFrL52pGkrWWhmuADsEuONoDuFItYcQBIGGlbKsES3YsyxGXYyqz6WCQC9
e3lKeYCzpYVg0noOWf1ksgD/1Q65G8q0Pge3GTk/G6g2ZFDZ5FeNnVEvNvdgdq13
t49RYvtX9TbPxfZCc7+XXbUpwQ/jgogWedgk1g7kYNltuLZPXmLA/GHBm1AvWc8O
IQUQgArIm55OCGmtoj1xoiiUnuFIrs+JwkvzPYEoeWvmtdTCa9QRXtbH1CtQyTI/
2iJmdymH7JI+b39lHcdZnUhzKjfA3VEZbINOzRMbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU/yb3oa83OZopQ/4hPpl7kzddp90wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzEwMjhlZTAzLTgzYTMtNDVjMi05MmZjLTRjMjFhMTMyNzBmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA46jANBgkqhkiG9w0BAQsFAAOCAQEAD5YTBnllIdnBtR2eALc2rxOAhwD7
okxm3H2cK1/2WBcNi2+h64C1OCaaAcpNar1hS371dFhxGUdy81rNf0Lhg6KAi1U5
LLWr9KijoI92DF/V9+Z/mCwqxzuByQcAHYVXzpHSubzGHclfC9fSIPNuLemBre9o
Rs69nvR3cq9lrmNAWVM6BjCp217Volg2w1ZgHs+lqhmd/UkFrldGm9Tqjv9HKmlM
uroKd0J0uWMwB1+wmNxCnn3XWyL9nDajwP/Swgej8rN5iuhD+tWdqYkVO3rRAgjG
LRa5j3zyWfgdfkhFjcRnTrryKr1pVI8I6T/CZfUa6Io37QeBoOZa2fnyYg==
-----END CERTIFICATE-----