Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d33aabf-1516-47ef-8fb9-27462d6033d4.roa
File:                     1d33aabf-1516-47ef-8fb9-27462d6033d4.roa (raw, json)
Hash identifier:          /PAMRShsZEidtdpbl2d+ua6nbSnsF2hQ/lVKxC3zA88=
Subject key identifier:   AD:9D:10:23:E6:84:63:71:F2:63:D2:3A:D6:EC:6F:13:F0:FB:45:0B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2A79E1C24411EC8A13EC649AA9DF1A0193CA2E47
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d33aabf-1516-47ef-8fb9-27462d6033d4.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.97.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:79:e1:c2:44:11:ec:8a:13:ec:64:9a:a9:df:1a:01:93:ca:2e:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: serialNumber=95bb4d84869b19fe6f701b655f291cf950904a10484f8b68225bcf2b3ce77749, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:1a:f8:7d:6f:07:fc:66:85:3f:0d:53:f8:9a:
                    1b:0f:fe:93:e7:81:e4:3a:35:6a:5d:b1:48:88:be:
                    0a:18:e9:ce:c2:53:05:c4:ff:42:44:3b:f8:61:e3:
                    c7:14:22:0d:e6:9a:d5:d1:74:87:1b:23:8a:4d:31:
                    18:f4:a6:af:b9:af:a0:03:c9:a5:f0:5f:95:bd:bf:
                    86:d0:29:ad:e3:22:20:8b:d9:a6:f1:15:81:a2:88:
                    a0:47:21:16:d4:af:16:3f:14:8d:e0:93:47:ff:ca:
                    d1:dd:38:16:be:5a:de:88:05:98:f0:6e:f9:41:b5:
                    72:24:72:81:75:b6:d9:19:85:a9:0e:94:54:7a:bd:
                    9f:6f:c0:c3:6d:50:58:b2:7f:00:bf:c8:6e:33:c7:
                    b7:14:32:1c:e6:8e:71:62:11:07:4f:c2:4b:18:f9:
                    04:04:71:4d:47:25:d2:41:3f:df:21:59:ec:2d:ce:
                    aa:0d:ef:3a:3b:0f:3a:2c:e5:00:88:de:ee:ac:2c:
                    bf:d2:e3:72:38:83:3d:6c:bf:14:fd:2b:80:20:5a:
                    52:e3:66:eb:cd:e4:a3:1f:22:d1:ef:0b:18:56:50:
                    c5:47:6a:c8:ad:0a:d0:e4:bd:5c:33:13:92:04:db:
                    5f:1c:7b:b9:2f:fa:0d:13:67:7c:24:27:8b:7c:d0:
                    2d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9D:10:23:E6:84:63:71:F2:63:D2:3A:D6:EC:6F:13:F0:FB:45:0B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d33aabf-1516-47ef-8fb9-27462d6033d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.97.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:b1:72:d3:9f:3c:ac:7e:9b:f9:88:c8:fc:69:b9:80:86:e4:
         97:66:3e:99:6d:dd:83:98:f1:51:34:e4:1a:ca:f6:fe:53:9d:
         ee:b7:5b:69:0e:79:8f:62:82:e1:ce:bb:bd:73:5f:eb:39:50:
         64:b8:dc:35:1d:96:d8:b4:ff:15:ef:c4:bc:47:47:23:5b:3f:
         78:a0:4d:2d:01:82:74:5d:af:85:c8:4d:fd:d8:88:34:e9:37:
         1e:0c:36:b1:b4:60:42:2b:00:74:d3:0e:d8:0d:8d:c8:70:3c:
         50:ee:fd:7b:ad:d0:86:d5:c7:ea:7e:b8:ae:98:f2:a0:ab:bf:
         5a:7d:8c:45:f3:1c:be:07:28:9f:c7:3f:89:db:e5:1d:76:57:
         d3:19:93:cc:52:5d:7e:21:2a:9c:1b:a4:04:7e:f1:77:49:42:
         82:37:74:02:a9:46:d5:23:d9:09:16:19:02:ed:bc:e6:d4:0b:
         d5:ea:6c:ec:f7:45:80:b2:69:8d:2b:cf:28:fe:39:d0:40:0c:
         4b:cc:a4:01:24:50:9b:f2:29:07:d3:92:2b:70:9f:fa:fc:46:
         b3:d9:ab:2c:c4:a7:9f:6e:4b:14:b5:4d:07:28:72:4b:3d:51:
         4c:65:60:d4:5b:7a:04:4a:cc:30:3a:59:57:0e:88:d6:0c:e9:
         99:09:eb:00
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUKnnhwkQR7IoT7GSaqd8aAZPKLkcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWJiNGQ4NDg2OWIxOWZlNmY3MDFiNjU1ZjI5MWNmOTUw
OTA0YTEwNDg0ZjhiNjgyMjViY2YyYjNjZTc3NzQ5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD0Gvh9bwf8ZoU/DVP4mhsP/pPngeQ6NWpdsUiIvgoY6c7C
UwXE/0JEO/hh48cUIg3mmtXRdIcbI4pNMRj0pq+5r6ADyaXwX5W9v4bQKa3jIiCL
2abxFYGiiKBHIRbUrxY/FI3gk0f/ytHdOBa+Wt6IBZjwbvlBtXIkcoF1ttkZhakO
lFR6vZ9vwMNtUFiyfwC/yG4zx7cUMhzmjnFiEQdPwksY+QQEcU1HJdJBP98hWewt
zqoN7zo7Dzos5QCI3u6sLL/S43I4gz1svxT9K4AgWlLjZuvN5KMfItHvCxhWUMVH
asitCtDkvVwzE5IE218ce7kv+g0TZ3wkJ4t80C1tAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUrZ0QI+aEY3HyY9I61uxvE/D7RQswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkMzNhYWJmLTE1MTYtNDdlZi04ZmI5LTI3NDYyZDYwMzNkNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YTANBgkqhkiG9w0BAQsFAAOCAQEAlrFy0588rH6b+YjI/Gm5gIbkl2Y+
mW3dg5jxUTTkGsr2/lOd7rdbaQ55j2KC4c67vXNf6zlQZLjcNR2W2LT/Fe/EvEdH
I1s/eKBNLQGCdF2vhchN/diINOk3Hgw2sbRgQisAdNMO2A2NyHA8UO79e63QhtXH
6n64rpjyoKu/Wn2MRfMcvgcon8c/idvlHXZX0xmTzFJdfiEqnBukBH7xd0lCgjd0
AqlG1SPZCRYZAu285tQL1eps7PdFgLJpjSvPKP450EAMS8ykASRQm/IpB9OSK3Cf
+vxGs9mrLMSnn25LFLVNByhySz1RTGVg1Ft6BErMMDpZVw6I1gzpmQnrAA==
-----END CERTIFICATE-----