Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f1da995-c8c4-438d-a159-8973f4d48e00.roa
File:                     2f1da995-c8c4-438d-a159-8973f4d48e00.roa (raw, json)
Hash identifier:          efhJvZjHiOD585iz3XVfeyAJxeeETmwWlDwTo2Iracw=
Subject key identifier:   45:51:0F:92:99:F3:4F:4E:EC:A4:E5:87:AE:72:46:5A:31:D4:F8:95
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       8526CF9E21CB85D74B7A180161CD4805ADB267
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f1da995-c8c4-438d-a159-8973f4d48e00.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.38.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            85:26:cf:9e:21:cb:85:d7:4b:7a:18:01:61:cd:48:05:ad:b2:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bc:c4:27:2c:ba:03:6f:ab:ad:ee:ba:83:d7:
                    3d:fd:b5:6b:5f:8f:3d:b5:f3:b6:49:3a:9a:65:63:
                    41:3a:a6:95:ae:c2:4a:bd:14:66:0f:b5:28:b6:48:
                    99:36:65:a2:7a:22:0c:29:f8:4d:e3:32:9f:29:19:
                    fd:db:cc:b1:69:32:02:c0:c8:b9:66:6c:70:90:6a:
                    f3:84:b4:9f:56:df:1c:51:cf:32:98:3c:25:8c:83:
                    a3:78:9e:d3:90:7e:b1:eb:8d:5a:84:da:77:0a:4d:
                    89:d4:22:e6:04:c2:6e:72:d4:c2:0e:24:f2:88:3f:
                    7e:df:bf:84:5d:47:ca:07:b9:04:01:fa:bf:ec:ae:
                    91:9d:50:14:53:2c:5f:64:e5:0b:26:aa:71:29:d6:
                    21:f9:a8:d3:ac:7e:29:5c:83:1c:8b:ea:e4:23:fc:
                    c6:00:7e:9d:68:0a:71:d3:cc:6f:32:ce:a7:35:e8:
                    af:dc:3c:90:8b:42:21:99:1f:30:b9:13:61:29:49:
                    04:30:97:37:30:d3:58:38:63:bb:dc:d7:d6:2b:78:
                    a4:fd:f5:e7:c1:57:68:eb:50:18:ae:2e:8b:65:0c:
                    31:c8:32:90:2d:ad:07:b3:9e:2f:10:22:7b:ba:c4:
                    73:26:85:a4:1a:b0:f2:52:97:2d:35:46:1e:bf:90:
                    6e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:51:0F:92:99:F3:4F:4E:EC:A4:E5:87:AE:72:46:5A:31:D4:F8:95
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2f1da995-c8c4-438d-a159-8973f4d48e00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.38.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3f:b2:9b:20:f6:27:39:5f:3c:8d:cd:08:50:32:58:b9:10:59:
         52:e2:92:59:6c:bd:46:80:df:c6:c1:7f:5a:31:36:8c:e2:60:
         40:f4:30:03:49:88:e0:d8:ec:b8:d3:05:47:63:3b:c6:ac:d9:
         80:ef:af:14:92:f5:55:19:53:70:30:be:3f:8f:eb:f9:0d:ef:
         80:ec:6e:c3:7c:0a:98:51:3b:88:0e:67:de:78:26:b7:54:ad:
         ef:df:a0:df:16:23:8b:bc:bf:70:2a:48:3e:33:76:62:42:98:
         c1:42:2a:7a:1c:ce:64:b1:16:9e:bf:22:dd:63:fe:71:09:c8:
         a8:b6:7f:78:63:37:90:fe:88:e5:6b:3e:a1:90:81:2e:95:2c:
         b8:70:af:c0:53:cf:a3:f7:3b:1d:75:4c:0d:8b:7d:ef:9f:5f:
         a9:19:d8:44:2d:00:40:2d:41:56:5b:78:9a:d3:b2:f1:4e:2c:
         cb:8f:50:24:a6:c2:c0:d0:f5:23:96:1d:c1:bb:bd:4a:fa:d8:
         cf:99:af:74:27:57:a2:1e:3f:7b:a0:48:4f:b3:0b:cc:af:8d:
         4f:d3:93:af:64:8e:c8:37:69:f5:82:05:23:69:fd:45:47:d1:
         67:30:e4:3b:f0:c4:49:fb:40:0b:09:02:5c:f9:53:65:ce:73:
         46:f7:17:d2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUAIUmz54hy4XXS3oYAWHNSAWtsmcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjNmQ2ZmVhYzAyMjExNzRiNjEzOGU0Y2RiYTZmNjgyNDA2
ZDJhOTVlZGRmMDk0NTM0NDE3ZDI2YWQyZWY1MmY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWvMQnLLoDb6ut7rqD1z39tWtfjz2187ZJOpplY0E6ppWu
wkq9FGYPtSi2SJk2ZaJ6Igwp+E3jMp8pGf3bzLFpMgLAyLlmbHCQavOEtJ9W3xxR
zzKYPCWMg6N4ntOQfrHrjVqE2ncKTYnUIuYEwm5y1MIOJPKIP37fv4RdR8oHuQQB
+r/srpGdUBRTLF9k5QsmqnEp1iH5qNOsfilcgxyL6uQj/MYAfp1oCnHTzG8yzqc1
6K/cPJCLQiGZHzC5E2EpSQQwlzcw01g4Y7vc19YreKT99efBV2jrUBiuLotlDDHI
MpAtrQezni8QInu6xHMmhaQasPJSly01Rh6/kG6ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURVEPkpnzT07spOWHrnJGWjHU+JUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJmMWRhOTk1LWM4YzQtNDM4ZC1hMTU5LTg5NzNmNGQ0OGUwMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4JjANBgkqhkiG9w0BAQsFAAOCAQEAP7KbIPYnOV88jc0IUDJYuRBZUuKS
WWy9RoDfxsF/WjE2jOJgQPQwA0mI4NjsuNMFR2M7xqzZgO+vFJL1VRlTcDC+P4/r
+Q3vgOxuw3wKmFE7iA5n3ngmt1St79+g3xYji7y/cCpIPjN2YkKYwUIqehzOZLEW
nr8i3WP+cQnIqLZ/eGM3kP6I5Ws+oZCBLpUsuHCvwFPPo/c7HXVMDYt9759fqRnY
RC0AQC1BVlt4mtOy8U4sy49QJKbCwND1I5Ydwbu9SvrYz5mvdCdXoh4/e6BIT7ML
zK+NT9OTr2SOyDdp9YIFI2n9RUfRZzDkO/DESftACwkCXPlTZc5zRvcX0g==
-----END CERTIFICATE-----