Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30789bb5-9234-4c39-8d6a-6872dceca89f.roa
File:                     30789bb5-9234-4c39-8d6a-6872dceca89f.roa (raw, json)
Hash identifier:          HZlK5Ybx1nDczU9T6xkymbe2ylmNhJnUIvs72lfbYrk=
Subject key identifier:   C2:B7:49:B2:D4:86:38:E3:BB:0E:E9:F7:40:47:33:BC:68:D4:00:32
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1748884468AE2FC2F8E81AB3FCDFDA91E1F43BD7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30789bb5-9234-4c39-8d6a-6872dceca89f.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.234.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:48:88:44:68:ae:2f:c2:f8:e8:1a:b3:fc:df:da:91:e1:f4:3b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=cb72e0f6e6c0872491f52442f15a4e97a195f0d31b4258be682df6920139b80f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:68:39:0c:a9:14:e9:a7:60:2a:d1:7e:25:56:
                    dd:a7:32:d4:dc:e5:de:de:68:0c:ea:c9:24:70:29:
                    80:49:2f:03:92:ed:09:c5:62:97:23:15:c7:49:57:
                    0f:0f:07:ee:09:16:08:25:2a:63:46:07:49:c4:b6:
                    0a:e9:25:b6:b4:4e:92:d1:fa:cf:7b:c3:28:73:56:
                    eb:3c:f4:84:bf:ae:22:9e:da:76:ce:b4:e5:16:b4:
                    52:af:fb:27:01:d0:c8:3c:8e:ba:fc:84:10:95:54:
                    5d:c7:04:85:07:eb:e5:60:20:ac:85:0d:f2:e8:bb:
                    66:20:0d:54:ad:5c:3e:55:38:0c:d3:bf:c4:88:58:
                    fb:18:49:2f:9a:f6:ae:40:f6:d9:cd:d9:b4:e5:cd:
                    ba:6a:03:fc:9a:f3:d2:29:22:42:14:6f:f7:0f:75:
                    c9:ce:15:80:4e:62:94:7d:fb:46:ec:bb:62:68:e7:
                    0e:c7:b7:9d:d5:53:4a:c3:df:82:ad:6e:15:e1:d8:
                    5a:04:3d:b9:52:5c:f3:c6:58:96:43:ec:37:c2:38:
                    f3:87:fe:41:d0:05:d9:a7:cf:a7:ec:7f:f2:c0:3c:
                    7e:5d:50:66:a8:e1:3c:78:2f:18:e9:11:4c:8a:95:
                    18:a2:69:ae:5f:9c:76:c0:01:3a:9a:2b:e0:ac:51:
                    d1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:B7:49:B2:D4:86:38:E3:BB:0E:E9:F7:40:47:33:BC:68:D4:00:32
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/30789bb5-9234-4c39-8d6a-6872dceca89f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.234.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6f:77:f7:14:83:e1:6a:6f:2d:8b:e4:c3:81:02:6e:ec:b8:58:
         21:11:e7:13:28:37:41:64:ac:df:e8:2d:5d:b0:c5:60:30:4d:
         2f:05:a3:f8:18:b6:51:a4:39:75:2d:98:c1:7a:b2:b1:53:fe:
         fe:ef:6f:e7:be:86:43:dc:78:34:52:ab:5d:f9:b2:9e:c0:4b:
         f1:2e:a7:7d:cb:e3:16:be:95:fa:ec:45:1a:17:e0:4b:d5:3c:
         48:af:6d:56:4a:3b:85:3c:98:8f:ae:c9:83:b2:58:92:16:b6:
         e7:d9:ed:23:a1:82:4c:c1:f7:5a:47:3e:31:a2:5c:39:ed:e7:
         89:51:a6:22:2a:be:cd:ff:51:ba:36:81:63:97:76:a3:85:70:
         06:de:36:76:05:55:b1:23:c6:67:9f:30:00:12:49:48:79:b2:
         57:18:4f:39:ed:b7:58:87:fc:6b:d7:7a:44:bb:44:bb:2d:63:
         b9:3d:46:75:49:38:14:d3:1e:c6:86:f9:59:73:50:90:12:0e:
         3b:5f:2d:f7:f3:8a:8a:dd:7c:c9:c8:c7:ed:95:ee:88:9b:d3:
         ed:27:ca:f3:14:b2:8f:13:94:dd:82:0d:5c:b2:5d:5d:28:c5:
         cc:cf:15:5f:93:f3:71:40:c1:96:01:f7:b2:6e:ba:b9:cb:39:
         5a:79:2a:5e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUF0iIRGiuL8L46Bqz/N/akeH0O9cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjcyZTBmNmU2YzA4NzI0OTFmNTI0NDJmMTVhNGU5N2Ex
OTVmMGQzMWI0MjU4YmU2ODJkZjY5MjAxMzliODBmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUaDkMqRTpp2Aq0X4lVt2nMtTc5d7eaAzqySRwKYBJLwOS
7QnFYpcjFcdJVw8PB+4JFgglKmNGB0nEtgrpJba0TpLR+s97wyhzVus89IS/riKe
2nbOtOUWtFKv+ycB0Mg8jrr8hBCVVF3HBIUH6+VgIKyFDfLou2YgDVStXD5VOAzT
v8SIWPsYSS+a9q5A9tnN2bTlzbpqA/ya89IpIkIUb/cPdcnOFYBOYpR9+0bsu2Jo
5w7Ht53VU0rD34KtbhXh2FoEPblSXPPGWJZD7DfCOPOH/kHQBdmnz6fsf/LAPH5d
UGao4Tx4LxjpEUyKlRiiaa5fnHbAATqaK+CsUdH9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwrdJstSGOOO7Dun3QEczvGjUADIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMwNzg5YmI1LTkyMzQtNGMzOS04ZDZhLTY4NzJkY2VjYTg5Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA46jANBgkqhkiG9w0BAQsFAAOCAQEAb3f3FIPham8ti+TDgQJu7LhYIRHn
Eyg3QWSs3+gtXbDFYDBNLwWj+Bi2UaQ5dS2YwXqysVP+/u9v576GQ9x4NFKrXfmy
nsBL8S6nfcvjFr6V+uxFGhfgS9U8SK9tVko7hTyYj67Jg7JYkha259ntI6GCTMH3
Wkc+MaJcOe3niVGmIiq+zf9RujaBY5d2o4VwBt42dgVVsSPGZ58wABJJSHmyVxhP
Oe23WIf8a9d6RLtEuy1juT1GdUk4FNMexob5WXNQkBIOO18t9/OKit18ycjH7ZXu
iJvT7SfK8xSyjxOU3YINXLJdXSjFzM8VX5PzcUDBlgH3sm66ucs5WnkqXg==
-----END CERTIFICATE-----