Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33204460-4049-473a-b31e-32c26884ced7.roa
File:                     33204460-4049-473a-b31e-32c26884ced7.roa (raw, json)
Hash identifier:          9tizIPb48cMLi1EEhmYwLHFqxeaL/Y3Ry06rhCqnIa0=
Subject key identifier:   2D:06:61:28:3A:73:32:46:28:B5:4E:9C:67:8C:6A:BE:FA:19:78:5B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6D7E7EF4C88DB58E7D97474EAFAC909243A05D49
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33204460-4049-473a-b31e-32c26884ced7.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.157.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:7e:7e:f4:c8:8d:b5:8e:7d:97:47:4e:af:ac:90:92:43:a0:5d:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=9da4e4a81c86698d0fd130275df3db560a38905538012b87d1dc4a505c54c59c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:bb:19:c5:8b:69:97:3c:52:bb:47:44:36:96:
                    92:f1:36:a6:97:96:ea:5c:8d:02:b6:d1:1a:a2:d7:
                    2f:d7:12:89:bc:ff:13:b2:4a:1c:a0:c6:d6:1d:3b:
                    3b:74:28:e5:fd:61:8e:17:b6:64:09:44:b8:82:c7:
                    75:d1:21:a4:55:93:67:37:d7:35:97:72:39:1c:61:
                    aa:48:1b:1a:7f:d7:57:62:db:d9:88:a2:39:3b:25:
                    fd:72:a6:75:d3:6a:36:8f:63:40:7a:24:25:9b:7b:
                    19:4f:68:11:ad:ed:70:36:8b:09:c7:4e:7e:6b:a4:
                    64:df:ea:26:c1:5e:fc:d5:c4:cd:ba:13:dc:81:6f:
                    bc:65:79:57:be:9d:88:8d:6b:f3:49:cc:b2:e5:58:
                    b3:1a:25:c6:fd:74:66:21:5a:47:a0:81:9a:c7:01:
                    f1:89:8d:34:92:dd:99:77:d9:75:01:2a:8b:63:83:
                    0e:37:07:a0:bb:6c:ee:ee:ad:54:95:c7:09:81:55:
                    62:08:9b:8d:54:26:5b:18:f5:bc:ff:e3:6c:9b:e6:
                    5f:c0:b4:88:81:27:b9:f6:0f:7c:ed:3b:83:be:8d:
                    06:e0:5b:1f:0e:d9:9f:15:f7:60:78:a1:5f:11:c9:
                    4f:b2:c7:e6:68:16:fe:51:f6:ed:bb:d6:41:2e:dc:
                    94:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:06:61:28:3A:73:32:46:28:B5:4E:9C:67:8C:6A:BE:FA:19:78:5B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/33204460-4049-473a-b31e-32c26884ced7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.157.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         79:00:4e:84:ea:5a:90:1c:66:2d:6e:80:5d:4f:c2:e1:35:a5:
         aa:76:93:1d:e2:00:1f:84:2b:5b:5f:0c:b0:af:0a:bd:14:c5:
         5c:e6:51:02:07:14:f2:57:11:82:6e:11:98:82:1f:02:28:f6:
         04:bf:e3:3c:a7:49:0d:d4:38:de:bb:dc:13:90:02:66:fa:0c:
         4d:84:01:66:24:82:16:7c:6f:c0:d8:a2:00:a7:2e:7a:c2:91:
         04:1c:7e:35:c2:45:05:37:af:3a:0a:d4:57:df:d8:00:5b:f9:
         39:3f:72:ae:b6:ff:8c:61:d3:80:eb:69:46:b2:a4:fa:e4:40:
         95:c4:24:fb:71:01:94:31:b1:1b:c8:5d:7d:62:36:dd:01:e9:
         cc:58:71:a7:36:b2:d8:d0:3a:e2:26:68:ac:6d:16:28:9d:ad:
         c1:ec:b1:f7:b6:94:dc:81:47:29:22:58:71:3c:b8:eb:28:53:
         87:a0:11:06:3c:79:05:dd:99:1a:71:b3:22:8b:3c:81:81:8b:
         7d:4e:62:bc:2f:5e:15:42:85:ca:f4:d3:d5:09:97:91:67:b0:
         46:6e:a0:56:6b:e1:26:5d:b2:3d:1a:cb:23:82:b4:84:2e:87:
         c3:d4:2c:43:74:98:48:a4:fe:29:19:c7:0d:8d:7a:93:94:10:
         55:bc:06:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbX5+9MiNtY59l0dOr6yQkkOgXUkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZGE0ZTRhODFjODY2OThkMGZkMTMwMjc1ZGYzZGI1NjBh
Mzg5MDU1MzgwMTJiODdkMWRjNGE1MDVjNTRjNTljMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQuxnFi2mXPFK7R0Q2lpLxNqaXlupcjQK20Rqi1y/XEom8
/xOyShygxtYdOzt0KOX9YY4XtmQJRLiCx3XRIaRVk2c31zWXcjkcYapIGxp/11di
29mIojk7Jf1ypnXTajaPY0B6JCWbexlPaBGt7XA2iwnHTn5rpGTf6ibBXvzVxM26
E9yBb7xleVe+nYiNa/NJzLLlWLMaJcb9dGYhWkeggZrHAfGJjTSS3Zl32XUBKotj
gw43B6C7bO7urVSVxwmBVWIIm41UJlsY9bz/42yb5l/AtIiBJ7n2D3ztO4O+jQbg
Wx8O2Z8V92B4oV8RyU+yx+ZoFv5R9u271kEu3JQ5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULQZhKDpzMkYotU6cZ4xqvvoZeFswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzMzMjA0NDYwLTQwNDktNDczYS1iMzFlLTMyYzI2ODg0Y2VkNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4nTANBgkqhkiG9w0BAQsFAAOCAQEAeQBOhOpakBxmLW6AXU/C4TWlqnaT
HeIAH4QrW18MsK8KvRTFXOZRAgcU8lcRgm4RmIIfAij2BL/jPKdJDdQ43rvcE5AC
ZvoMTYQBZiSCFnxvwNiiAKcuesKRBBx+NcJFBTevOgrUV9/YAFv5OT9yrrb/jGHT
gOtpRrKk+uRAlcQk+3EBlDGxG8hdfWI23QHpzFhxpzay2NA64iZorG0WKJ2tweyx
97aU3IFHKSJYcTy46yhTh6ARBjx5Bd2ZGnGzIos8gYGLfU5ivC9eFUKFyvTT1QmX
kWewRm6gVmvhJl2yPRrLI4K0hC6Hw9QsQ3SYSKT+KRnHDY16k5QQVbwGLw==
-----END CERTIFICATE-----