Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3704d245-436a-4b87-a96c-f0f8b852cf09.roa
File:                     3704d245-436a-4b87-a96c-f0f8b852cf09.roa (raw, json)
Hash identifier:          pK6cmFR2+ZPAnF0+vJfAW1mTOBd5qTwyJCkA0QO+W4Q=
Subject key identifier:   C7:C0:1D:44:E6:A0:70:90:2B:D5:0D:BE:20:DE:7A:74:0A:86:88:AB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       757D8E93AEFCD2FCA28255C63814B9D5F3057FA6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3704d245-436a-4b87-a96c-f0f8b852cf09.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.133.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:7d:8e:93:ae:fc:d2:fc:a2:82:55:c6:38:14:b9:d5:f3:05:7f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=b3280311c6ed0c1ba76d2eca468ca99ca1efdb840a5f3a640a4aafeceb7b5c29, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5f:3a:b9:a2:06:3d:6c:91:42:a2:b2:04:4f:
                    18:82:c6:4c:56:ce:2d:97:32:a5:d9:cd:63:c3:02:
                    e6:af:df:b7:7f:48:9d:69:09:cb:72:c8:1b:3a:1b:
                    8c:c5:ff:83:bb:61:4a:09:5e:e3:ce:99:57:2a:a6:
                    5e:19:4a:73:53:c5:50:9e:84:f7:96:45:c3:af:58:
                    75:81:0b:e8:72:b6:e1:48:4a:ed:5a:10:ee:5e:93:
                    a2:b9:0b:e7:55:58:e2:b5:a1:c8:09:37:76:d7:a1:
                    43:e6:ce:c4:dc:80:7f:ec:bd:3b:31:34:5a:7d:c7:
                    65:19:00:0d:6e:f1:86:47:33:68:45:31:15:ed:1a:
                    7a:52:67:c4:71:68:b9:a5:83:ad:96:aa:60:5e:fa:
                    e9:28:a8:d2:24:93:67:13:d4:4f:f6:ba:80:d1:6b:
                    a7:d6:42:d7:a0:5b:cf:fe:a2:33:38:b6:06:c4:d0:
                    04:7b:ed:78:4f:ec:c9:0b:79:e9:bf:fa:4a:f7:9c:
                    07:fb:59:7a:e6:06:94:93:53:ad:6e:55:20:22:f8:
                    51:10:69:ef:3e:e9:69:ec:fc:88:8c:24:4c:0e:26:
                    3c:ed:2b:a1:75:b9:e2:68:94:27:e0:bd:cd:20:4e:
                    41:20:94:69:c2:92:3e:f6:f3:f4:80:80:e2:58:20:
                    a6:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C0:1D:44:E6:A0:70:90:2B:D5:0D:BE:20:DE:7A:74:0A:86:88:AB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3704d245-436a-4b87-a96c-f0f8b852cf09.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.133.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4e:83:4d:e3:e1:e3:92:16:07:d7:ec:7a:e3:79:20:c3:8d:8d:
         2c:1e:f1:5f:cc:03:af:a6:d7:08:ee:1f:f4:08:9d:5a:b5:82:
         6d:8c:6c:e5:c7:e7:76:44:8c:29:7c:81:6a:df:fd:21:cd:f7:
         b0:43:1b:2b:06:08:cc:23:f5:04:25:c0:04:b3:c4:4f:43:83:
         db:88:06:fc:c5:3a:18:0f:80:c0:f5:ff:5a:2d:0b:ad:30:55:
         28:54:c4:e4:e9:90:8d:72:ac:d1:87:51:10:e4:0d:da:4e:3b:
         29:98:23:eb:e4:1c:32:92:a4:ab:da:63:54:89:83:58:b7:06:
         7b:3d:e4:03:16:aa:ec:95:64:63:14:bc:18:7b:e1:c8:5b:b7:
         1a:43:02:9b:f5:7e:18:4d:7d:d9:76:ef:92:4b:ee:d0:c1:5b:
         07:7c:72:ee:cd:0a:47:05:31:e1:78:22:a6:a5:72:bf:75:ca:
         84:f4:c5:53:ee:29:e0:ba:c0:8d:63:5e:df:bd:40:90:c0:26:
         1d:0c:97:78:0a:3c:ed:0e:94:ba:ed:9d:0a:0a:8b:53:3d:c9:
         36:bb:43:81:65:6c:90:a8:8a:93:3d:21:3e:22:3f:46:ca:b6:
         ed:ad:7c:3d:dc:7b:18:24:bd:37:ae:fc:86:03:dd:2f:b0:0d:
         a2:e0:93:bb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdX2Ok6780vyiglXGOBS51fMFf6YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMzI4MDMxMWM2ZWQwYzFiYTc2ZDJlY2E0NjhjYTk5Y2Ex
ZWZkYjg0MGE1ZjNhNjQwYTRhYWZlY2ViN2I1YzI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqXzq5ogY9bJFCorIETxiCxkxWzi2XMqXZzWPDAuav37d/
SJ1pCctyyBs6G4zF/4O7YUoJXuPOmVcqpl4ZSnNTxVCehPeWRcOvWHWBC+hytuFI
Su1aEO5ek6K5C+dVWOK1ocgJN3bXoUPmzsTcgH/svTsxNFp9x2UZAA1u8YZHM2hF
MRXtGnpSZ8RxaLmlg62WqmBe+ukoqNIkk2cT1E/2uoDRa6fWQtegW8/+ojM4tgbE
0AR77XhP7MkLeem/+kr3nAf7WXrmBpSTU61uVSAi+FEQae8+6Wns/IiMJEwOJjzt
K6F1ueJolCfgvc0gTkEglGnCkj728/SAgOJYIKYBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUx8AdROagcJAr1Q2+IN56dAqGiKswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM3MDRkMjQ1LTQzNmEtNGI4Ny1hOTZjLWYwZjhiODUyY2YwOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4hTANBgkqhkiG9w0BAQsFAAOCAQEAToNN4+HjkhYH1+x643kgw42NLB7x
X8wDr6bXCO4f9AidWrWCbYxs5cfndkSMKXyBat/9Ic33sEMbKwYIzCP1BCXABLPE
T0OD24gG/MU6GA+AwPX/Wi0LrTBVKFTE5OmQjXKs0YdREOQN2k47KZgj6+QcMpKk
q9pjVImDWLcGez3kAxaq7JVkYxS8GHvhyFu3GkMCm/V+GE192Xbvkkvu0MFbB3xy
7s0KRwUx4XgipqVyv3XKhPTFU+4p4LrAjWNe371AkMAmHQyXeAo87Q6Uuu2dCgqL
Uz3JNrtDgWVskKiKkz0hPiI/Rsq27a18Pdx7GCS9N678hgPdL7ANouCTuw==
-----END CERTIFICATE-----