Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b21dd0-efa6-4663-9f7b-5b59d4d2f739.roa
File:                     43b21dd0-efa6-4663-9f7b-5b59d4d2f739.roa (raw, json)
Hash identifier:          lpdWAFe9fH8dJNL30gbari2n/kE6mcUMIbdTxJkSzSM=
Subject key identifier:   E1:A8:5F:E4:4C:B4:C0:7C:8A:2B:40:D7:DE:18:2C:44:43:A6:54:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3342F2A65338553425E2B0AFBAFE8387FA33BDC8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b21dd0-efa6-4663-9f7b-5b59d4d2f739.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        114.56.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:42:f2:a6:53:38:55:34:25:e2:b0:af:ba:fe:83:87:fa:33:bd:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b4:64:b4:ee:66:51:4b:5d:54:15:27:2e:d2:
                    0a:69:7c:0a:34:c6:c6:d5:a0:b8:d3:cf:6e:97:e1:
                    1f:9a:13:41:2f:59:7a:91:2b:6b:07:1c:11:f7:d3:
                    6b:de:56:28:de:ec:44:a1:9c:34:f6:b0:d1:84:24:
                    f3:37:ec:a7:5d:4f:bb:7a:c5:5a:0b:66:4c:19:d2:
                    16:c8:1f:5c:42:9f:1a:9a:49:5e:e0:99:15:e6:26:
                    32:56:7e:c2:ce:87:6e:6f:73:86:dc:6d:d5:67:a8:
                    95:b9:76:65:9d:fd:6b:1c:91:77:8e:5e:42:ba:5b:
                    e4:44:f8:8f:fe:c9:09:bb:ed:3d:c8:32:86:3e:d3:
                    8d:a3:e9:f2:68:e0:9d:97:6e:cf:c1:37:93:ed:86:
                    21:b7:ce:c9:26:13:e9:fb:9f:3e:69:53:13:64:37:
                    fe:62:56:a8:89:2e:33:3a:0d:70:f1:1e:74:58:c3:
                    c3:d7:82:8d:1e:db:50:ae:bb:e1:7f:2d:6a:86:94:
                    d9:31:4c:ea:28:5a:6b:ca:ac:e0:f6:21:34:1f:4b:
                    0a:e3:bd:fa:10:bb:23:90:95:65:f7:4a:8a:fc:25:
                    b7:7a:2b:d4:80:0f:f2:45:df:b2:81:32:9f:f9:88:
                    ed:f8:2a:2f:88:8d:e7:d3:e4:6a:eb:75:05:48:76:
                    6a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A8:5F:E4:4C:B4:C0:7C:8A:2B:40:D7:DE:18:2C:44:43:A6:54:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/43b21dd0-efa6-4663-9f7b-5b59d4d2f739.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.56.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         61:c5:a3:13:98:40:6b:82:d1:d1:14:e3:92:98:cf:00:7e:17:
         ac:28:0f:ca:57:e1:62:c9:8f:21:ec:ec:60:97:d2:56:c3:f8:
         07:38:7f:c8:ad:23:fe:d7:4c:28:a4:66:69:da:4b:48:55:cb:
         ec:fd:4e:a3:6b:11:22:c4:2a:05:09:3c:41:1b:14:6e:04:33:
         87:54:ab:6d:3f:f5:0d:72:96:e6:c9:ef:2d:92:40:6d:f0:3c:
         b0:f6:69:43:be:d1:a1:77:e0:f8:c3:0d:95:b4:4f:a9:47:04:
         52:f1:40:35:a3:c8:09:a8:4b:ad:e3:ce:cd:72:67:d5:bc:a3:
         e2:a6:3a:f1:d3:ed:21:c3:93:89:2f:72:14:9b:c7:cd:46:d2:
         73:9f:01:70:65:8f:24:36:5f:6d:e8:5e:47:6b:96:74:27:15:
         3d:8c:49:3e:0d:3f:f4:08:63:8c:c9:4a:2e:19:3b:12:a0:03:
         b8:4c:1c:1e:83:16:6d:b5:84:23:40:5e:9d:18:9d:35:af:0e:
         07:ed:7a:30:9f:d8:48:f5:ed:4f:9b:0e:f8:80:2b:5f:f5:01:
         74:63:2e:e3:d5:9a:e9:1e:57:59:e1:42:23:f0:f8:17:50:b5:
         3a:28:bf:af:ee:0a:74:d4:19:54:cb:cb:b0:e8:0e:5b:72:ef:
         85:a1:f1:05
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUM0LyplM4VTQl4rCvuv6Dh/ozvcgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNmJmMDJlYmM1MTIxZDY3NTAxNjBhNDI0ZGQyOTYxYjQ5
YzdhM2Q5OGE1YzUyZjA5MTZlOGY5NzI5ODQ2NTI2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+tGS07mZRS11UFScu0gppfAo0xsbVoLjTz26X4R+aE0Ev
WXqRK2sHHBH302veVije7EShnDT2sNGEJPM37KddT7t6xVoLZkwZ0hbIH1xCnxqa
SV7gmRXmJjJWfsLOh25vc4bcbdVnqJW5dmWd/WsckXeOXkK6W+RE+I/+yQm77T3I
MoY+042j6fJo4J2Xbs/BN5PthiG3zskmE+n7nz5pUxNkN/5iVqiJLjM6DXDxHnRY
w8PXgo0e21Cuu+F/LWqGlNkxTOooWmvKrOD2ITQfSwrjvfoQuyOQlWX3Sor8Jbd6
K9SAD/JF37KBMp/5iO34Ki+IjefT5GrrdQVIdmpVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4ahf5Ey0wHyKK0DX3hgsREOmVJEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQzYjIxZGQwLWVmYTYtNDY2My05ZjdiLTViNTlkNGQyZjczOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZyOEAwDQYJKoZIhvcNAQELBQADggEBAGHFoxOYQGuC0dEU45KYzwB+F6wo
D8pX4WLJjyHs7GCX0lbD+Ac4f8itI/7XTCikZmnaS0hVy+z9TqNrESLEKgUJPEEb
FG4EM4dUq20/9Q1ylubJ7y2SQG3wPLD2aUO+0aF34PjDDZW0T6lHBFLxQDWjyAmo
S63jzs1yZ9W8o+KmOvHT7SHDk4kvchSbx81G0nOfAXBljyQ2X23oXkdrlnQnFT2M
ST4NP/QIY4zJSi4ZOxKgA7hMHB6DFm21hCNAXp0YnTWvDgftejCf2Ej17U+bDviA
K1/1AXRjLuPVmukeV1nhQiPw+BdQtToov6/uCnTUGVTLy7DoDlty74Wh8QU=
-----END CERTIFICATE-----