Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52f431ef-0c8d-49fc-946b-b50273136e7b.roa
File:                     52f431ef-0c8d-49fc-946b-b50273136e7b.roa (raw, json)
Hash identifier:          AL+X5G2n/TXlDGVva7UPZsQ7+afn/KaecyQxs8umxKc=
Subject key identifier:   E3:27:72:1F:19:C2:01:E1:6A:8D:78:27:FE:E5:BC:42:25:3E:64:5F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57DDA69BA2D76B040E85940FA84435FD4282A7D9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52f431ef-0c8d-49fc-946b-b50273136e7b.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.96.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:dd:a6:9b:a2:d7:6b:04:0e:85:94:0f:a8:44:35:fd:42:82:a7:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cc:d5:79:e2:33:45:0e:3e:49:67:9d:52:a5:
                    82:14:03:29:26:fd:46:1f:e7:35:34:74:48:5c:0e:
                    f9:e6:bf:e1:67:17:42:ea:8d:95:c4:98:2a:f8:7d:
                    06:b8:17:4d:ed:5d:dc:72:e3:6d:b7:84:f0:b8:aa:
                    7c:81:02:6a:5a:53:d2:58:0e:de:16:83:b4:cb:76:
                    17:ec:a8:c4:45:39:e2:77:7e:fc:52:9f:38:f6:01:
                    e1:de:7c:32:12:49:43:a9:21:4c:9d:88:45:58:78:
                    03:ea:44:18:ec:3d:9d:5a:e3:1e:85:89:3e:a2:81:
                    cb:af:46:74:ed:d5:73:4f:10:88:65:5d:c2:65:77:
                    b0:37:cb:8d:79:74:ac:a7:79:aa:1d:0b:2a:52:31:
                    05:db:30:d7:26:17:04:5a:2b:c5:19:2e:38:67:1b:
                    1d:d5:f0:96:7f:48:a2:d3:8f:ec:a9:06:17:31:9b:
                    b2:2a:31:b9:45:fe:65:a9:ab:74:b6:c4:df:80:1b:
                    85:7e:f4:9d:4a:1f:88:a8:c9:c9:35:02:bb:6f:11:
                    f0:10:7a:17:e4:b7:13:9c:67:c3:72:92:48:1a:ed:
                    56:21:84:d0:11:b8:66:d8:a0:bd:b7:5a:8c:63:74:
                    17:b7:df:5e:e3:33:2b:c4:c7:b9:b2:25:aa:9e:98:
                    f5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:27:72:1F:19:C2:01:E1:6A:8D:78:27:FE:E5:BC:42:25:3E:64:5F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/52f431ef-0c8d-49fc-946b-b50273136e7b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.96.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a4:54:f6:40:9c:5b:72:1b:b9:7b:fc:7d:ad:16:a9:b6:4f:05:
         62:0a:6f:9b:59:5a:c5:63:b7:dd:8a:c3:c3:22:0b:8a:80:79:
         d8:b0:10:7b:41:56:14:1c:16:1f:98:75:66:45:c0:26:16:c7:
         74:f8:f2:c2:42:a6:2b:d0:ad:12:2a:68:96:23:16:08:76:00:
         1a:0f:ac:76:c6:39:1f:f1:43:b0:9c:d0:98:eb:2a:bb:03:6e:
         d6:df:93:ff:7a:b6:90:b7:be:f6:ec:14:8d:bc:ac:7d:82:f9:
         e0:cd:0b:b9:1b:f0:95:b7:6b:c4:72:40:c5:3d:5f:09:6a:08:
         11:34:25:94:19:1e:e0:ed:b8:fe:7c:f0:dd:d3:2d:8a:25:98:
         da:b2:f0:58:45:75:ef:d9:5c:7c:01:ba:5d:cc:cf:e8:37:16:
         b1:a9:78:ee:a9:33:02:83:a4:6f:8b:36:a2:ba:0b:09:67:c4:
         8e:12:a0:f2:da:a4:f1:a4:67:c7:6f:af:3c:32:9f:c9:a1:ca:
         4c:1f:3b:31:6b:a7:fb:32:a3:af:c3:37:01:2f:ee:f4:7b:00:
         ce:1d:a9:ad:ed:ad:b3:4a:45:98:e8:68:74:28:ed:4d:a2:02:
         82:b1:83:d2:e7:c8:bf:4d:20:90:95:6f:50:fd:1c:4d:a7:38:
         13:51:1c:1a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUV92mm6LXawQOhZQPqEQ1/UKCp9kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOGUwZWVmNmRiZTk3ZDE5ODFlODZmZDlkNTkyMzQ1NTUw
MmUzZjg4NDAwYTJjNTEyOTJiN2UxMDI2NzBlOGMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzzNV54jNFDj5JZ51SpYIUAykm/UYf5zU0dEhcDvnmv+Fn
F0LqjZXEmCr4fQa4F03tXdxy4223hPC4qnyBAmpaU9JYDt4Wg7TLdhfsqMRFOeJ3
fvxSnzj2AeHefDISSUOpIUydiEVYeAPqRBjsPZ1a4x6FiT6igcuvRnTt1XNPEIhl
XcJld7A3y415dKyneaodCypSMQXbMNcmFwRaK8UZLjhnGx3V8JZ/SKLTj+ypBhcx
m7IqMblF/mWpq3S2xN+AG4V+9J1KH4ioyck1ArtvEfAQehfktxOcZ8Nykkga7VYh
hNARuGbYoL23WoxjdBe3317jMyvEx7myJaqemPVZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4ydyHxnCAeFqjXgn/uW8QiU+ZF8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzUyZjQzMWVmLTBjOGQtNDlmYy05NDZiLWI1MDI3MzEzNmU3Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YDANBgkqhkiG9w0BAQsFAAOCAQEApFT2QJxbchu5e/x9rRaptk8FYgpv
m1laxWO33YrDwyILioB52LAQe0FWFBwWH5h1ZkXAJhbHdPjywkKmK9CtEipoliMW
CHYAGg+sdsY5H/FDsJzQmOsquwNu1t+T/3q2kLe+9uwUjbysfYL54M0LuRvwlbdr
xHJAxT1fCWoIETQllBke4O24/nzw3dMtiiWY2rLwWEV179lcfAG6XczP6DcWsal4
7qkzAoOkb4s2oroLCWfEjhKg8tqk8aRnx2+vPDKfyaHKTB87MWun+zKjr8M3AS/u
9HsAzh2pre2ts0pFmOhodCjtTaICgrGD0ufIv00gkJVvUP0cTac4E1EcGg==
-----END CERTIFICATE-----