Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/624a8da7-1712-4795-b12a-8d1bde67dda8.roa
File:                     624a8da7-1712-4795-b12a-8d1bde67dda8.roa (raw, json)
Hash identifier:          3TW32Xn4u+fye+fWhVZ8cJKH+T7nUWt6tCZLbFG3kok=
Subject key identifier:   31:CA:63:96:71:D3:B5:79:FD:9E:31:F7:BC:2B:E5:3A:88:06:02:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       434F6C2BE04E9A70D05B887D67008C668BB79369
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/624a8da7-1712-4795-b12a-8d1bde67dda8.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.54.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:4f:6c:2b:e0:4e:9a:70:d0:5b:88:7d:67:00:8c:66:8b:b7:93:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=187646e6adeeb116a56784a0bee2253405fdcd755ad011ad93e1e70d25992530, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:32:e4:2c:1e:e1:83:97:0d:e4:67:d6:c5:fe:
                    74:0b:d5:54:d8:1d:c1:b6:ec:86:a5:b0:06:16:41:
                    bc:76:f3:ad:00:02:f8:c3:8c:d0:e0:32:7d:71:4a:
                    52:17:ce:84:f4:07:9b:f8:05:48:1a:b1:4b:1c:6a:
                    75:e4:cd:6a:9b:6b:90:df:28:21:d2:d0:42:d7:e1:
                    92:24:7a:75:01:0a:73:04:49:98:8a:3c:2b:05:71:
                    89:1c:d4:3e:9f:c9:de:19:43:20:4b:4b:a4:cf:9f:
                    60:b4:a4:80:e1:f1:a7:2b:89:e4:1e:a2:a0:6a:5e:
                    05:e9:f2:a5:b0:c3:f5:26:4b:6d:12:8e:09:2d:da:
                    1a:e7:56:3a:c9:ae:cc:fd:19:82:d5:84:a8:7f:1f:
                    bb:cc:5b:49:da:ec:f6:33:e6:67:4c:4b:a0:01:fc:
                    c7:4a:4b:53:b3:d2:55:1b:ab:a2:47:38:53:17:ac:
                    45:41:26:e9:3b:e6:c7:9d:73:54:6a:0a:22:cc:7c:
                    8f:37:b8:e0:ec:1e:80:91:57:73:d3:ba:74:ab:32:
                    0c:11:3e:de:32:dc:04:6d:ee:ca:df:87:39:00:4f:
                    23:44:3b:19:64:78:78:6e:67:99:7b:51:83:a8:0b:
                    b8:d6:9b:7a:66:cd:f8:2f:cd:b8:04:ef:7b:43:a9:
                    36:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:CA:63:96:71:D3:B5:79:FD:9E:31:F7:BC:2B:E5:3A:88:06:02:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/624a8da7-1712-4795-b12a-8d1bde67dda8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.54.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a6:76:1e:f1:3a:c1:ba:cf:e3:87:aa:8e:28:c4:7c:c4:37:91:
         f7:73:74:a5:25:02:43:5c:33:c8:ed:57:81:3b:02:c7:27:78:
         41:7c:b3:f2:1e:ec:8c:9c:0c:c2:74:52:80:bd:42:8c:fa:78:
         32:88:cb:ec:68:2f:83:1d:4d:85:39:87:19:f9:3b:d1:ec:78:
         34:9b:1b:43:f0:21:93:c6:53:90:8f:9d:41:c5:97:01:bf:84:
         ed:00:46:65:3d:f3:aa:f5:e9:40:1a:cd:21:f6:4b:64:09:4c:
         5e:5a:ef:59:3b:61:08:11:9f:41:71:dd:ee:4d:88:f4:6f:5c:
         4c:45:7a:56:ea:55:40:9a:67:5f:c0:2e:5b:9b:1e:4c:6a:13:
         03:45:58:ff:df:ba:4d:2b:a1:8b:6f:01:ad:57:2f:b8:4d:01:
         7f:ef:35:4d:a0:11:03:c0:ac:8a:57:7a:cc:c2:4b:1c:7e:2d:
         34:93:f1:dc:67:78:f2:7f:69:b4:41:40:bb:be:47:4b:a3:f3:
         65:b3:34:99:19:f7:f0:45:46:08:89:bc:e5:b2:c7:e7:0b:a9:
         57:1d:c6:ff:d6:f3:82:ec:bc:d0:3b:4d:eb:63:b3:24:5c:3e:
         f5:4b:c7:62:b2:c3:2a:c8:cc:a1:a4:5b:83:c3:e8:e1:2e:26:
         d6:39:44:07
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQ09sK+BOmnDQW4h9ZwCMZou3k2kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxODc2NDZlNmFkZWViMTE2YTU2Nzg0YTBiZWUyMjUzNDA1
ZmRjZDc1NWFkMDExYWQ5M2UxZTcwZDI1OTkyNTMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqMuQsHuGDlw3kZ9bF/nQL1VTYHcG27IalsAYWQbx2860A
AvjDjNDgMn1xSlIXzoT0B5v4BUgasUscanXkzWqba5DfKCHS0ELX4ZIkenUBCnME
SZiKPCsFcYkc1D6fyd4ZQyBLS6TPn2C0pIDh8acrieQeoqBqXgXp8qWww/UmS20S
jgkt2hrnVjrJrsz9GYLVhKh/H7vMW0na7PYz5mdMS6AB/MdKS1Oz0lUbq6JHOFMX
rEVBJuk75sedc1RqCiLMfI83uODsHoCRV3PTunSrMgwRPt4y3ARt7srfhzkATyNE
OxlkeHhuZ5l7UYOoC7jWm3pmzfgvzbgE73tDqTZhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMcpjlnHTtXn9njH3vCvlOogGAs8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYyNGE4ZGE3LTE3MTItNDc5NS1iMTJhLThkMWJkZTY3ZGRhOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4NjANBgkqhkiG9w0BAQsFAAOCAQEApnYe8TrBus/jh6qOKMR8xDeR93N0
pSUCQ1wzyO1XgTsCxyd4QXyz8h7sjJwMwnRSgL1CjPp4MojL7Ggvgx1NhTmHGfk7
0ex4NJsbQ/Ahk8ZTkI+dQcWXAb+E7QBGZT3zqvXpQBrNIfZLZAlMXlrvWTthCBGf
QXHd7k2I9G9cTEV6VupVQJpnX8AuW5seTGoTA0VY/9+6TSuhi28BrVcvuE0Bf+81
TaARA8Csild6zMJLHH4tNJPx3Gd48n9ptEFAu75HS6PzZbM0mRn38EVGCIm85bLH
5wupVx3G/9bzguy80DtN62OzJFw+9UvHYrLDKsjMoaRbg8Po4S4m1jlEBw==
-----END CERTIFICATE-----