Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/680d7dd1-830d-4721-a5c1-49c6d92e7bf7.roa
File:                     680d7dd1-830d-4721-a5c1-49c6d92e7bf7.roa (raw, json)
Hash identifier:          VEVQJXE8MbrX8ZtXpjhhQNLUYHYlrChdvwSkLwzatds=
Subject key identifier:   71:26:5A:BA:EC:78:7A:06:4D:27:C5:F1:50:8C:8A:36:83:40:AC:B6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2FEFAEE5477EB946C9B406E472EC53545B07CA96
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/680d7dd1-830d-4721-a5c1-49c6d92e7bf7.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.49.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ef:ae:e5:47:7e:b9:46:c9:b4:06:e4:72:ec:53:54:5b:07:ca:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=8be576254bee74f8ac8e02e83af8d594ff32f228db7c37be0d6ac91b9e83b1d3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2d:b9:d6:a8:c6:20:16:7f:30:03:e2:9d:a5:
                    b2:be:2c:17:91:37:84:b8:61:54:3f:29:ae:44:34:
                    ba:33:13:29:dc:60:86:76:6f:02:e0:26:bd:ec:36:
                    b4:cb:30:3f:34:5b:01:0b:f4:38:72:d1:aa:cf:77:
                    da:47:da:82:e0:45:5c:5b:90:67:5d:77:c7:de:2f:
                    25:ad:1b:d6:77:e1:ac:1b:68:20:90:89:c2:17:ec:
                    27:f6:10:df:a4:6d:17:43:81:5f:65:8f:f8:f6:36:
                    d9:66:29:f8:72:a4:d0:52:77:8a:17:56:df:50:d3:
                    2f:65:55:8e:e7:04:7a:e7:be:19:20:86:d9:80:82:
                    85:a1:f1:41:be:da:bc:74:ce:28:d2:d4:f5:c1:fc:
                    d9:9f:51:e1:06:fe:98:b3:40:a4:78:ee:f6:73:06:
                    2d:eb:de:1a:0a:fc:19:97:29:60:c3:24:99:94:21:
                    06:bd:8d:cc:d8:58:74:25:e7:6f:85:a7:25:30:2a:
                    4d:e0:b4:d0:3c:b0:7c:87:fc:8b:6c:1b:9f:99:21:
                    c8:96:93:4b:29:df:ef:78:19:d1:90:fc:72:4b:01:
                    24:4e:0d:d5:b3:30:ab:55:8e:cd:0d:f3:83:8d:b2:
                    65:4e:21:29:bf:75:73:cf:3c:79:0b:2c:09:f2:6a:
                    14:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:26:5A:BA:EC:78:7A:06:4D:27:C5:F1:50:8C:8A:36:83:40:AC:B6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/680d7dd1-830d-4721-a5c1-49c6d92e7bf7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.49.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         78:ca:7a:b1:5d:a0:08:dd:c2:43:c1:4c:b6:7c:4a:27:2d:bd:
         c6:f6:84:f8:79:bd:b9:d2:2d:fe:c5:41:0b:68:45:ad:cb:12:
         4d:94:9f:0e:34:0b:dd:2c:d1:d7:70:88:7e:9d:d6:ea:a4:ed:
         b7:1d:e1:67:38:c2:e5:e7:7c:9d:c3:06:38:b3:87:a6:85:bd:
         f3:fd:a7:2b:5d:4a:15:2d:8c:e7:40:69:f5:b5:e1:3d:6e:f9:
         f9:5a:6e:1c:9d:e3:75:df:aa:57:8b:21:8e:a8:65:19:d5:85:
         ed:b1:90:56:d3:7a:87:e0:8f:00:ee:0f:4b:d1:62:dc:fe:45:
         5f:c6:72:70:01:94:f1:34:ff:85:4f:84:af:cc:0e:87:a0:7e:
         d7:af:c9:09:90:4f:ec:1b:85:b4:18:ce:17:a0:b0:e9:31:b9:
         db:39:79:d0:6f:99:ee:b6:b8:47:aa:0a:45:13:95:da:02:8d:
         79:d0:51:89:93:c9:49:e5:00:7a:23:f4:03:e5:fe:d2:b9:73:
         1e:8b:ac:39:85:91:c1:7f:a8:af:9e:cc:2c:28:3b:e6:f0:0f:
         a1:77:52:5f:64:7e:8c:f5:ec:ac:79:17:be:47:26:b8:fa:0d:
         e1:96:ac:8c:da:b3:40:49:cb:b3:57:c3:55:a4:f4:ff:b4:66:
         fe:eb:fe:a7
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUL++u5Ud+uUbJtAbkcuxTVFsHypYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YmU1NzYyNTRiZWU3NGY4YWM4ZTAyZTgzYWY4ZDU5NGZm
MzJmMjI4ZGI3YzM3YmUwZDZhYzkxYjllODNiMWQzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOLbnWqMYgFn8wA+KdpbK+LBeRN4S4YVQ/Ka5ENLozEync
YIZ2bwLgJr3sNrTLMD80WwEL9Dhy0arPd9pH2oLgRVxbkGddd8feLyWtG9Z34awb
aCCQicIX7Cf2EN+kbRdDgV9lj/j2NtlmKfhypNBSd4oXVt9Q0y9lVY7nBHrnvhkg
htmAgoWh8UG+2rx0zijS1PXB/NmfUeEG/pizQKR47vZzBi3r3hoK/BmXKWDDJJmU
IQa9jczYWHQl52+FpyUwKk3gtNA8sHyH/ItsG5+ZIciWk0sp3+94GdGQ/HJLASRO
DdWzMKtVjs0N84ONsmVOISm/dXPPPHkLLAnyahQzAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcSZauux4egZNJ8XxUIyKNoNArLYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4MGQ3ZGQxLTgzMGQtNDcyMS1hNWMxLTQ5YzZkOTJlN2JmNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4MTANBgkqhkiG9w0BAQsFAAOCAQEAeMp6sV2gCN3CQ8FMtnxKJy29xvaE
+Hm9udIt/sVBC2hFrcsSTZSfDjQL3SzR13CIfp3W6qTttx3hZzjC5ed8ncMGOLOH
poW98/2nK11KFS2M50Bp9bXhPW75+VpuHJ3jdd+qV4shjqhlGdWF7bGQVtN6h+CP
AO4PS9Fi3P5FX8ZycAGU8TT/hU+Er8wOh6B+16/JCZBP7BuFtBjOF6Cw6TG52zl5
0G+Z7ra4R6oKRROV2gKNedBRiZPJSeUAeiP0A+X+0rlzHousOYWRwX+or57MLCg7
5vAPoXdSX2R+jPXsrHkXvkcmuPoN4ZasjNqzQEnLs1fDVaT0/7Rm/uv+pw==
-----END CERTIFICATE-----