Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68ab50a8-c99d-4ea1-9713-49af3c9bb813.roa
File:                     68ab50a8-c99d-4ea1-9713-49af3c9bb813.roa (raw, json)
Hash identifier:          bYDiBNTdsOIC+txM0C05YDr7WIg10wzg9E90rG+JwHI=
Subject key identifier:   5F:25:62:97:81:83:ED:2E:A3:64:DA:54:AE:9E:C8:5C:E6:87:31:6F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4C15D12521EE6AA598CDAFA905249617FD8FCB78
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68ab50a8-c99d-4ea1-9713-49af3c9bb813.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.17.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:15:d1:25:21:ee:6a:a5:98:cd:af:a9:05:24:96:17:fd:8f:cb:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=7b41a8f64a7e5b2da854e2b3e881164f848676ac492e3ad4d928fd408cafb1d7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c7:57:31:3a:0f:a8:65:3c:72:d8:c3:55:99:
                    60:7b:e3:67:82:04:06:74:1d:7e:56:f9:82:5d:2b:
                    80:7b:01:44:df:02:7c:ee:61:96:f2:88:a1:60:04:
                    9c:33:37:5e:1d:6e:3d:8a:46:80:e5:d0:77:3b:2a:
                    b9:68:75:f9:c8:78:ba:11:55:21:db:e1:0b:b7:d1:
                    53:6e:e5:7a:8b:f4:e4:ab:3f:9d:6e:cf:15:52:ee:
                    5e:32:df:e9:07:61:47:3f:d1:ec:10:c1:93:47:d0:
                    a2:ac:a0:97:28:e7:6c:23:b8:95:d9:34:a9:5f:d0:
                    ab:1d:6e:56:cb:50:f0:28:68:0a:b8:99:69:c5:0f:
                    1d:14:fa:81:36:c6:d9:88:16:66:1e:f8:35:48:e9:
                    db:94:60:b0:a0:f8:53:1f:db:ea:d2:1f:2c:07:84:
                    a7:ff:d6:91:da:33:54:53:d5:49:a5:41:13:d7:47:
                    e6:2d:5e:89:80:7a:f2:41:56:9c:c4:2a:88:15:d8:
                    3c:d8:1b:e4:f8:3a:1e:74:c3:15:0c:a6:cc:d6:9c:
                    59:37:ba:fe:56:54:1e:e6:71:58:99:61:40:98:f7:
                    d5:b1:fc:41:d2:cc:20:4d:0b:b5:51:11:79:5e:2c:
                    88:b2:da:f7:ce:66:22:b0:f2:e5:f6:6a:87:c2:c5:
                    92:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:25:62:97:81:83:ED:2E:A3:64:DA:54:AE:9E:C8:5C:E6:87:31:6F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/68ab50a8-c99d-4ea1-9713-49af3c9bb813.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:94:01:0d:55:0f:f7:63:e1:0b:55:bb:8b:38:8e:7e:7e:ab:
         7d:5c:4f:42:d5:65:91:ac:99:fb:df:08:fc:b9:a3:fb:b7:76:
         f1:2b:7e:16:a7:54:46:53:a2:35:61:56:17:ff:cd:a8:d0:fa:
         01:e9:b4:b2:5a:47:12:f2:06:50:82:15:fb:6b:fe:a8:a3:81:
         5b:6a:8e:ca:f8:39:06:56:68:a2:4c:7d:6f:f4:ac:96:04:61:
         87:6a:39:b6:53:bf:db:34:83:b6:ea:80:c4:d6:53:97:ef:91:
         65:76:ce:42:b4:a9:36:ab:e6:e4:48:c4:5d:b7:4e:b8:8a:88:
         78:ed:70:82:b1:3c:fb:45:47:bc:7e:1f:28:65:9a:09:43:0b:
         28:7e:ea:04:9f:14:50:b1:29:46:c2:be:4f:26:78:71:60:9e:
         67:ee:2d:20:ed:c3:4d:26:58:c7:14:03:ab:11:41:aa:66:74:
         f7:1d:ac:be:b5:9e:43:af:3b:38:a3:7f:0d:2d:8c:64:71:24:
         91:a1:1e:fe:64:73:16:b1:04:72:49:c4:16:5f:50:8d:f0:08:
         76:23:a9:b0:da:fd:50:e4:e2:c5:43:61:38:10:6f:33:aa:5d:
         6e:4b:0e:c0:02:7c:40:42:44:d7:59:ff:16:cb:8a:5f:d2:47:
         e6:a6:91:79
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUTBXRJSHuaqWYza+pBSSWF/2Py3gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YjQxYThmNjRhN2U1YjJkYTg1NGUyYjNlODgxMTY0Zjg0
ODY3NmFjNDkyZTNhZDRkOTI4ZmQ0MDhjYWZiMWQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWx1cxOg+oZTxy2MNVmWB742eCBAZ0HX5W+YJdK4B7AUTf
AnzuYZbyiKFgBJwzN14dbj2KRoDl0Hc7KrlodfnIeLoRVSHb4Qu30VNu5XqL9OSr
P51uzxVS7l4y3+kHYUc/0ewQwZNH0KKsoJco52wjuJXZNKlf0KsdblbLUPAoaAq4
mWnFDx0U+oE2xtmIFmYe+DVI6duUYLCg+FMf2+rSHywHhKf/1pHaM1RT1UmlQRPX
R+YtXomAevJBVpzEKogV2DzYG+T4Oh50wxUMpszWnFk3uv5WVB7mcViZYUCY99Wx
/EHSzCBNC7VREXleLIiy2vfOZiKw8uX2aofCxZKpAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUXyVil4GD7S6jZNpUrp7IXOaHMW8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY4YWI1MGE4LWM5OWQtNGVhMS05NzEzLTQ5YWYzYzliYjgxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4ETANBgkqhkiG9w0BAQsFAAOCAQEAxJQBDVUP92PhC1W7iziOfn6rfVxP
QtVlkayZ+98I/Lmj+7d28St+FqdURlOiNWFWF//NqND6Aem0slpHEvIGUIIV+2v+
qKOBW2qOyvg5BlZookx9b/SslgRhh2o5tlO/2zSDtuqAxNZTl++RZXbOQrSpNqvm
5EjEXbdOuIqIeO1wgrE8+0VHvH4fKGWaCUMLKH7qBJ8UULEpRsK+TyZ4cWCeZ+4t
IO3DTSZYxxQDqxFBqmZ09x2svrWeQ687OKN/DS2MZHEkkaEe/mRzFrEEcknEFl9Q
jfAIdiOpsNr9UOTixUNhOBBvM6pdbksOwAJ8QEJE11n/FsuKX9JH5qaReQ==
-----END CERTIFICATE-----