Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e0fe6e0-4575-477f-b3dd-cba21c445578.roa
File:                     6e0fe6e0-4575-477f-b3dd-cba21c445578.roa (raw, json)
Hash identifier:          PsA4+++hW8fZJGeebgAGXiXhINwEPy/feKDHO+lVmY0=
Subject key identifier:   10:1A:6D:0E:C8:CC:C5:8D:96:AD:D6:18:51:73:26:46:57:35:FD:5A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F39A24C3B0A2720A9A45AD5D52533B40C4893CC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e0fe6e0-4575-477f-b3dd-cba21c445578.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.147.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:39:a2:4c:3b:0a:27:20:a9:a4:5a:d5:d5:25:33:b4:0c:48:93:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d5:39:e4:cb:68:1f:11:6f:c4:5a:83:69:b2:
                    d4:a9:c2:9f:91:e9:4b:ee:c4:46:36:21:3b:58:b8:
                    01:18:d4:5b:e7:48:d5:8a:08:04:d4:6b:68:37:22:
                    87:d1:e2:af:d3:b7:31:26:2c:1a:8a:f1:07:84:de:
                    46:6b:26:f0:75:01:27:06:c6:ae:63:93:c2:50:ca:
                    69:5c:24:af:ce:72:93:66:61:c1:de:1c:cd:f8:98:
                    67:bd:da:0d:2c:f9:fd:23:12:e0:05:c0:48:e6:42:
                    21:8b:e5:ec:72:ff:82:10:03:a5:14:7d:ce:32:36:
                    98:8f:b3:98:35:14:57:34:aa:9b:f6:87:3f:1d:f2:
                    95:5f:3c:1b:69:32:ed:16:6b:1d:39:24:6c:25:d7:
                    06:34:be:fc:b1:39:86:96:42:d1:bc:f5:54:1e:80:
                    d1:c1:e1:1a:5f:64:00:ee:1b:46:9c:59:30:2a:ce:
                    82:cb:7d:ee:25:6d:91:dc:a0:72:dc:24:7e:05:3a:
                    8e:e4:2e:c3:27:6a:7d:12:6b:9a:92:f6:8a:93:69:
                    61:d1:23:1c:31:b4:8e:12:32:df:9c:24:05:16:00:
                    a9:0e:88:be:b2:bc:73:da:86:df:89:65:2d:80:b2:
                    4a:7a:b9:1b:f4:29:ee:65:e7:5f:e3:11:43:05:51:
                    86:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1A:6D:0E:C8:CC:C5:8D:96:AD:D6:18:51:73:26:46:57:35:FD:5A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6e0fe6e0-4575-477f-b3dd-cba21c445578.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.147.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:9f:0b:df:8f:45:ce:b1:eb:13:45:ca:f4:11:1f:82:70:40:
         52:17:97:b7:a9:0a:c1:2a:51:e3:b9:c3:02:64:91:93:9f:a8:
         5c:86:a0:cb:cb:bb:39:12:9f:34:e7:6c:0b:4e:fe:47:7f:e1:
         2e:69:ba:32:19:85:84:af:b3:6d:03:6b:b0:ea:66:fa:46:ce:
         33:b2:1b:00:b7:1e:61:9e:09:9c:10:4c:37:4b:ff:c5:00:0d:
         aa:1a:cf:d7:99:1a:8b:79:69:a8:b2:fb:86:84:c2:97:e9:1a:
         92:01:3b:72:48:95:a8:f3:f4:30:f4:d7:7e:a6:05:f6:0d:d3:
         60:41:8a:5b:6d:7a:71:fc:ed:df:f0:ac:f9:0c:bc:e3:cd:7f:
         2e:bc:33:13:aa:bf:1c:86:b8:d4:88:c5:fd:b8:43:21:9f:30:
         72:51:52:f1:43:c1:fb:13:a1:6f:90:d5:79:51:86:2c:f7:19:
         32:04:a0:c5:b8:b0:85:46:23:bf:5a:05:6f:34:82:b6:48:33:
         6e:42:47:ce:6f:da:7c:1d:e4:26:93:b5:0f:a2:41:d5:16:67:
         4e:4d:e1:75:90:81:17:60:2a:5b:f5:eb:ae:ad:b5:64:76:d2:
         25:53:b6:94:ac:2a:aa:3a:cf:c8:be:72:99:d0:45:79:f5:d3:
         5b:ee:36:28
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbzmiTDsKJyCppFrV1SUztAxIk8wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzdmYjQxZTdmZDQ0MGFiY2Y2Mzc0NTkxMTQwNjJmMjNj
N2YzYmVkMDNhZDQwNjBlYTcxN2U4Y2ZhMTZlZGMzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDM1Tnky2gfEW/EWoNpstSpwp+R6UvuxEY2ITtYuAEY1Fvn
SNWKCATUa2g3IofR4q/TtzEmLBqK8QeE3kZrJvB1AScGxq5jk8JQymlcJK/OcpNm
YcHeHM34mGe92g0s+f0jEuAFwEjmQiGL5exy/4IQA6UUfc4yNpiPs5g1FFc0qpv2
hz8d8pVfPBtpMu0Wax05JGwl1wY0vvyxOYaWQtG89VQegNHB4RpfZADuG0acWTAq
zoLLfe4lbZHcoHLcJH4FOo7kLsMnan0Sa5qS9oqTaWHRIxwxtI4SMt+cJAUWAKkO
iL6yvHPaht+JZS2Askp6uRv0Ke5l51/jEUMFUYYrAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUEBptDsjMxY2WrdYYUXMmRlc1/VowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZlMGZlNmUwLTQ1NzUtNDc3Zi1iM2RkLWNiYTIxYzQ0NTU3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4kzANBgkqhkiG9w0BAQsFAAOCAQEAmJ8L349FzrHrE0XK9BEfgnBAUheX
t6kKwSpR47nDAmSRk5+oXIagy8u7ORKfNOdsC07+R3/hLmm6MhmFhK+zbQNrsOpm
+kbOM7IbALceYZ4JnBBMN0v/xQANqhrP15kai3lpqLL7hoTCl+kakgE7ckiVqPP0
MPTXfqYF9g3TYEGKW216cfzt3/Cs+Qy8481/LrwzE6q/HIa41IjF/bhDIZ8wclFS
8UPB+xOhb5DVeVGGLPcZMgSgxbiwhUYjv1oFbzSCtkgzbkJHzm/afB3kJpO1D6JB
1RZnTk3hdZCBF2AqW/Xrrq21ZHbSJVO2lKwqqjrPyL5ymdBFefXTW+42KA==
-----END CERTIFICATE-----