Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70562065-eac3-4bad-8f95-db7a62fc8e6b.roa
File:                     70562065-eac3-4bad-8f95-db7a62fc8e6b.roa (raw, json)
Hash identifier:          ENZ7WBcHxASMB/HNLiQ+T0OExqWiLQ2PlQt6ZZxPC1E=
Subject key identifier:   21:35:AB:F1:B9:94:E6:4D:70:42:57:B1:9C:9E:03:45:2E:D9:24:80
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       479F09BA1F0B40505E2F2E1FCF04370334C4416F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70562065-eac3-4bad-8f95-db7a62fc8e6b.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.48.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:9f:09:ba:1f:0b:40:50:5e:2f:2e:1f:cf:04:37:03:34:c4:41:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=0ba86867a8a370cdc72055104aeb3c086fe06f66155df83ce1fd685af33e14ae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:8a:89:d3:bb:7e:08:7f:56:f2:c8:cc:fc:0e:
                    4e:27:2b:21:40:c1:a7:df:66:db:f0:d8:c3:f3:f7:
                    4c:a2:95:90:83:37:2a:34:86:9a:b9:4e:e9:89:ef:
                    8f:78:3b:72:81:7f:9a:f5:29:d0:7b:68:83:5e:2d:
                    ae:1c:7d:34:0e:8c:ee:49:e4:15:4d:06:37:51:e4:
                    44:2f:e6:88:59:4d:3c:ed:ca:6d:ff:b1:a1:23:85:
                    39:8d:39:64:2f:c3:bb:2e:08:bf:93:e6:08:e0:91:
                    72:31:35:20:5d:01:cf:fe:0d:44:ce:c1:38:36:1b:
                    60:0b:77:6b:cc:b3:4b:b4:ac:5d:03:4e:99:76:70:
                    0b:fb:4b:1e:16:1a:f4:5b:7c:ca:22:65:f8:75:21:
                    d7:d5:76:55:31:df:f8:60:ab:ff:4e:03:69:1f:b2:
                    a7:31:a3:b5:ef:14:dd:ea:30:6a:6e:4c:fb:b5:cd:
                    df:10:be:9c:3f:97:60:d6:ab:e4:3c:1e:a2:c1:d0:
                    4e:df:8c:20:e0:33:e2:64:fb:5f:f0:ca:35:2f:af:
                    ab:9d:a3:b1:1e:c8:a5:84:b6:a5:95:0c:a9:21:08:
                    20:36:5f:8e:ec:31:58:5d:7a:36:24:f2:f5:df:c7:
                    2d:74:76:5f:73:49:b7:9c:cb:30:21:63:19:79:85:
                    97:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:35:AB:F1:B9:94:E6:4D:70:42:57:B1:9C:9E:03:45:2E:D9:24:80
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/70562065-eac3-4bad-8f95-db7a62fc8e6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.48.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         13:45:43:26:50:31:52:37:db:49:7c:b9:d3:4e:45:0e:a6:a0:
         a6:c9:8f:20:69:a2:29:9f:17:36:e2:33:e9:5f:0e:57:90:fd:
         1f:2e:ab:da:c9:b1:84:2e:3d:24:51:72:79:34:5f:09:44:ec:
         79:b0:48:54:13:04:b8:3d:98:e7:27:14:6e:b9:ae:00:aa:d6:
         8a:12:5d:52:a6:36:ce:19:4f:ab:ef:06:c1:82:47:df:63:54:
         2d:25:1a:f3:80:6c:f1:5e:58:26:01:f1:d4:c0:5d:87:1f:db:
         0e:8f:42:b2:c9:7d:03:49:0b:b2:44:fb:80:f2:9f:9c:c1:72:
         04:3b:f0:a0:19:2f:f0:49:10:11:1e:c2:d0:bb:c4:8d:7b:41:
         0b:16:43:4e:5e:6b:06:d9:f0:37:c1:5f:3d:2e:1c:9a:77:fa:
         7f:7d:92:b8:98:fb:23:f7:04:78:85:ea:1e:e8:e0:11:0a:84:
         7b:4f:93:33:ae:23:a0:e8:4f:b8:9d:29:73:20:2a:d1:69:e8:
         90:3f:0f:51:48:32:21:1e:7d:0d:99:94:fb:a0:a5:a3:c2:05:
         ee:a3:2e:8e:89:69:9d:7c:f2:86:68:f6:77:ee:bd:8b:28:5d:
         c9:ba:1d:54:e8:fb:c3:17:d6:0a:12:6a:c2:b7:cc:7c:1c:b7:
         22:c5:78:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR58Juh8LQFBeLy4fzwQ3AzTEQW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmE4Njg2N2E4YTM3MGNkYzcyMDU1MTA0YWViM2MwODZm
ZTA2ZjY2MTU1ZGY4M2NlMWZkNjg1YWYzM2UxNGFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ionTu34If1byyMz8Dk4nKyFAwaffZtvw2MPz90yilZCD
Nyo0hpq5TumJ7494O3KBf5r1KdB7aINeLa4cfTQOjO5J5BVNBjdR5EQv5ohZTTzt
ym3/saEjhTmNOWQvw7suCL+T5gjgkXIxNSBdAc/+DUTOwTg2G2ALd2vMs0u0rF0D
Tpl2cAv7Sx4WGvRbfMoiZfh1IdfVdlUx3/hgq/9OA2kfsqcxo7XvFN3qMGpuTPu1
zd8Qvpw/l2DWq+Q8HqLB0E7fjCDgM+Jk+1/wyjUvr6udo7EeyKWEtqWVDKkhCCA2
X47sMVhdejYk8vXfxy10dl9zSbecyzAhYxl5hZexAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUITWr8bmU5k1wQlexnJ4DRS7ZJIAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcwNTYyMDY1LWVhYzMtNGJhZC04Zjk1LWRiN2E2MmZjOGU2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4MDANBgkqhkiG9w0BAQsFAAOCAQEAE0VDJlAxUjfbSXy5005FDqagpsmP
IGmiKZ8XNuIz6V8OV5D9Hy6r2smxhC49JFFyeTRfCUTsebBIVBMEuD2Y5ycUbrmu
AKrWihJdUqY2zhlPq+8GwYJH32NULSUa84Bs8V5YJgHx1MBdhx/bDo9Cssl9A0kL
skT7gPKfnMFyBDvwoBkv8EkQER7C0LvEjXtBCxZDTl5rBtnwN8FfPS4cmnf6f32S
uJj7I/cEeIXqHujgEQqEe0+TM64joOhPuJ0pcyAq0WnokD8PUUgyIR59DZmU+6Cl
o8IF7qMujolpnXzyhmj2d+69iyhdybodVOj7wxfWChJqwrfMfBy3IsV4+w==
-----END CERTIFICATE-----