Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72561a06-751f-4851-979f-027e06eedce2.roa
File:                     72561a06-751f-4851-979f-027e06eedce2.roa (raw, json)
Hash identifier:          eG7+5l1pwUanBMAJ5viJcyjxUstO+zc3IGe5e0MK83E=
Subject key identifier:   E7:77:2B:AF:07:C2:88:CE:BC:7E:7C:85:EE:8D:5E:86:5F:CA:AD:FF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       47DD64B061A630C4128439F537F55F87B24C39D9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72561a06-751f-4851-979f-027e06eedce2.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.81.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:dd:64:b0:61:a6:30:c4:12:84:39:f5:37:f5:5f:87:b2:4c:39:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c6:86:41:81:7b:49:c4:36:73:04:d2:63:9d:
                    b8:1c:63:51:93:9d:da:58:d5:77:ce:1b:ff:db:ed:
                    5f:a0:8d:03:f9:74:76:49:58:80:cd:cc:d5:05:1d:
                    6d:9b:ab:71:2c:12:7d:ff:51:fe:e9:1b:cb:d7:0a:
                    74:af:52:f9:33:7f:92:d7:a7:31:15:b5:ce:74:b9:
                    76:21:c4:9e:f9:74:67:d5:1f:3e:e0:56:42:41:53:
                    7b:58:6d:b4:8e:9f:df:41:71:a0:8c:32:7a:40:bb:
                    36:07:65:ae:c9:45:ee:6f:bb:1e:f4:cc:2f:a0:88:
                    90:3e:cf:76:4e:e2:6e:fb:57:0e:4d:4e:34:99:45:
                    9d:12:43:40:33:aa:ce:24:60:fd:e6:b3:20:25:d8:
                    95:e4:aa:6d:9f:91:68:9d:fb:61:9c:7b:33:ea:5b:
                    0a:75:f8:04:72:37:1e:cd:89:30:ad:83:a1:3e:8b:
                    f6:1c:a3:61:d9:5a:a6:70:de:a6:61:0e:50:20:76:
                    f5:cd:68:88:50:ec:8e:62:bf:5c:b3:86:5e:fa:a0:
                    69:54:62:47:fa:f1:48:01:61:8a:0f:b2:12:b5:1d:
                    f6:0d:1d:b5:0c:ef:3f:a7:3e:f2:45:ff:dd:a4:f3:
                    22:e9:d8:a6:53:4e:cd:a2:b1:55:4c:a8:26:57:ab:
                    0e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:77:2B:AF:07:C2:88:CE:BC:7E:7C:85:EE:8D:5E:86:5F:CA:AD:FF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/72561a06-751f-4851-979f-027e06eedce2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.81.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         42:30:fd:00:f9:55:34:57:aa:d8:3a:46:77:1e:a6:11:6f:da:
         f8:7c:c7:05:70:52:90:00:96:a3:78:a8:b3:24:fb:02:4c:fa:
         19:43:3e:aa:f8:d0:da:08:23:5e:bc:24:16:a8:fc:c7:79:43:
         24:3d:bf:43:74:fc:ae:01:ff:db:c5:47:ea:b9:8b:02:e6:c7:
         39:c1:68:cd:22:5d:60:89:6a:66:cb:4f:a3:d0:8a:a8:bd:b8:
         c2:73:72:5c:76:6f:01:77:7f:84:c5:d9:2a:d3:cb:fa:9d:7a:
         01:4e:31:22:bb:41:a3:9d:4b:5f:1b:91:69:78:08:90:be:78:
         b0:03:a2:e9:69:55:95:ee:6b:43:3e:0b:34:60:65:a1:ee:55:
         26:3e:ff:00:90:3d:99:21:d5:c7:c1:5c:9f:d3:09:27:73:ba:
         b2:51:8a:04:e8:e1:36:74:28:3b:c3:67:ce:ab:42:5a:33:e1:
         0b:20:71:63:b1:36:89:40:2d:8c:9c:1f:fb:49:80:b7:45:6f:
         73:0e:e6:04:7a:cf:98:61:ef:6f:0f:8b:af:b1:7d:9c:ed:f1:
         20:6d:f9:1f:0e:a5:4f:9b:e2:c5:93:48:89:97:d8:6d:ef:1d:
         3b:7e:94:5e:96:f7:32:91:6c:09:b8:d5:bc:29:ec:23:1d:f3:
         5a:06:63:0f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUR91ksGGmMMQShDn1N/Vfh7JMOdkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkN2RmY2FhOGVmYmNkMGExYTc2MmJjZTMxZmFlMWZiMTQ1
ZTBkMjlmNmMzY2UzZWZkZmJjMjQzNTFmN2NhZDU5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCxoZBgXtJxDZzBNJjnbgcY1GTndpY1XfOG//b7V+gjQP5
dHZJWIDNzNUFHW2bq3EsEn3/Uf7pG8vXCnSvUvkzf5LXpzEVtc50uXYhxJ75dGfV
Hz7gVkJBU3tYbbSOn99BcaCMMnpAuzYHZa7JRe5vux70zC+giJA+z3ZO4m77Vw5N
TjSZRZ0SQ0Azqs4kYP3msyAl2JXkqm2fkWid+2GcezPqWwp1+ARyNx7NiTCtg6E+
i/Yco2HZWqZw3qZhDlAgdvXNaIhQ7I5iv1yzhl76oGlUYkf68UgBYYoPshK1HfYN
HbUM7z+nPvJF/92k8yLp2KZTTs2isVVMqCZXqw57AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU53crrwfCiM68fnyF7o1ehl/Krf8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcyNTYxYTA2LTc1MWYtNDg1MS05NzlmLTAyN2UwNmVlZGNlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4UTANBgkqhkiG9w0BAQsFAAOCAQEAQjD9APlVNFeq2DpGdx6mEW/a+HzH
BXBSkACWo3iosyT7Akz6GUM+qvjQ2ggjXrwkFqj8x3lDJD2/Q3T8rgH/28VH6rmL
AubHOcFozSJdYIlqZstPo9CKqL24wnNyXHZvAXd/hMXZKtPL+p16AU4xIrtBo51L
XxuRaXgIkL54sAOi6WlVle5rQz4LNGBloe5VJj7/AJA9mSHVx8Fcn9MJJ3O6slGK
BOjhNnQoO8NnzqtCWjPhCyBxY7E2iUAtjJwf+0mAt0Vvcw7mBHrPmGHvbw+Lr7F9
nO3xIG35Hw6lT5vixZNIiZfYbe8dO36UXpb3MpFsCbjVvCnsIx3zWgZjDw==
-----END CERTIFICATE-----