Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7cca70e2-e95c-4a8a-a3a5-69e736c6cb19.roa
File:                     7cca70e2-e95c-4a8a-a3a5-69e736c6cb19.roa (raw, json)
Hash identifier:          zoEO0l2RwGwKYMgyJaJK1OcwZSrDAG+2t/zaeeql0JM=
Subject key identifier:   C2:9D:D2:97:3E:27:11:AB:AE:2D:F7:D8:BA:BE:07:B4:E0:21:EF:07
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       71BF45033FB234D711651D4CE4BA0F7F5A514F2B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7cca70e2-e95c-4a8a-a3a5-69e736c6cb19.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.65.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:bf:45:03:3f:b2:34:d7:11:65:1d:4c:e4:ba:0f:7f:5a:51:4f:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: serialNumber=61ece6c1105586c6b0a63ff85eb4a814ae3eae3af22108d7458576c17cea4939, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:65:38:fa:f8:48:2a:8b:34:ab:a0:56:07:54:
                    6e:c4:9b:72:22:f0:d9:a1:d0:c4:25:10:bc:1a:a2:
                    95:92:bc:d4:65:33:f1:b0:13:8f:11:cb:5c:6e:99:
                    54:fd:c6:f0:c4:41:c9:cd:a4:90:fe:df:94:59:3c:
                    4a:94:2d:11:f7:b7:4e:80:0f:59:73:0f:34:ba:2c:
                    82:5f:ee:15:b7:ba:38:64:a2:8c:9e:43:e7:ac:87:
                    b7:7a:ae:9c:ac:4f:00:25:6d:22:1a:6d:05:e7:79:
                    4e:f2:d7:2b:f7:1a:72:9d:bb:cb:9b:10:1f:57:3c:
                    cb:8a:29:38:73:95:29:f9:aa:e0:6e:72:f5:18:85:
                    1c:bc:3e:ec:9f:14:cb:9d:fe:c1:23:5a:de:d0:6e:
                    bc:c1:70:f5:d0:e4:95:6b:d5:c6:19:b9:37:81:48:
                    88:78:ab:d3:1b:32:91:b0:d6:0a:87:d7:c1:7a:0f:
                    5b:e6:2a:8e:31:b0:12:4e:08:b7:c5:5e:58:5f:3f:
                    ca:16:44:e4:2d:63:01:3f:04:f0:95:cd:fc:71:de:
                    c8:c3:36:26:5c:c3:d1:f7:a9:95:29:3a:32:9a:14:
                    3b:fe:f8:b0:b6:db:ff:e0:62:13:2a:ff:50:5a:56:
                    1b:39:87:0c:b7:9d:0f:cb:62:cf:2c:26:80:0c:a5:
                    33:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:9D:D2:97:3E:27:11:AB:AE:2D:F7:D8:BA:BE:07:B4:E0:21:EF:07
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7cca70e2-e95c-4a8a-a3a5-69e736c6cb19.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         25:33:2c:ff:06:5c:a3:47:79:f8:73:a9:60:81:cc:54:4a:3c:
         9f:c2:0d:48:b4:66:63:f3:ba:2c:78:a2:cc:a8:25:90:54:a8:
         e1:d4:c9:a3:7f:8d:72:a6:5c:16:5f:7e:97:27:8f:61:a1:72:
         57:9e:d8:fb:b9:57:40:d9:b1:01:aa:a8:f3:df:7b:5c:15:91:
         36:ee:fe:37:93:72:06:2d:0f:cd:f1:0d:79:3e:48:4d:1f:99:
         57:2e:76:fc:d9:b0:32:e7:7a:b7:14:14:a4:d7:5e:90:62:f4:
         66:41:4d:b2:3f:80:04:1c:b1:28:bb:08:0c:a0:4c:f9:e5:1d:
         34:eb:cc:2c:22:0c:eb:ea:38:01:85:16:b8:d6:2e:13:f0:99:
         a9:82:46:d0:6b:c9:76:24:f6:2d:55:ef:2e:b3:8d:68:ec:ba:
         5b:56:0c:ac:34:c0:10:37:f4:21:8e:00:c4:b1:26:68:b7:c6:
         e9:89:2e:c6:b8:8a:65:74:d0:89:87:29:c5:6c:7d:da:20:ab:
         6b:59:f1:57:42:ff:ed:ba:15:bb:ae:b3:c8:5e:62:3d:a7:8f:
         df:ed:a7:69:bb:a8:b0:83:f2:b2:ec:93:ac:62:a3:23:2a:7a:
         b8:9f:cb:8b:73:7d:7b:75:9c:a6:3a:35:e5:84:cb:35:73:0e:
         64:06:9a:e0
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcb9FAz+yNNcRZR1M5LoPf1pRTyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MWVjZTZjMTEwNTU4NmM2YjBhNjNmZjg1ZWI0YTgxNGFl
M2VhZTNhZjIyMTA4ZDc0NTg1NzZjMTdjZWE0OTM5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCFZTj6+EgqizSroFYHVG7Em3Ii8Nmh0MQlELwaopWSvNRl
M/GwE48Ry1xumVT9xvDEQcnNpJD+35RZPEqULRH3t06AD1lzDzS6LIJf7hW3ujhk
ooyeQ+esh7d6rpysTwAlbSIabQXneU7y1yv3GnKdu8ubEB9XPMuKKThzlSn5quBu
cvUYhRy8PuyfFMud/sEjWt7QbrzBcPXQ5JVr1cYZuTeBSIh4q9MbMpGw1gqH18F6
D1vmKo4xsBJOCLfFXlhfP8oWROQtYwE/BPCVzfxx3sjDNiZcw9H3qZUpOjKaFDv+
+LC22//gYhMq/1BaVhs5hwy3nQ/LYs8sJoAMpTNdAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUwp3Slz4nEauuLffYur4HtOAh7wcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjY2E3MGUyLWU5NWMtNGE4YS1hM2E1LTY5ZTczNmM2Y2IxOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4QTANBgkqhkiG9w0BAQsFAAOCAQEAJTMs/wZco0d5+HOpYIHMVEo8n8IN
SLRmY/O6LHiizKglkFSo4dTJo3+NcqZcFl9+lyePYaFyV57Y+7lXQNmxAaqo8997
XBWRNu7+N5NyBi0PzfENeT5ITR+ZVy52/NmwMud6txQUpNdekGL0ZkFNsj+ABByx
KLsIDKBM+eUdNOvMLCIM6+o4AYUWuNYuE/CZqYJG0GvJdiT2LVXvLrONaOy6W1YM
rDTAEDf0IY4AxLEmaLfG6YkuxriKZXTQiYcpxWx92iCra1nxV0L/7boVu66zyF5i
PaeP3+2nabuosIPysuyTrGKjIyp6uJ/Li3N9e3Wcpjo15YTLNXMOZAaa4A==
-----END CERTIFICATE-----