Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89548e90-e31d-4007-9241-dad0c45b9ec8.roa
File:                     89548e90-e31d-4007-9241-dad0c45b9ec8.roa (raw, json)
Hash identifier:          VdJ+FLDBhST5kuTPHHanUaZ/7SLMgxwdUwpdgbusXnY=
Subject key identifier:   7E:87:CB:BE:4F:BC:31:9A:C8:27:4B:82:09:72:F4:01:6E:82:B9:39
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2380505F3C6C64BBBAE6F38B99516C89CBC6DBDB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89548e90-e31d-4007-9241-dad0c45b9ec8.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.136.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:80:50:5f:3c:6c:64:bb:ba:e6:f3:8b:99:51:6c:89:cb:c6:db:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=b179c81091823109260fce50ebf8193cb496747d621bf668cd06d6f12c06ea7b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:42:fe:6b:b1:77:a2:88:2e:7e:f3:2b:a5:d4:
                    cc:a8:46:a3:00:32:46:d2:5e:57:17:5f:e2:f8:3f:
                    b8:5c:55:6a:bf:26:ae:1c:e7:58:b0:7b:44:c9:d5:
                    09:ff:39:39:6d:1d:26:3b:e7:79:e7:e7:40:e9:a3:
                    69:82:10:ca:03:51:b0:80:a9:40:e0:cd:a9:b8:55:
                    25:bc:b6:40:9d:0c:fb:be:ce:d9:fd:f6:6a:ba:0b:
                    c2:bd:c5:8a:1d:8f:a5:05:e4:cb:a1:60:8c:9f:15:
                    56:86:99:e1:1f:cd:ad:76:63:c1:32:f1:65:64:1c:
                    61:23:cb:15:81:4b:13:b8:5e:bf:9a:d8:d4:c7:a8:
                    32:13:16:79:a6:7a:d8:d7:91:b6:36:14:7f:16:26:
                    3e:28:81:ac:f3:d0:4b:c7:3a:7e:ba:f4:60:7f:bd:
                    06:39:a1:86:48:f3:92:8f:d0:8c:13:b9:13:f8:99:
                    70:99:f1:eb:46:fd:b7:44:36:1e:2a:19:12:ad:02:
                    72:ad:b2:52:1d:bf:e1:8f:f6:27:32:db:7b:f5:53:
                    bc:36:e2:de:93:f9:be:5b:a3:2a:0c:6d:6f:56:ea:
                    c9:8c:74:06:9e:c5:5f:3c:ca:9c:4a:91:7f:2b:57:
                    7e:34:30:a8:d0:e7:ac:44:8d:66:63:9f:ad:a2:a0:
                    70:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:87:CB:BE:4F:BC:31:9A:C8:27:4B:82:09:72:F4:01:6E:82:B9:39
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89548e90-e31d-4007-9241-dad0c45b9ec8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.136.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:0d:c7:d1:28:d5:77:9a:dc:3b:8c:1e:e5:37:53:8c:42:92:
         df:7b:bf:ef:da:d8:d5:78:93:1d:b1:26:4b:d9:cf:70:ae:2b:
         58:96:cc:0c:31:79:63:9e:9e:d8:0c:50:51:16:df:15:dc:26:
         35:e6:81:c3:72:c7:e5:7d:37:c1:81:6e:e2:e4:49:aa:79:40:
         13:52:29:71:a2:a4:2c:35:10:66:5c:84:23:3b:99:1c:9c:f2:
         19:ec:0a:24:de:75:b2:68:4d:cf:8d:5d:80:c9:7c:69:1a:08:
         1e:8e:8d:37:75:23:df:a2:d1:03:23:11:7b:c9:f4:3f:8f:84:
         a8:94:71:f3:57:d2:13:cb:6e:32:58:bb:c6:0b:ad:61:93:7a:
         a5:95:bd:3e:d1:d3:57:5b:fa:78:5f:e0:33:27:93:6f:3d:83:
         fc:a4:f1:67:1a:7b:60:50:5c:e2:3e:4d:96:2b:23:1e:36:b5:
         46:be:22:ee:c5:55:da:c6:84:23:93:54:ea:80:83:a0:bb:05:
         05:cd:02:f6:8b:ce:90:63:1f:af:64:1b:61:8d:08:36:39:62:
         81:33:b7:0b:da:d4:cc:56:fa:f6:d8:47:1e:83:a3:34:5d:18:
         9b:1c:30:d6:a7:71:cc:de:a0:cb:70:88:28:92:ba:77:5d:a6:
         30:19:4a:26
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUI4BQXzxsZLu65vOLmVFsicvG29swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMTc5YzgxMDkxODIzMTA5MjYwZmNlNTBlYmY4MTkzY2I0
OTY3NDdkNjIxYmY2NjhjZDA2ZDZmMTJjMDZlYTdiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvQv5rsXeiiC5+8yul1MyoRqMAMkbSXlcXX+L4P7hcVWq/
Jq4c51iwe0TJ1Qn/OTltHSY753nn50Dpo2mCEMoDUbCAqUDgzam4VSW8tkCdDPu+
ztn99mq6C8K9xYodj6UF5MuhYIyfFVaGmeEfza12Y8Ey8WVkHGEjyxWBSxO4Xr+a
2NTHqDITFnmmetjXkbY2FH8WJj4ogazz0EvHOn669GB/vQY5oYZI85KP0IwTuRP4
mXCZ8etG/bdENh4qGRKtAnKtslIdv+GP9icy23v1U7w24t6T+b5boyoMbW9W6smM
dAaexV88ypxKkX8rV340MKjQ56xEjWZjn62ioHCRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfofLvk+8MZrIJ0uCCXL0AW6CuTkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5NTQ4ZTkwLWUzMWQtNDAwNy05MjQxLWRhZDBjNDViOWVjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4iDANBgkqhkiG9w0BAQsFAAOCAQEACg3H0SjVd5rcO4we5TdTjEKS33u/
79rY1XiTHbEmS9nPcK4rWJbMDDF5Y56e2AxQURbfFdwmNeaBw3LH5X03wYFu4uRJ
qnlAE1IpcaKkLDUQZlyEIzuZHJzyGewKJN51smhNz41dgMl8aRoIHo6NN3Uj36LR
AyMRe8n0P4+EqJRx81fSE8tuMli7xgutYZN6pZW9PtHTV1v6eF/gMyeTbz2D/KTx
Zxp7YFBc4j5NlisjHja1Rr4i7sVV2saEI5NU6oCDoLsFBc0C9ovOkGMfr2QbYY0I
NjligTO3C9rUzFb69thHHoOjNF0Ymxww1qdxzN6gy3CIKJK6d12mMBlKJg==
-----END CERTIFICATE-----