Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/970115b3-ed25-4bc3-9ef6-b221db00b330.roa
File:                     970115b3-ed25-4bc3-9ef6-b221db00b330.roa (raw, json)
Hash identifier:          fmzVXxCtvWuh9K9iPjPF/oX/w3FPNEBC+B0LSGeD2BI=
Subject key identifier:   78:EA:5E:22:2F:42:E5:81:39:B6:55:DC:52:F7:00:BE:D2:34:D2:E4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       77AD562E537E0C38820A9CEE1120710CE8BBC1F2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/970115b3-ed25-4bc3-9ef6-b221db00b330.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.254.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ad:56:2e:53:7e:0c:38:82:0a:9c:ee:11:20:71:0c:e8:bb:c1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=54f5591e624c20f7526c60bda0730e4e9b8db3ec1b3d8db6fb421bc087a3a623, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fb:a7:02:3b:37:a5:53:94:2a:f8:81:a7:aa:
                    d8:52:96:7e:35:70:fb:a9:c5:75:3e:8b:b9:46:f6:
                    ad:cd:23:a1:32:c5:f2:31:bf:b8:69:fc:5b:21:17:
                    11:12:9f:b5:af:6d:d7:0a:ce:8a:ae:05:52:27:14:
                    b5:ae:e8:97:60:99:95:5c:93:6f:b0:1d:4c:3b:b1:
                    bd:04:29:7c:c0:bc:be:61:f4:5c:d1:05:fb:f9:a1:
                    80:83:28:16:b1:20:41:24:5d:ab:60:af:c1:c5:43:
                    29:aa:9a:8f:74:63:80:32:a1:74:32:8d:3f:4a:97:
                    53:0e:48:54:59:37:3f:d7:a4:03:f0:7f:b3:e2:75:
                    fd:88:1e:0a:bd:af:f3:91:75:45:f6:5b:a5:3a:f6:
                    dc:b8:97:50:95:13:ed:89:e7:6f:2b:17:06:1d:91:
                    2e:9f:2c:b6:6a:4b:b1:63:7e:e1:f4:28:ad:bc:79:
                    32:41:6b:d6:2a:98:1d:a6:0e:0a:c0:e3:7a:8c:c3:
                    f9:24:ee:8a:67:23:79:f1:1a:80:95:54:f3:d7:1b:
                    41:cd:27:e5:6c:4a:dd:75:03:ae:78:2e:da:03:20:
                    39:97:9f:04:24:a1:83:3b:c1:f4:11:cf:ae:b9:45:
                    b3:df:72:fe:e9:be:1f:55:35:03:8a:e1:b4:e1:d2:
                    20:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:EA:5E:22:2F:42:E5:81:39:B6:55:DC:52:F7:00:BE:D2:34:D2:E4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/970115b3-ed25-4bc3-9ef6-b221db00b330.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c9:82:db:31:e9:b6:52:9d:f3:82:24:95:97:09:74:68:bb:87:
         ba:45:bb:d1:15:f6:5a:8c:ef:58:f1:50:16:2b:6a:50:0f:56:
         9f:7e:d7:2a:a4:e5:b3:5e:17:74:3d:97:69:99:44:38:24:7b:
         ff:2a:dc:31:d4:a9:0e:47:7d:6c:c8:6b:a3:5d:50:c8:64:57:
         90:68:8d:a1:f9:9d:f2:4a:b9:83:32:c9:c1:04:3a:5d:57:58:
         ab:3e:84:3a:63:6b:d2:50:79:47:f5:c4:a2:d8:22:43:9c:d4:
         e4:71:fe:b6:d6:ab:14:76:09:84:cd:5a:2f:03:d6:61:30:d2:
         03:ef:61:e6:54:9e:88:24:80:d5:72:9e:73:c5:4c:0b:2a:db:
         7a:94:e9:f6:89:f8:63:44:b0:db:4d:c5:36:22:cc:43:ac:d5:
         d1:ac:d1:bf:58:65:4b:8b:17:42:8e:ea:47:72:c7:65:81:40:
         fe:0f:f3:f9:d1:24:07:42:9b:93:3a:a9:00:0a:6c:90:89:88:
         dd:03:0b:33:90:75:d2:17:61:a5:a9:3e:8e:84:d9:a7:ef:8c:
         9d:9d:3d:26:07:e5:a3:6a:d4:d8:27:9b:ed:78:6c:3d:d6:90:
         21:29:6f:df:e1:92:9e:c0:81:7f:49:28:00:b5:0d:8e:0d:76:
         cd:52:22:75
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUd61WLlN+DDiCCpzuESBxDOi7wfIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NGY1NTkxZTYyNGMyMGY3NTI2YzYwYmRhMDczMGU0ZTli
OGRiM2VjMWIzZDhkYjZmYjQyMWJjMDg3YTNhNjIzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCp+6cCOzelU5Qq+IGnqthSln41cPupxXU+i7lG9q3NI6Ey
xfIxv7hp/FshFxESn7WvbdcKzoquBVInFLWu6JdgmZVck2+wHUw7sb0EKXzAvL5h
9FzRBfv5oYCDKBaxIEEkXatgr8HFQymqmo90Y4AyoXQyjT9Kl1MOSFRZNz/XpAPw
f7Pidf2IHgq9r/ORdUX2W6U69ty4l1CVE+2J528rFwYdkS6fLLZqS7FjfuH0KK28
eTJBa9YqmB2mDgrA43qMw/kk7opnI3nxGoCVVPPXG0HNJ+VsSt11A654LtoDIDmX
nwQkoYM7wfQRz665RbPfcv7pvh9VNQOK4bTh0iDLAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUeOpeIi9C5YE5tlXcUvcAvtI00uQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk3MDExNWIzLWVkMjUtNGJjMy05ZWY2LWIyMjFkYjAwYjMzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4/jANBgkqhkiG9w0BAQsFAAOCAQEAyYLbMem2Up3zgiSVlwl0aLuHukW7
0RX2WozvWPFQFitqUA9Wn37XKqTls14XdD2XaZlEOCR7/yrcMdSpDkd9bMhro11Q
yGRXkGiNofmd8kq5gzLJwQQ6XVdYqz6EOmNr0lB5R/XEotgiQ5zU5HH+ttarFHYJ
hM1aLwPWYTDSA+9h5lSeiCSA1XKec8VMCyrbepTp9on4Y0Sw203FNiLMQ6zV0azR
v1hlS4sXQo7qR3LHZYFA/g/z+dEkB0KbkzqpAApskImI3QMLM5B10hdhpak+joTZ
p++MnZ09Jgflo2rU2Ceb7XhsPdaQISlv3+GSnsCBf0koALUNjg12zVIidQ==
-----END CERTIFICATE-----