Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a790757-122d-4cb2-a0a7-ea07b5c649e8.roa
File:                     9a790757-122d-4cb2-a0a7-ea07b5c649e8.roa (raw, json)
Hash identifier:          2G93VFsrI3KNh1GOyCjclCH/QVJWuEcSblabBTOAtbg=
Subject key identifier:   BB:6D:AB:C0:7D:7B:52:24:AC:55:FB:03:01:CB:45:0A:66:1A:CB:9E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10ED7F391F914FCFED0987322B3A20413AD4B488
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a790757-122d-4cb2-a0a7-ea07b5c649e8.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        104.255.56.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ed:7f:39:1f:91:4f:cf:ed:09:87:32:2b:3a:20:41:3a:d4:b4:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:35:ce:f0:b4:9c:ad:2e:8a:d9:a8:4d:89:b7:
                    79:c8:9a:1d:0b:30:c7:b4:db:58:16:ce:bc:6a:f2:
                    38:0e:62:8d:4a:d6:6e:aa:62:c8:d4:78:cb:a3:2d:
                    00:ae:ea:57:d7:e5:2f:1f:76:be:91:ef:49:27:cb:
                    76:99:37:ae:d0:24:59:72:95:8f:b6:26:20:36:7a:
                    7c:67:85:90:db:07:c4:d2:e8:3a:c5:79:d9:9e:c9:
                    62:f8:e7:49:fc:d8:fc:b8:dd:64:0c:e0:4d:fa:b9:
                    8f:74:f8:b1:29:6e:4c:ad:a3:2d:52:11:f6:89:12:
                    b3:3a:f5:10:2b:f4:24:f8:7c:d5:2b:d2:eb:25:a6:
                    78:8f:fd:a4:0f:8c:be:c3:5c:65:e7:10:05:00:e9:
                    db:3b:b0:c8:51:f8:6d:d0:ff:8e:58:7f:73:ee:23:
                    7f:95:1f:d6:28:64:f0:a4:6b:2a:50:ea:98:4e:6e:
                    98:82:14:76:98:e2:72:88:04:80:af:c0:ab:00:48:
                    2b:0d:b6:45:d3:f9:97:42:47:6d:42:6b:24:7a:a2:
                    e6:fa:04:71:df:53:08:a4:e0:ba:5c:28:e5:48:2e:
                    76:d6:41:26:3d:35:da:13:54:e9:3a:d2:42:af:a9:
                    33:57:81:0e:32:8c:59:06:13:4b:9f:fe:e3:3f:cf:
                    33:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:6D:AB:C0:7D:7B:52:24:AC:55:FB:03:01:CB:45:0A:66:1A:CB:9E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9a790757-122d-4cb2-a0a7-ea07b5c649e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.255.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:db:22:eb:0a:d1:3d:58:7d:50:1d:88:8e:14:de:bb:22:1f:
         65:f1:f6:7f:45:de:02:9e:cd:c1:da:7b:3b:d3:bd:a1:d3:aa:
         19:b9:36:b6:83:72:d7:27:45:0b:1d:58:b8:0d:76:49:3e:92:
         62:3b:7e:5d:ef:31:93:27:50:6a:c3:05:cd:dd:1d:f0:1c:3a:
         0a:6a:4c:e8:08:e6:8d:61:85:9e:23:1e:6b:e5:a8:70:3c:8b:
         c6:ab:fa:4d:3b:dd:a5:67:8c:22:e8:d3:c2:12:6c:72:ae:0f:
         f9:21:f2:61:92:e3:fa:ea:60:fc:68:5b:3b:a5:66:0f:ce:d4:
         03:ce:a4:90:af:48:c1:03:e0:7c:e9:3a:fb:2f:13:e4:d6:48:
         72:74:ec:9a:20:a6:55:4c:5f:4b:b5:ea:d3:68:fe:e8:2e:5f:
         d3:9d:bb:12:11:ca:b2:d0:c2:5f:a9:a4:15:9d:7c:01:e3:96:
         66:8e:92:45:e9:de:6e:f5:51:8f:f6:94:80:19:c2:6a:81:0c:
         89:4c:a2:9f:5f:91:e3:6e:a2:9c:9b:30:e4:9f:fc:84:ff:bb:
         e0:75:98:c3:6d:67:73:65:6a:ab:ef:c2:c1:37:8a:cd:30:9a:
         f7:ea:e7:91:00:98:0c:1d:f8:32:a8:8e:89:90:51:8b:fb:3c:
         c4:16:cb:8f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEO1/OR+RT8/tCYcyKzogQTrUtIgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmZmFjOWMzZjI4YmE5YWEzOThiZTAxMmYwOGI1Yjc0ODli
OGFjMDkzNzBiZGMzMzg1ODg4YzdmMmFlYzdlMzRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdNc7wtJytLorZqE2Jt3nImh0LMMe021gWzrxq8jgOYo1K
1m6qYsjUeMujLQCu6lfX5S8fdr6R70kny3aZN67QJFlylY+2JiA2enxnhZDbB8TS
6DrFedmeyWL450n82Py43WQM4E36uY90+LEpbkytoy1SEfaJErM69RAr9CT4fNUr
0uslpniP/aQPjL7DXGXnEAUA6ds7sMhR+G3Q/45Yf3PuI3+VH9YoZPCkaypQ6phO
bpiCFHaY4nKIBICvwKsASCsNtkXT+ZdCR21CayR6oub6BHHfUwik4LpcKOVILnbW
QSY9NdoTVOk60kKvqTNXgQ4yjFkGE0uf/uM/zzNjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUu22rwH17UiSsVfsDActFCmYay54wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlhNzkwNzU3LTEyMmQtNGNiMi1hMGE3LWVhMDdiNWM2NDllOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANo/zgwDQYJKoZIhvcNAQELBQADggEBAD3bIusK0T1YfVAdiI4U3rsiH2Xx
9n9F3gKezcHaezvTvaHTqhm5NraDctcnRQsdWLgNdkk+kmI7fl3vMZMnUGrDBc3d
HfAcOgpqTOgI5o1hhZ4jHmvlqHA8i8ar+k073aVnjCLo08ISbHKuD/kh8mGS4/rq
YPxoWzulZg/O1APOpJCvSMED4HzpOvsvE+TWSHJ07JogplVMX0u16tNo/uguX9Od
uxIRyrLQwl+ppBWdfAHjlmaOkkXp3m71UY/2lIAZwmqBDIlMop9fkeNuopybMOSf
/IT/u+B1mMNtZ3NlaqvvwsE3is0wmvfq55EAmAwd+DKojomQUYv7PMQWy48=
-----END CERTIFICATE-----