Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a12e68a8-8e75-4f73-9cd2-812ff073d471.roa
File:                     a12e68a8-8e75-4f73-9cd2-812ff073d471.roa (raw, json)
Hash identifier:          y6PC8dDCDIDIsOqeMM/p+52sFX5VnBBcS5WBPduLxsA=
Subject key identifier:   41:48:87:3D:87:7C:AD:68:A6:E6:3C:F5:B9:F3:EB:BD:3D:BD:D1:18
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       20FB0B63D61A479A9CE57CDC6DC0D3960148520B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a12e68a8-8e75-4f73-9cd2-812ff073d471.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        56.136.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:fb:0b:63:d6:1a:47:9a:9c:e5:7c:dc:6d:c0:d3:96:01:48:52:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:39:8e:69:48:34:73:98:f2:2c:33:f6:1f:80:
                    f9:8f:e8:61:d9:9f:29:53:98:73:58:5c:51:68:0f:
                    db:ed:06:98:b3:a4:36:03:f7:33:e2:a1:b0:52:94:
                    3f:86:cc:8d:e1:b8:a2:47:17:20:89:1f:d2:dd:2d:
                    d6:74:ed:aa:9b:b9:dd:db:9c:36:d7:2b:61:77:04:
                    d2:08:4f:bf:d2:b8:73:ee:57:39:29:ff:02:7d:d1:
                    ca:c9:85:95:1b:84:1f:8c:10:3f:7e:e3:35:ec:94:
                    45:bf:d7:96:83:0d:69:96:41:b8:4f:6b:61:cc:0a:
                    23:86:af:1f:17:25:32:b0:59:6c:f7:e9:67:82:82:
                    2e:b0:62:c8:19:b0:4f:33:1e:97:c5:25:a2:0d:95:
                    fe:93:db:2c:df:8e:a8:d8:02:7b:2c:36:f1:02:af:
                    68:2a:0e:f0:a7:d6:37:65:7e:93:a6:b8:c2:f0:90:
                    1f:4f:b8:7f:d9:81:10:0b:74:99:92:d0:34:bc:17:
                    f4:3f:95:79:08:54:0f:f1:1a:35:1a:e9:45:88:ad:
                    e6:03:59:c2:57:c8:e3:60:ba:4f:3c:ec:aa:14:c0:
                    9e:06:25:24:a8:75:48:11:f5:20:02:5f:44:b6:1c:
                    22:ae:6a:e2:9e:8b:96:68:e1:fd:0f:9a:fa:0a:7b:
                    b5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:48:87:3D:87:7C:AD:68:A6:E6:3C:F5:B9:F3:EB:BD:3D:BD:D1:18
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a12e68a8-8e75-4f73-9cd2-812ff073d471.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.136.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         46:35:fa:ad:3d:1d:88:c8:8a:82:a6:09:6d:77:35:bf:f0:1a:
         d5:63:65:f3:98:c3:be:3c:d7:39:30:d7:de:4e:c2:b9:be:60:
         b4:ec:9e:52:e3:3f:bf:4c:29:1d:67:73:3e:12:9d:66:4c:dd:
         bf:41:f7:ad:0c:1e:d8:34:0c:c9:63:81:83:1b:d5:3b:ad:21:
         21:e7:26:ec:fb:89:02:0a:76:ee:ed:56:0a:ad:35:25:70:26:
         08:51:72:99:57:0f:fc:4a:44:b1:d3:d3:06:2c:c6:db:59:3e:
         62:5f:0a:ba:70:0b:e7:3d:d8:80:45:8e:40:8d:49:e4:4c:82:
         a3:cc:13:73:67:74:95:44:6e:6d:43:ea:fa:f8:f6:b9:b5:0a:
         c2:a9:1c:56:49:b0:2b:a8:48:b8:1b:c7:75:5f:b4:a3:2c:fd:
         27:4a:16:b2:f5:33:8d:df:20:37:fe:18:45:94:25:ce:83:dc:
         25:dd:ca:17:ee:b9:bc:a3:74:9e:23:1c:6b:c4:c5:7f:5a:cb:
         40:06:a5:17:93:d3:8b:56:f7:9b:ca:43:c8:24:ab:8a:74:a9:
         b7:23:f5:66:b6:91:24:35:f0:ba:eb:bd:6a:4f:06:bc:34:06:
         f1:ec:04:0d:42:89:8d:55:98:3d:f3:b8:54:dd:29:f1:ff:05:
         62:95:ca:3a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIPsLY9YaR5qc5XzcbcDTlgFIUgswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDlmY2Q5ZjBiYzhlNjdiZWU4YmE0YTJjZTQ4ZDY2NTdm
ZGM5Y2VhMzk2YzU0Yjc5MjhmYWY0NTJjZDllNTZhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeOY5pSDRzmPIsM/YfgPmP6GHZnylTmHNYXFFoD9vtBpiz
pDYD9zPiobBSlD+GzI3huKJHFyCJH9LdLdZ07aqbud3bnDbXK2F3BNIIT7/SuHPu
Vzkp/wJ90crJhZUbhB+MED9+4zXslEW/15aDDWmWQbhPa2HMCiOGrx8XJTKwWWz3
6WeCgi6wYsgZsE8zHpfFJaINlf6T2yzfjqjYAnssNvECr2gqDvCn1jdlfpOmuMLw
kB9PuH/ZgRALdJmS0DS8F/Q/lXkIVA/xGjUa6UWIreYDWcJXyONguk887KoUwJ4G
JSSodUgR9SACX0S2HCKuauKei5Zo4f0PmvoKe7VtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQUiHPYd8rWim5jz1ufPrvT290RgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2ExMmU2OGE4LThlNzUtNGY3My05Y2QyLTgxMmZmMDczZDQ3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4iDANBgkqhkiG9w0BAQsFAAOCAQEARjX6rT0diMiKgqYJbXc1v/Aa1WNl
85jDvjzXOTDX3k7Cub5gtOyeUuM/v0wpHWdzPhKdZkzdv0H3rQwe2DQMyWOBgxvV
O60hIecm7PuJAgp27u1WCq01JXAmCFFymVcP/EpEsdPTBizG21k+Yl8KunAL5z3Y
gEWOQI1J5EyCo8wTc2d0lURubUPq+vj2ubUKwqkcVkmwK6hIuBvHdV+0oyz9J0oW
svUzjd8gN/4YRZQlzoPcJd3KF+65vKN0niMca8TFf1rLQAalF5PTi1b3m8pDyCSr
inSptyP1ZraRJDXwuuu9ak8GvDQG8ewEDUKJjVWYPfO4VN0p8f8FYpXKOg==
-----END CERTIFICATE-----