Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adc46719-3515-4ab9-b6e6-d863f4f766ae.roa
File:                     adc46719-3515-4ab9-b6e6-d863f4f766ae.roa (raw, json)
Hash identifier:          NTRJOjh8Q2pWH1lYjyT4VViBHQqmAv+2m/EgsDqwBjM=
Subject key identifier:   56:07:1E:7E:28:44:93:9F:50:63:D0:12:10:BC:43:4D:EE:7F:DB:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       16B4B44928755214D94F26759BA61EF9579FFBA8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adc46719-3515-4ab9-b6e6-d863f4f766ae.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.67.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:b4:b4:49:28:75:52:14:d9:4f:26:75:9b:a6:1e:f9:57:9f:fb:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=d5f5a4ce31dbc89d88723cece0788c4887c66515235a278b045d2e8cccc31eb9, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:fc:38:89:b8:81:3b:cb:68:06:36:df:4c:25:
                    b5:fb:c5:a8:26:e6:76:8d:de:74:0d:78:9e:25:f0:
                    a8:e7:b3:2c:d8:02:63:25:f6:6d:07:8c:09:a5:26:
                    92:7c:61:5d:14:54:5c:1c:e1:0c:70:22:d4:7f:20:
                    7a:bf:44:8a:3b:39:41:ea:ef:2e:3d:4e:ca:32:6a:
                    0b:3c:7f:03:08:1a:cf:89:02:ae:5a:a4:42:37:7f:
                    a6:37:14:af:a4:86:1f:ab:37:f6:1f:ea:34:5f:38:
                    38:a6:56:3c:db:2f:58:59:51:74:17:ba:3b:cb:b6:
                    9a:da:86:12:0f:7c:0b:c8:0f:b0:33:80:3a:0d:4a:
                    d5:7c:97:5a:48:43:19:d7:42:3c:99:81:cc:47:b2:
                    92:da:7c:8a:d4:fd:59:e0:d0:83:b8:f4:ae:79:61:
                    a0:52:32:ff:b0:f2:b3:4b:28:6c:e0:72:d2:35:ce:
                    a1:eb:5e:11:3d:c7:31:fe:0e:3c:ae:7c:fa:44:6b:
                    24:16:d1:a2:f2:f9:6d:cf:88:88:6f:ab:37:8d:7e:
                    c7:b0:34:e3:53:ad:40:95:97:20:40:72:c7:30:61:
                    5c:b2:05:54:24:5a:7a:d9:34:fe:c9:40:8f:54:e6:
                    3a:6b:b8:f7:9f:37:4c:40:19:1a:90:57:32:35:67:
                    9d:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:07:1E:7E:28:44:93:9F:50:63:D0:12:10:BC:43:4D:EE:7F:DB:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/adc46719-3515-4ab9-b6e6-d863f4f766ae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.67.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         96:c6:c0:32:bb:6f:70:f1:fb:e1:90:ac:a5:24:7c:5c:cb:5b:
         f5:36:af:99:03:cd:ea:e5:98:5f:8e:54:e9:aa:ec:71:56:f7:
         62:9f:a4:b6:22:2f:8c:3d:df:ab:c7:40:7d:7e:98:99:49:a0:
         a1:f2:5c:4a:8f:ca:1d:f5:d6:ca:f3:10:09:f5:4f:3d:02:25:
         da:ba:5d:ba:fd:c6:2c:24:93:36:5d:e1:e0:a3:e5:be:60:25:
         d5:c5:94:75:ac:85:c0:b6:a3:65:d6:c5:3b:5b:82:04:af:d8:
         38:48:3a:e0:e6:77:29:db:c0:d9:e0:42:70:b4:c0:1d:1f:ba:
         b2:24:ff:01:c2:90:b9:d7:44:b6:5d:23:d1:88:08:af:03:db:
         ea:a6:87:bb:b4:e3:8a:c8:54:5c:c5:64:bc:d9:c4:05:5c:75:
         44:1b:32:24:b0:2a:19:ca:67:8d:ed:75:e9:22:cf:59:f7:c4:
         76:74:a6:b6:84:e7:53:02:8c:80:67:62:c4:21:74:90:19:34:
         a4:bd:7e:53:d3:d9:d9:f1:9d:a1:f0:fb:ad:3e:6b:38:b8:f4:
         43:6d:12:38:95:be:72:40:af:3b:d5:b8:34:bd:f7:ce:93:6b:
         8c:e2:65:24:54:46:ee:1b:81:84:d1:13:76:02:b4:96:d1:aa:
         c8:4e:17:fb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFrS0SSh1UhTZTyZ1m6Ye+Vef+6gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNWY1YTRjZTMxZGJjODlkODg3MjNjZWNlMDc4OGM0ODg3
YzY2NTE1MjM1YTI3OGIwNDVkMmU4Y2NjYzMxZWI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCL/DiJuIE7y2gGNt9MJbX7xagm5naN3nQNeJ4l8KjnsyzY
AmMl9m0HjAmlJpJ8YV0UVFwc4QxwItR/IHq/RIo7OUHq7y49Tsoyags8fwMIGs+J
Aq5apEI3f6Y3FK+khh+rN/Yf6jRfODimVjzbL1hZUXQXujvLtprahhIPfAvID7Az
gDoNStV8l1pIQxnXQjyZgcxHspLafIrU/Vng0IO49K55YaBSMv+w8rNLKGzgctI1
zqHrXhE9xzH+DjyufPpEayQW0aLy+W3PiIhvqzeNfsewNONTrUCVlyBAcscwYVyy
BVQkWnrZNP7JQI9U5jpruPefN0xAGRqQVzI1Z52jAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUVgcefihEk59QY9ASELxDTe5/288wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FkYzQ2NzE5LTM1MTUtNGFiOS1iNmU2LWQ4NjNmNGY3NjZhZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4QzANBgkqhkiG9w0BAQsFAAOCAQEAlsbAMrtvcPH74ZCspSR8XMtb9Tav
mQPN6uWYX45U6arscVb3Yp+ktiIvjD3fq8dAfX6YmUmgofJcSo/KHfXWyvMQCfVP
PQIl2rpduv3GLCSTNl3h4KPlvmAl1cWUdayFwLajZdbFO1uCBK/YOEg64OZ3KdvA
2eBCcLTAHR+6siT/AcKQuddEtl0j0YgIrwPb6qaHu7TjishUXMVkvNnEBVx1RBsy
JLAqGcpnje116SLPWffEdnSmtoTnUwKMgGdixCF0kBk0pL1+U9PZ2fGdofD7rT5r
OLj0Q20SOJW+ckCvO9W4NL33zpNrjOJlJFRG7huBhNETdgK0ltGqyE4X+w==
-----END CERTIFICATE-----