Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1d97648-637c-4d1f-8a82-5864ed8ffe56.roa
File:                     b1d97648-637c-4d1f-8a82-5864ed8ffe56.roa (raw, json)
Hash identifier:          Mb9YuELeerxicjrS3g6WFRQjS7lZlah5KOp8xAhsJYg=
Subject key identifier:   9A:01:B2:4A:D5:09:E9:3E:3A:09:71:AD:0D:BA:B3:FB:A0:72:B0:EE
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       70683B9727E27E5C80B58A95B73473CE23508618
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1d97648-637c-4d1f-8a82-5864ed8ffe56.roa
Signing time:             Fri 07 Mar 2025 00:01:40 +0000
ROA not before:           Fri 07 Mar 2025 00:01:40 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     701
IP address blocks:        139.56.3.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:68:3b:97:27:e2:7e:5c:80:b5:8a:95:b7:34:73:ce:23:50:86:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar  7 00:01:40 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: serialNumber=95d210f4c4c83d9261bd974868653be93eb798811970f82ec068b03ed36c4817, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:9f:61:94:2e:65:d5:86:0e:ee:7e:68:ff:d7:
                    0d:20:2d:21:b5:d4:76:79:98:33:19:b1:a6:09:c6:
                    4b:ef:98:70:f7:10:71:54:1f:f9:10:84:03:c1:4f:
                    2b:0e:06:12:6c:32:22:8e:36:63:98:29:3c:55:6d:
                    eb:ac:1a:fd:34:44:b0:bf:f1:74:ab:e9:b0:57:ac:
                    ac:f6:e7:f6:3d:5b:60:40:df:ae:85:ee:af:3c:bc:
                    8c:f3:17:b4:6f:09:68:e0:4d:44:5b:5b:5e:92:1a:
                    fe:00:17:48:2d:6b:3d:d6:82:69:48:4b:c4:8e:72:
                    9b:fb:dd:cf:e1:eb:fa:91:d0:58:c9:11:1c:7d:42:
                    f8:90:d6:f6:8a:dd:f4:fe:21:a1:c7:f2:26:d1:88:
                    6d:c9:3e:51:c4:37:df:16:19:c0:da:44:6e:b1:7f:
                    27:d8:f0:1d:47:ac:f8:94:b8:42:71:c4:96:6d:42:
                    03:85:e3:95:ac:52:b0:f7:d1:6c:eb:bd:56:7c:f2:
                    18:79:c1:a2:b9:a5:83:a4:69:02:f2:e2:ed:0a:9d:
                    aa:bc:32:ec:73:7a:e9:64:0d:4e:55:c5:84:d1:3d:
                    26:47:5b:92:58:fa:7c:3b:b8:ef:6b:c9:3b:6d:20:
                    fc:c6:23:98:bb:d3:d9:29:0b:6b:4d:9e:9f:53:d0:
                    a9:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:01:B2:4A:D5:09:E9:3E:3A:09:71:AD:0D:BA:B3:FB:A0:72:B0:EE
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b1d97648-637c-4d1f-8a82-5864ed8ffe56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.56.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:2c:23:92:ce:5b:ef:fc:8e:85:3e:1a:bd:cb:43:6a:ec:6a:
         b9:a5:45:04:7d:0c:10:90:f1:03:d1:14:75:d6:95:a5:56:e0:
         be:b7:09:6b:44:45:14:2f:9d:65:1a:55:2c:4c:09:49:72:bd:
         01:ed:71:34:6d:4f:65:08:57:1c:fb:f8:5d:0c:4d:f0:40:6d:
         fb:72:ad:b3:47:b1:10:83:34:b0:c9:f1:dc:81:42:d2:c6:40:
         b9:f4:01:49:6e:ff:cb:65:22:30:3e:7b:d4:7e:e4:19:0f:ff:
         c6:4e:d9:82:c0:a9:69:09:8c:72:04:bd:68:15:32:81:0e:98:
         54:b7:e1:27:f7:f9:3d:bc:18:3a:32:c7:5e:c3:37:bb:d5:46:
         20:c1:1c:01:2a:de:a1:4c:65:1a:e3:0e:ad:7d:be:14:52:a7:
         46:79:9a:86:fc:81:e0:42:7c:29:ab:34:76:14:d2:5b:d7:ad:
         bf:78:4a:7b:c6:10:c5:03:12:46:97:b0:6b:8b:b8:a9:d3:c8:
         76:41:d4:b4:62:6e:bf:c4:dc:65:c9:e1:ec:36:2a:91:2a:85:
         d2:29:41:a9:bd:31:fb:a9:b1:a5:9a:f7:47:dd:16:a4:33:79:
         52:a8:a7:4d:5e:76:a8:b1:07:8b:86:62:c4:fc:70:29:36:83:
         ed:fc:16:50
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcGg7lyfiflyAtYqVtzRzziNQhhgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzA3MDAwMTQwWhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NWQyMTBmNGM0YzgzZDkyNjFiZDk3NDg2ODY1M2JlOTNl
Yjc5ODgxMTk3MGY4MmVjMDY4YjAzZWQzNmM0ODE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDmn2GULmXVhg7ufmj/1w0gLSG11HZ5mDMZsaYJxkvvmHD3
EHFUH/kQhAPBTysOBhJsMiKONmOYKTxVbeusGv00RLC/8XSr6bBXrKz25/Y9W2BA
366F7q88vIzzF7RvCWjgTURbW16SGv4AF0gtaz3WgmlIS8SOcpv73c/h6/qR0FjJ
ERx9QviQ1vaK3fT+IaHH8ibRiG3JPlHEN98WGcDaRG6xfyfY8B1HrPiUuEJxxJZt
QgOF45WsUrD30WzrvVZ88hh5waK5pYOkaQLy4u0Knaq8MuxzeulkDU5VxYTRPSZH
W5JY+nw7uO9ryTttIPzGI5i709kpC2tNnp9T0KlTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmgGyStUJ6T46CXGtDbqz+6BysO4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxZDk3NjQ4LTYzN2MtNGQxZi04YTgyLTU4NjRlZDhmZmU1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBACLOAMwDQYJKoZIhvcNAQELBQADggEBAJIsI5LOW+/8joU+Gr3LQ2rsarml
RQR9DBCQ8QPRFHXWlaVW4L63CWtERRQvnWUaVSxMCUlyvQHtcTRtT2UIVxz7+F0M
TfBAbftyrbNHsRCDNLDJ8dyBQtLGQLn0AUlu/8tlIjA+e9R+5BkP/8ZO2YLAqWkJ
jHIEvWgVMoEOmFS34Sf3+T28GDoyx17DN7vVRiDBHAEq3qFMZRrjDq19vhRSp0Z5
mob8geBCfCmrNHYU0lvXrb94SnvGEMUDEkaXsGuLuKnTyHZB1LRibr/E3GXJ4ew2
KpEqhdIpQam9MfupsaWa90fdFqQzeVKop01edqixB4uGYsT8cCk2g+38FlA=
-----END CERTIFICATE-----