Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3ca4008-763d-497c-bb84-a975dfe74ee8.roa
File:                     d3ca4008-763d-497c-bb84-a975dfe74ee8.roa (raw, json)
Hash identifier:          gVlaZHpMlfXdAAmGkPmjP+QUrCurCJYl3IpDZ1vv2hs=
Subject key identifier:   40:24:3C:57:90:79:26:3B:14:B0:5A:E4:5B:74:77:48:FA:EE:14:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       313C0AD7D49C79E8261E577705F06894DEF13369
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3ca4008-763d-497c-bb84-a975dfe74ee8.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.19.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:3c:0a:d7:d4:9c:79:e8:26:1e:57:77:05:f0:68:94:de:f1:33:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=376d9ef5b2c968605126ba19b7ed25bf5d6f3ed88186f27cc3a3875c0b3fe666, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d9:dd:64:a1:f9:17:10:bb:e2:03:73:5c:48:
                    01:4b:6e:e9:45:2a:07:38:d5:aa:78:82:de:4c:47:
                    94:f2:22:ed:dc:8b:85:3f:d0:72:3c:ef:7d:88:82:
                    61:33:82:8f:67:ca:3f:f4:78:33:71:23:b8:d5:ce:
                    0d:02:4a:6c:21:22:78:e0:fe:92:44:5d:93:12:f8:
                    10:c2:41:bb:b3:ad:35:cf:f5:95:e0:5d:a3:58:82:
                    a7:fc:89:6e:9c:01:db:55:bd:e6:43:0e:8d:78:85:
                    bd:8a:b9:2d:2a:14:17:05:9e:50:92:dd:14:8d:a5:
                    b1:17:41:6b:e0:88:4f:27:b7:68:09:44:4a:14:64:
                    e3:c7:d3:4c:94:aa:e5:96:fd:0d:76:ec:a0:f2:95:
                    18:ce:ab:f3:7e:97:33:45:c7:df:a1:1c:75:c8:a4:
                    c4:dd:8e:f0:27:4c:9d:01:0a:89:ff:52:0d:ab:c3:
                    42:a5:10:7f:ec:c5:ae:ef:36:ad:68:ca:76:40:a9:
                    f0:ee:53:20:fa:52:5c:31:c9:5f:1a:ce:c5:72:a1:
                    a1:af:06:62:a8:71:84:ed:16:bc:ed:9b:1f:b4:4a:
                    4f:c8:bb:95:22:eb:c6:8d:39:66:f1:c7:10:a4:db:
                    1f:fa:46:8c:62:5f:b3:d5:38:2b:83:61:59:1d:9b:
                    2d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:24:3C:57:90:79:26:3B:14:B0:5A:E4:5B:74:77:48:FA:EE:14:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d3ca4008-763d-497c-bb84-a975dfe74ee8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.19.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         24:6b:31:8f:aa:43:fe:7b:10:a0:17:50:ce:99:aa:be:93:94:
         55:93:27:bf:19:0a:e9:ec:0d:17:f7:88:ee:75:f9:c2:03:3d:
         39:69:73:a4:52:a0:64:58:4d:38:65:3a:38:be:d1:97:12:1c:
         a4:10:bf:13:a4:20:8b:c2:5b:8c:45:43:ad:00:e1:3a:ac:c5:
         86:75:0f:81:2a:fd:4b:9d:35:7f:39:59:39:09:c1:50:7e:42:
         d3:ca:74:7c:db:4e:fc:f7:56:76:7a:2f:8e:9d:83:d3:56:1c:
         af:f9:54:b5:b9:fe:3e:8a:4f:98:fc:ea:79:2e:59:44:b5:61:
         43:b2:08:86:fb:f5:af:f7:d5:dc:f2:ef:dd:fa:96:6e:2e:2d:
         d0:4a:3b:0f:a6:6c:f1:32:c5:3d:1d:c1:6a:15:44:04:42:a5:
         a9:98:17:78:33:5b:ac:e9:16:40:07:05:dc:5c:7c:ce:d4:0e:
         6a:41:f8:63:a6:fe:42:51:1b:07:5c:96:aa:d1:a4:f4:b3:fe:
         68:84:2d:84:9e:96:f2:5b:9f:e5:85:13:ab:21:65:20:16:5d:
         5b:1e:46:a8:a6:ea:c2:13:eb:5b:a0:36:15:0d:f7:60:f2:b1:
         a9:00:07:bd:33:d2:67:73:6e:c4:57:d0:7c:f5:a8:a4:5c:f4:
         12:f3:2f:bd
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMTwK19SceegmHld3BfBolN7xM2kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNzZkOWVmNWIyYzk2ODYwNTEyNmJhMTliN2VkMjViZjVk
NmYzZWQ4ODE4NmYyN2NjM2EzODc1YzBiM2ZlNjY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDe2d1kofkXELviA3NcSAFLbulFKgc41ap4gt5MR5TyIu3c
i4U/0HI8732IgmEzgo9nyj/0eDNxI7jVzg0CSmwhInjg/pJEXZMS+BDCQbuzrTXP
9ZXgXaNYgqf8iW6cAdtVveZDDo14hb2KuS0qFBcFnlCS3RSNpbEXQWvgiE8nt2gJ
REoUZOPH00yUquWW/Q127KDylRjOq/N+lzNFx9+hHHXIpMTdjvAnTJ0BCon/Ug2r
w0KlEH/sxa7vNq1oynZAqfDuUyD6UlwxyV8azsVyoaGvBmKocYTtFrztmx+0Sk/I
u5Ui68aNOWbxxxCk2x/6RoxiX7PVOCuDYVkdmy3ZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQCQ8V5B5JjsUsFrkW3R3SPruFOUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2QzY2E0MDA4LTc2M2QtNDk3Yy1iYjg0LWE5NzVkZmU3NGVlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4EzANBgkqhkiG9w0BAQsFAAOCAQEAJGsxj6pD/nsQoBdQzpmqvpOUVZMn
vxkK6ewNF/eI7nX5wgM9OWlzpFKgZFhNOGU6OL7RlxIcpBC/E6Qgi8JbjEVDrQDh
OqzFhnUPgSr9S501fzlZOQnBUH5C08p0fNtO/PdWdnovjp2D01Ycr/lUtbn+PopP
mPzqeS5ZRLVhQ7IIhvv1r/fV3PLv3fqWbi4t0Eo7D6Zs8TLFPR3BahVEBEKlqZgX
eDNbrOkWQAcF3Fx8ztQOakH4Y6b+QlEbB1yWqtGk9LP+aIQthJ6W8luf5YUTqyFl
IBZdWx5GqKbqwhPrW6A2FQ33YPKxqQAHvTPSZ3NuxFfQfPWopFz0EvMvvQ==
-----END CERTIFICATE-----