Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d56b02b2-f2a4-4eae-b76e-055b65d09683.roa
File:                     d56b02b2-f2a4-4eae-b76e-055b65d09683.roa (raw, json)
Hash identifier:          NAonBktNvVPGzuzlvb6bvWNUJU+tfQIoMxWNUjGLZlw=
Subject key identifier:   43:F9:D1:AF:8B:4E:A5:F2:21:52:50:E0:EF:B6:21:41:9E:A7:E7:01
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63D43759E763FDD917ED2A00DD3662F2D843E33D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d56b02b2-f2a4-4eae-b76e-055b65d09683.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.229.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:d4:37:59:e7:63:fd:d9:17:ed:2a:00:dd:36:62:f2:d8:43:e3:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:09:81:e9:77:e2:af:fa:a3:47:23:6d:7a:77:
                    6c:01:05:3a:b6:56:cc:2f:5f:d0:17:da:fe:28:4f:
                    22:8d:9f:64:66:55:02:4a:78:97:1e:40:c3:d2:d8:
                    e3:8c:4e:49:4c:90:92:8c:aa:38:59:5c:ce:27:7f:
                    99:15:46:e1:09:ec:0a:cc:6c:1b:54:62:f1:77:03:
                    c5:34:53:cf:15:a7:29:2b:2f:30:5a:69:29:db:c1:
                    15:62:2e:e8:c1:31:f3:cd:5a:ad:d2:a4:a9:a0:a9:
                    3c:89:24:9f:a5:3f:f9:68:cc:fa:ab:0c:a5:b9:a1:
                    42:4f:20:17:a4:49:3e:10:be:f4:1c:13:ac:b9:86:
                    fc:ce:fe:9a:8f:f7:0f:f1:35:2d:e2:87:37:b5:62:
                    85:6b:1f:42:cc:08:b2:78:12:05:0e:a2:71:a2:1f:
                    70:dc:3c:dd:89:7c:3b:46:cd:80:dd:b7:c9:61:fd:
                    aa:5c:4c:89:d8:18:c6:1b:e9:d5:99:de:3f:c6:f9:
                    aa:48:41:ac:75:47:ab:b1:85:e0:75:c7:90:a7:d8:
                    74:1e:40:60:80:55:5d:00:9c:23:aa:ad:91:92:72:
                    01:37:19:3c:1e:4e:4f:2d:a9:2a:e4:46:56:5b:a8:
                    6a:49:0b:fe:78:5c:6e:27:39:6e:44:0e:f9:22:58:
                    e5:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F9:D1:AF:8B:4E:A5:F2:21:52:50:E0:EF:B6:21:41:9E:A7:E7:01
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d56b02b2-f2a4-4eae-b76e-055b65d09683.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.229.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5e:0b:00:c1:d6:f6:8b:6a:e5:40:3a:27:f9:fd:0b:20:bb:10:
         83:7f:74:9e:50:e3:b0:2c:5c:a5:4e:5b:a8:62:ec:22:71:47:
         dd:b2:61:7c:b7:7a:65:04:ef:00:7e:07:a7:91:fd:d2:f4:f0:
         6d:99:35:29:a8:52:3d:aa:84:05:93:5e:31:60:86:81:2a:ff:
         7c:9d:77:15:89:13:76:72:a9:05:a2:21:c0:b9:62:86:11:5b:
         07:26:1e:1c:94:72:20:33:35:3a:9d:46:fd:6c:ae:b8:53:c5:
         78:d9:32:d6:c4:6e:32:17:68:d6:b4:0c:97:e0:d6:1d:ec:45:
         aa:9f:3f:18:26:8e:7a:71:0b:8f:83:16:b8:7b:07:78:b5:26:
         67:50:47:15:99:33:b2:90:be:e8:9f:5d:cc:9a:be:e2:5e:97:
         56:c4:bf:5e:da:7c:55:5c:80:1e:4e:66:4b:9f:9a:18:d0:90:
         47:9d:e3:da:fc:05:2d:14:af:98:01:0f:01:d6:f4:8a:76:99:
         65:6a:cd:85:86:e2:e8:3f:83:d2:98:f1:45:6a:e7:79:c1:79:
         d7:01:bf:87:8a:8c:5f:2b:d4:6e:12:8b:b1:41:b1:01:d3:39:
         83:3e:16:a7:1f:9b:5d:72:8f:57:ee:1a:b1:31:e5:ca:bf:ab:
         68:61:4f:13
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUY9Q3Wedj/dkX7SoA3TZi8thD4z0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZWNhMzRmODRhMmNkNTdjNDQzYjBhMGM3YzJmZGEwOTgy
NmFhMTViMmI2NzM0MjA0ZDJiNWRkMmM0YzQyYzJhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDACYHpd+Kv+qNHI216d2wBBTq2VswvX9AX2v4oTyKNn2Rm
VQJKeJceQMPS2OOMTklMkJKMqjhZXM4nf5kVRuEJ7ArMbBtUYvF3A8U0U88Vpykr
LzBaaSnbwRViLujBMfPNWq3SpKmgqTyJJJ+lP/lozPqrDKW5oUJPIBekST4QvvQc
E6y5hvzO/pqP9w/xNS3ihze1YoVrH0LMCLJ4EgUOonGiH3DcPN2JfDtGzYDdt8lh
/apcTInYGMYb6dWZ3j/G+apIQax1R6uxheB1x5Cn2HQeQGCAVV0AnCOqrZGScgE3
GTweTk8tqSrkRlZbqGpJC/54XG4nOW5EDvkiWOUhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQ/nRr4tOpfIhUlDg77YhQZ6n5wEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1NmIwMmIyLWYyYTQtNGVhZS1iNzZlLTA1NWI2NWQwOTY4My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA45TANBgkqhkiG9w0BAQsFAAOCAQEAXgsAwdb2i2rlQDon+f0LILsQg390
nlDjsCxcpU5bqGLsInFH3bJhfLd6ZQTvAH4Hp5H90vTwbZk1KahSPaqEBZNeMWCG
gSr/fJ13FYkTdnKpBaIhwLlihhFbByYeHJRyIDM1Op1G/WyuuFPFeNky1sRuMhdo
1rQMl+DWHexFqp8/GCaOenELj4MWuHsHeLUmZ1BHFZkzspC+6J9dzJq+4l6XVsS/
Xtp8VVyAHk5mS5+aGNCQR53j2vwFLRSvmAEPAdb0inaZZWrNhYbi6D+D0pjxRWrn
ecF51wG/h4qMXyvUbhKLsUGxAdM5gz4Wpx+bXXKPV+4asTHlyr+raGFPEw==
-----END CERTIFICATE-----