Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/daef5106-8adc-44c0-83f2-4951f4c42325.roa
File:                     daef5106-8adc-44c0-83f2-4951f4c42325.roa (raw, json)
Hash identifier:          QDT4/RtRxvB1FDzTvJ9ktTb0JnVEbY91cDuH1I1m7LA=
Subject key identifier:   48:BD:19:C4:E4:63:22:30:34:98:DE:4E:F9:E7:DF:2A:B0:CE:4A:3C
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       547AEA101999D09E20FEB413FCC20231781C36DE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/daef5106-8adc-44c0-83f2-4951f4c42325.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.107.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:7a:ea:10:19:99:d0:9e:20:fe:b4:13:fc:c2:02:31:78:1c:36:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:84:c1:96:03:7a:b9:e5:48:0d:e2:1a:41:8e:
                    b8:dc:fe:98:97:ed:5e:ae:e6:e8:8a:d1:87:4e:4a:
                    a8:a5:c8:93:ba:52:b0:7a:71:5c:f9:e2:d3:0a:8d:
                    20:2b:60:27:17:82:9d:92:a4:c7:4f:83:9d:34:db:
                    e1:7a:3e:d1:54:a9:f0:dc:12:f9:78:c8:f5:c6:27:
                    86:b3:7c:f2:58:d5:6a:60:64:6e:83:ae:10:2e:85:
                    25:a0:f4:b3:a9:f7:1b:0d:56:27:ae:44:38:3e:40:
                    09:19:d7:7b:29:c6:47:ab:6d:2a:33:1c:80:34:73:
                    39:45:a2:43:3d:92:7c:d4:9e:79:7c:ad:88:f1:ca:
                    4c:a0:bf:1d:30:25:3c:bf:b4:bb:36:51:9a:c1:f0:
                    09:e8:8d:61:29:5d:d6:4f:d9:f5:d3:d6:2c:d0:f5:
                    5c:4b:1a:88:a9:f5:46:b5:6b:5f:c0:de:77:84:01:
                    cb:24:22:4b:65:24:e2:9d:6a:2b:a6:98:c5:fc:90:
                    82:d9:b2:a6:85:c0:83:54:97:7b:be:20:12:0a:2d:
                    fe:e7:49:23:45:75:f7:3f:ce:0c:e8:03:bf:71:75:
                    7a:3a:28:bd:2d:0c:11:e3:cd:57:52:c5:36:d7:a6:
                    47:58:67:5b:ef:0b:2b:55:bd:23:09:60:fb:22:bf:
                    d4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:BD:19:C4:E4:63:22:30:34:98:DE:4E:F9:E7:DF:2A:B0:CE:4A:3C
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/daef5106-8adc-44c0-83f2-4951f4c42325.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.107.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a9:43:a1:85:a5:02:ec:6b:81:70:87:f2:56:76:96:33:a2:86:
         7b:a8:28:d7:8a:fb:38:cd:82:06:31:e2:e4:76:4e:4f:dd:7f:
         fd:fd:c7:d6:b0:dc:a4:be:7f:18:1e:3b:17:07:e7:87:f6:8d:
         01:52:bd:8a:ac:78:0a:32:eb:68:05:f9:81:0d:65:b2:2b:9c:
         71:86:64:05:c5:3c:65:0e:99:b8:e3:a2:a1:69:ae:8f:58:c8:
         7a:cc:3d:08:37:37:0b:5b:4e:83:56:18:a9:8e:56:cf:0e:b0:
         60:b3:a4:ee:ef:fc:87:04:36:84:ff:5a:04:1d:a2:22:04:ec:
         ba:76:83:25:a6:8f:15:01:b6:bb:40:19:45:2f:f3:f3:b9:4d:
         53:82:e0:f0:b4:3a:1e:ff:7c:ec:1a:85:23:83:09:8c:10:d0:
         71:04:a9:74:6e:b3:0d:63:ce:e4:34:d3:ff:cf:4f:fc:de:c7:
         a6:99:e2:a1:20:5b:62:1b:d6:a5:ec:a5:1a:4e:43:17:9c:47:
         cf:1d:33:28:b9:df:2e:5e:e0:67:1f:b1:8a:0f:46:45:1e:db:
         1b:8e:02:35:bf:37:4a:14:a4:d2:c1:e5:76:f0:17:d5:4f:a7:
         80:dd:b9:bf:ed:6b:2f:82:ad:e6:7a:45:0d:7b:92:5a:4d:f6:
         24:ba:91:2a
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVHrqEBmZ0J4g/rQT/MICMXgcNt4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmODA0ZmM4Y2UyNTczYTgzN2Q5ZDAzYmUyNGFhZTA3YmE2
NmQzMDgwM2QxOWVhY2M1ZmY0MDU2MDUyNGExMTRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCghMGWA3q55UgN4hpBjrjc/piX7V6u5uiK0YdOSqilyJO6
UrB6cVz54tMKjSArYCcXgp2SpMdPg5002+F6PtFUqfDcEvl4yPXGJ4azfPJY1Wpg
ZG6DrhAuhSWg9LOp9xsNVieuRDg+QAkZ13spxkerbSozHIA0czlFokM9knzUnnl8
rYjxykygvx0wJTy/tLs2UZrB8AnojWEpXdZP2fXT1izQ9VxLGoip9Ua1a1/A3neE
AcskIktlJOKdaiummMX8kILZsqaFwINUl3u+IBIKLf7nSSNFdfc/zgzoA79xdXo6
KL0tDBHjzVdSxTbXpkdYZ1vvCytVvSMJYPsiv9SJAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUSL0ZxORjIjA0mN5O+effKrDOSjwwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RhZWY1MTA2LThhZGMtNDRjMC04M2YyLTQ5NTFmNGM0MjMyNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4azANBgkqhkiG9w0BAQsFAAOCAQEAqUOhhaUC7GuBcIfyVnaWM6KGe6go
14r7OM2CBjHi5HZOT91//f3H1rDcpL5/GB47Fwfnh/aNAVK9iqx4CjLraAX5gQ1l
siuccYZkBcU8ZQ6ZuOOioWmuj1jIesw9CDc3C1tOg1YYqY5Wzw6wYLOk7u/8hwQ2
hP9aBB2iIgTsunaDJaaPFQG2u0AZRS/z87lNU4Lg8LQ6Hv987BqFI4MJjBDQcQSp
dG6zDWPO5DTT/89P/N7HppnioSBbYhvWpeylGk5DF5xHzx0zKLnfLl7gZx+xig9G
RR7bG44CNb83ShSk0sHldvAX1U+ngN25v+1rL4Kt5npFDXuSWk32JLqRKg==
-----END CERTIFICATE-----