Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dea62953-5271-436f-b2c8-da3290de4079.roa
File:                     dea62953-5271-436f-b2c8-da3290de4079.roa (raw, json)
Hash identifier:          Dk9lxNk2zqKvEH8GJZMPZGvZXy38qssaDW4/vQy1beU=
Subject key identifier:   8A:ED:35:6F:14:5D:49:7A:BE:D9:06:DF:53:02:14:9F:F2:81:DF:F0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       23F2A94E43CE20D5B9F7FA1F8AE2D034F42A784C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dea62953-5271-436f-b2c8-da3290de4079.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        56.73.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:f2:a9:4e:43:ce:20:d5:b9:f7:fa:1f:8a:e2:d0:34:f4:2a:78:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=dc87f11c8f86722422d474714fcacd07dca7f501c28674115d0ed1221f343906, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:5f:e0:b4:44:36:13:11:97:b8:d6:29:83:
                    a4:36:ce:4c:3f:f0:cf:40:93:a4:9a:6e:63:b3:9f:
                    e3:1b:0f:55:4d:02:b5:dd:d3:c0:58:92:c5:14:92:
                    25:98:ff:fe:4d:b3:11:91:cf:a4:ff:cf:2b:fe:8a:
                    0f:51:d4:ea:e4:1e:a8:9c:4d:fd:38:9e:4c:01:69:
                    7e:76:27:4a:3c:34:39:3a:e5:85:de:a5:6d:f0:d5:
                    33:2e:59:6a:c1:99:92:51:fa:4b:ef:e1:28:8f:d0:
                    c3:95:4e:d5:74:c8:a9:24:2b:45:76:02:2b:e3:e0:
                    b3:f4:00:ec:17:a4:ac:e2:3f:24:a2:dc:91:15:c4:
                    9c:1d:53:54:36:3e:2f:a0:21:b7:5c:3a:76:ae:bd:
                    06:cb:be:e1:ee:9a:26:93:ae:1b:80:e9:b0:22:9a:
                    e8:0f:27:f8:89:39:51:33:1a:cb:59:cb:33:d2:df:
                    e5:db:6c:a7:48:d9:13:29:70:50:7d:ad:a2:19:bb:
                    a4:3e:dc:cf:54:53:3a:64:fd:87:87:a5:56:30:2f:
                    8c:30:35:fa:e1:91:2d:0e:c2:0d:5d:fb:69:57:f4:
                    dd:9d:45:d0:1f:da:41:31:24:29:47:d0:b2:f2:55:
                    65:ea:4f:82:bb:ba:5b:5f:dd:23:fe:e1:7e:ee:00:
                    3a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:ED:35:6F:14:5D:49:7A:BE:D9:06:DF:53:02:14:9F:F2:81:DF:F0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/dea62953-5271-436f-b2c8-da3290de4079.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.73.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ac:cb:74:21:d7:57:df:31:23:e8:7c:4f:c6:81:07:c3:04:34:
         ab:f2:da:4b:10:db:41:31:b2:62:3e:2f:86:1b:33:be:c6:3f:
         a4:96:71:c2:4e:e2:5b:ee:14:a2:28:75:7c:35:cf:e4:4e:d9:
         fe:4e:9c:c4:c9:5e:c4:8a:aa:da:8d:2c:b5:79:08:6e:be:0e:
         39:2e:82:ab:54:1c:d4:19:7d:47:ac:d2:08:ad:81:df:72:00:
         98:c7:68:f8:d7:e2:a2:a7:61:87:60:3f:78:fe:df:f0:43:bb:
         c3:9c:87:17:65:0c:ed:f9:e1:17:a5:79:45:82:7a:27:ee:09:
         11:96:a5:c9:58:bd:09:88:97:8e:0f:c7:65:e6:46:d7:48:7f:
         bd:09:0d:20:8d:98:ca:f0:b1:4c:c5:a0:77:6b:77:77:27:0f:
         e6:a7:4c:d4:bd:67:8c:67:85:e5:e6:09:8a:ec:6f:87:9b:c5:
         80:c8:76:08:84:92:22:ad:f1:9f:fa:f9:be:91:03:21:66:f2:
         1d:0c:24:42:b2:31:c1:05:e2:a9:f5:e5:cd:c6:d5:68:3c:6e:
         7e:d0:56:cb:cd:47:1b:2a:8d:17:b8:37:40:70:9c:13:d2:81:
         0d:f5:6d:ac:35:0f:43:a7:65:16:a7:19:b4:0f:ed:3c:2d:c8:
         24:bf:79:d5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUI/KpTkPOINW59/ofiuLQNPQqeEwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYzg3ZjExYzhmODY3MjI0MjJkNDc0NzE0ZmNhY2QwN2Rj
YTdmNTAxYzI4Njc0MTE1ZDBlZDEyMjFmMzQzOTA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCsBF/gtEQ2ExGXuNYpg6Q2zkw/8M9Ak6SabmOzn+MbD1VN
ArXd08BYksUUkiWY//5NsxGRz6T/zyv+ig9R1OrkHqicTf04nkwBaX52J0o8NDk6
5YXepW3w1TMuWWrBmZJR+kvv4SiP0MOVTtV0yKkkK0V2Aivj4LP0AOwXpKziPySi
3JEVxJwdU1Q2Pi+gIbdcOnauvQbLvuHumiaTrhuA6bAimugPJ/iJOVEzGstZyzPS
3+XbbKdI2RMpcFB9raIZu6Q+3M9UUzpk/YeHpVYwL4wwNfrhkS0Owg1d+2lX9N2d
RdAf2kExJClH0LLyVWXqT4K7ultf3SP+4X7uADoBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiu01bxRdSXq+2QbfUwIUn/KB3/AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlYTYyOTUzLTUyNzEtNDM2Zi1iMmM4LWRhMzI5MGRlNDA3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4STANBgkqhkiG9w0BAQsFAAOCAQEArMt0IddX3zEj6HxPxoEHwwQ0q/La
SxDbQTGyYj4vhhszvsY/pJZxwk7iW+4Uoih1fDXP5E7Z/k6cxMlexIqq2o0stXkI
br4OOS6Cq1Qc1Bl9R6zSCK2B33IAmMdo+Nfioqdhh2A/eP7f8EO7w5yHF2UM7fnh
F6V5RYJ6J+4JEZalyVi9CYiXjg/HZeZG10h/vQkNII2YyvCxTMWgd2t3dycP5qdM
1L1njGeF5eYJiuxvh5vFgMh2CISSIq3xn/r5vpEDIWbyHQwkQrIxwQXiqfXlzcbV
aDxuftBWy81HGyqNF7g3QHCcE9KBDfVtrDUPQ6dlFqcZtA/tPC3IJL951Q==
-----END CERTIFICATE-----