Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f24c061d-e790-48fb-840b-b29d971c2c92.roa
File:                     f24c061d-e790-48fb-840b-b29d971c2c92.roa (raw, json)
Hash identifier:          TVwEoN8SfNXsr6kv4ONpX9sbpDPQR4SZYN8+D354FDY=
Subject key identifier:   E5:03:5D:46:97:1E:52:98:65:9C:90:D5:27:34:0A:60:55:2F:7B:EC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3C6517F36CB55D86E8E19FCBFD34A528CFFDB19C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f24c061d-e790-48fb-840b-b29d971c2c92.roa
Signing time:             Fri 22 Nov 2024 00:00:00 +0000
ROA not before:           Fri 22 Nov 2024 00:00:00 +0000
ROA not after:            Fri 27 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        56.228.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:65:17:f3:6c:b5:5d:86:e8:e1:9f:cb:fd:34:a5:28:cf:fd:b1:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 22 00:00:00 2024 GMT
            Not After : Dec 27 23:59:59 2024 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:de:25:a4:c6:a1:10:d8:0e:5d:1b:85:88:8e:
                    0f:37:7e:95:11:f7:1c:49:72:58:39:1f:38:f6:fa:
                    7d:34:70:3c:73:fe:20:fb:cf:7c:5b:90:4f:73:77:
                    31:a8:2b:a2:49:4a:f7:cd:64:d0:85:9a:63:4a:ee:
                    af:fe:33:a9:9f:f7:34:7e:ac:6f:97:f1:a3:b5:4c:
                    86:5b:16:84:cb:31:1f:f6:a9:3e:37:aa:1f:64:5a:
                    2b:26:b8:1a:69:2f:2c:41:ac:bc:db:99:82:b0:fb:
                    24:a2:c4:07:0d:ac:72:a0:b8:ec:5d:64:68:d3:fb:
                    11:11:40:dc:3f:f3:c9:cb:c9:9b:fb:30:00:cf:58:
                    6c:18:65:20:9a:ed:16:94:03:25:46:f8:17:3e:09:
                    e2:98:82:93:40:78:70:b7:98:3b:bc:12:68:9c:ac:
                    29:16:61:fb:91:0d:ef:27:39:8f:51:73:f8:2c:8f:
                    0a:bb:a4:71:eb:2d:23:34:6d:4a:34:fb:17:df:8b:
                    d2:17:69:58:2f:e1:77:de:c9:5e:5e:4c:85:20:77:
                    dd:29:b6:98:9d:fb:db:64:db:aa:e4:0e:42:2b:86:
                    cc:6c:e7:b0:65:67:b8:c2:cb:9b:0a:a2:64:14:c4:
                    db:ee:27:9d:cd:69:88:69:23:74:e2:85:d5:21:80:
                    e6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:03:5D:46:97:1E:52:98:65:9C:90:D5:27:34:0A:60:55:2F:7B:EC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f24c061d-e790-48fb-840b-b29d971c2c92.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.228.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c4:7f:2b:d2:f2:c7:b3:32:e9:4c:76:63:21:55:d1:39:df:68:
         98:e1:62:58:55:2b:bf:1a:31:5a:ee:5f:5d:29:54:c7:58:d4:
         ee:f2:d4:f3:be:33:43:ea:12:6a:24:6b:36:54:80:6f:cd:99:
         e8:d1:ad:9b:1c:ec:44:62:f1:14:80:ed:5a:6c:10:e8:a5:2d:
         77:f8:92:fb:ec:fa:2a:5e:60:bc:78:5c:c3:5d:a3:04:5b:0b:
         98:3a:05:a0:14:1f:a2:8e:32:46:5a:0a:d0:fa:47:1f:fa:fd:
         c3:14:a1:5f:12:a4:7d:a2:7c:3b:54:8c:1c:f8:0d:f8:8f:07:
         4e:64:e1:cb:93:5d:e5:3c:94:d3:93:ed:a7:85:22:db:7d:25:
         25:a4:e3:d6:12:ff:bd:36:09:23:24:c4:7d:e2:7a:3c:bb:08:
         fc:e2:ab:e0:65:c7:61:0a:78:e8:6c:f0:37:45:1b:2b:cc:8b:
         ec:84:ce:c9:b2:1e:cc:ee:8a:84:91:02:0f:fe:43:f7:03:47:
         5c:30:ea:28:49:68:a5:46:2d:71:23:63:ac:4a:b2:78:6e:71:
         42:a6:ca:c2:3d:26:6d:5c:3b:d2:ec:56:bb:b9:7f:76:6e:43:
         5b:95:bc:75:43:69:5e:7a:f4:d6:a5:d2:5b:85:c8:c2:fe:a1:
         29:cf:44:b8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUPGUX82y1XYbo4Z/L/TSlKM/9sZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMTIyMDAwMDAwWhcNMjQxMjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzA1YjhhMmU0YTk0MTRkODljMGU5YjhkNTcxYTFkMjVk
OWE0YTQwZWZmYmY5OGM3NzRjMjEwYzFhNzFhNTdjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDW3iWkxqEQ2A5dG4WIjg83fpUR9xxJclg5Hzj2+n00cDxz
/iD7z3xbkE9zdzGoK6JJSvfNZNCFmmNK7q/+M6mf9zR+rG+X8aO1TIZbFoTLMR/2
qT43qh9kWismuBppLyxBrLzbmYKw+ySixAcNrHKguOxdZGjT+xERQNw/88nLyZv7
MADPWGwYZSCa7RaUAyVG+Bc+CeKYgpNAeHC3mDu8EmicrCkWYfuRDe8nOY9Rc/gs
jwq7pHHrLSM0bUo0+xffi9IXaVgv4XfeyV5eTIUgd90ptpid+9tk26rkDkIrhsxs
57BlZ7jCy5sKomQUxNvuJ53NaYhpI3TihdUhgOZDAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU5QNdRpceUphlnJDVJzQKYFUve+wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YyNGMwNjFkLWU3OTAtNDhmYi04NDBiLWIyOWQ5NzFjMmM5Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA45DANBgkqhkiG9w0BAQsFAAOCAQEAxH8r0vLHszLpTHZjIVXROd9omOFi
WFUrvxoxWu5fXSlUx1jU7vLU874zQ+oSaiRrNlSAb82Z6NGtmxzsRGLxFIDtWmwQ
6KUtd/iS++z6Kl5gvHhcw12jBFsLmDoFoBQfoo4yRloK0PpHH/r9wxShXxKkfaJ8
O1SMHPgN+I8HTmThy5Nd5TyU05Ptp4Ui230lJaTj1hL/vTYJIyTEfeJ6PLsI/OKr
4GXHYQp46GzwN0UbK8yL7ITOybIezO6KhJECD/5D9wNHXDDqKElopUYtcSNjrEqy
eG5xQqbKwj0mbVw70uxWu7l/dm5DW5W8dUNpXnr01qXSW4XIwv6hKc9EuA==
-----END CERTIFICATE-----