Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/784b2b14-cc65-4db8-acbe-c21ac40c5e77.roa
File:                     784b2b14-cc65-4db8-acbe-c21ac40c5e77.roa (raw, json)
Hash identifier:          ll78sVg6YkDyeNgJDV/WBP/F/NcAcqxZ9Jm+mmLKD2Y=
Subject key identifier:   8D:F0:E8:7A:77:97:4F:7D:BA:99:3F:77:E2:6B:07:F5:A5:8F:91:25
Certificate issuer:       /CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
Certificate serial:       0C4B7E5A09144F69FBE2DC6EF21CA1491F3DBA33
Authority key identifier: 99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/784b2b14-cc65-4db8-acbe-c21ac40c5e77.roa
Signing time:             Mon 09 Dec 2024 00:00:00 +0000
ROA not before:           Mon 09 Dec 2024 00:00:00 +0000
ROA not after:            Mon 13 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        96.127.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:4b:7e:5a:09:14:4f:69:fb:e2:dc:6e:f2:1c:a1:49:1f:3d:ba:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04
        Validity
            Not Before: Dec  9 00:00:00 2024 GMT
            Not After : Jan 13 23:59:59 2025 GMT
        Subject: CN=0099a7ea-794a-4a28-b164-49547626eb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e3:01:2c:5f:8f:d1:7b:ea:c7:b7:a7:2a:76:
                    9b:55:6e:25:ea:4a:db:e7:f9:32:cf:48:78:30:79:
                    b4:eb:3c:d5:14:41:44:61:a8:07:9f:b9:dc:2e:04:
                    28:0e:f6:a6:a1:5f:ea:a2:68:1e:b1:d9:93:01:2d:
                    fa:4e:a6:82:17:d2:6c:e5:94:7d:44:f3:f7:c3:70:
                    5c:5d:dd:71:78:6d:a9:64:aa:cb:a0:44:7d:5d:f9:
                    0e:21:c5:83:7d:b4:94:7f:af:03:b6:e3:df:5b:44:
                    87:aa:d3:b4:69:92:91:28:06:cf:bf:35:7f:8f:28:
                    90:20:88:ba:74:52:98:90:24:ca:7e:af:2a:2d:19:
                    07:5c:ff:33:d1:e5:c4:b9:a5:91:f9:e7:41:70:f7:
                    3a:81:08:61:9e:a0:4d:00:ce:b9:4c:f9:62:e0:bb:
                    91:5e:e1:ef:a5:59:78:bd:a6:26:bd:0c:b1:4d:0f:
                    9c:ab:2b:7a:5d:14:7c:b0:4a:5b:56:14:1c:3c:9f:
                    7c:79:22:d8:c2:4d:9f:ee:2c:5f:69:2a:ec:27:57:
                    dd:fa:48:4c:98:48:66:02:13:d0:7f:30:37:dc:3c:
                    f9:86:5c:63:c6:4d:4e:ec:74:6a:ff:98:af:f5:f1:
                    39:80:fa:58:6f:f8:c7:e3:a6:ad:2d:2d:f2:db:9e:
                    8c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:F0:E8:7A:77:97:4F:7D:BA:99:3F:77:E2:6B:07:F5:A5:8F:91:25
            X509v3 Authority Key Identifier:
                keyid:99:C3:54:4C:08:C9:94:54:B8:79:95:1E:FF:A4:7A:8F:63:C8:A7:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/77b56428-9b52-416f-b279-bbae14422de2/c05676c733fd8ccae5be63b92bddc90b7a5b74e69449c1eb04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/784b2b14-cc65-4db8-acbe-c21ac40c5e77.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/42582c67-dd3f-4bc5-ba60-e97e552c6e35/_YzK5b5juSvdyQt6W3TmlEnB6wQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.127.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         54:66:86:4b:bd:d8:a1:b3:1d:3b:d5:68:1f:5a:5b:69:8a:eb:
         e3:c2:c9:b9:8e:21:6d:14:0c:ff:83:67:46:81:15:01:e1:10:
         52:df:b6:83:0f:e2:5e:7b:9b:92:71:85:09:25:d0:59:78:96:
         40:bf:fe:84:e7:ea:d2:e8:09:6b:75:33:8d:96:9b:44:eb:c1:
         a2:9f:f1:15:3a:a9:62:71:2e:e4:36:41:47:af:2e:58:2a:30:
         be:4c:e1:48:3e:92:62:71:ee:c9:b9:e4:37:4c:70:c1:47:eb:
         ab:e4:a7:b8:22:7a:c2:c2:58:9d:49:84:14:6c:f0:ff:60:11:
         96:aa:47:ab:54:9f:32:be:d8:54:ef:5b:fe:7d:12:76:de:cf:
         de:79:c9:d6:44:bf:4b:94:c8:40:63:ea:2e:1f:37:f8:4a:22:
         a0:d7:bf:4c:df:17:94:8e:cb:a4:6e:66:26:24:0d:8e:59:18:
         cd:73:94:58:77:21:93:bc:f0:e7:55:6d:90:19:d5:dc:43:27:
         af:92:da:b1:5d:81:5b:95:30:7c:33:7b:15:13:c3:10:eb:57:
         87:cf:74:25:fa:37:8a:0a:fa:89:20:25:a4:ee:d2:be:8c:d4:
         d6:d9:20:73:02:ca:1b:2b:45:f2:9e:2d:aa:d5:0c:c4:c1:0a:
         5d:c8:21:b9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDEt+WgkUT2n74txu8hyhSR89ujMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzA1Njc2YzczM2ZkOGNjYWU1YmU2M2I5MmJkZGM5MGI3
YTViNzRlNjk0NDljMWViMDQwHhcNMjQxMjA5MDAwMDAwWhcNMjUwMTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjA1MGVhM2JkYWI2ZDhjNTVjN2U2NDExNjZmNDdkYTFj
MzVkNDdhYzdjNjk4MzhiZDk1OWRkZmE4NzMzYjYwMS0wKwYDVQQDEyQwMDk5YTdl
YS03OTRhLTRhMjgtYjE2NC00OTU0NzYyNmViMTEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDj4wEsX4/Re+rHt6cqdptVbiXqStvn+TLPSHgwebTrPNUU
QURhqAefudwuBCgO9qahX+qiaB6x2ZMBLfpOpoIX0mzllH1E8/fDcFxd3XF4balk
qsugRH1d+Q4hxYN9tJR/rwO2499bRIeq07RpkpEoBs+/NX+PKJAgiLp0UpiQJMp+
ryotGQdc/zPR5cS5pZH550Fw9zqBCGGeoE0AzrlM+WLgu5Fe4e+lWXi9pia9DLFN
D5yrK3pdFHywSltWFBw8n3x5ItjCTZ/uLF9pKuwnV936SEyYSGYCE9B/MDfcPPmG
XGPGTU7sdGr/mK/18TmA+lhv+Mfjpq0tLfLbnowrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjfDoeneXT326mT934msH9aWPkSUwHwYDVR0jBBgwFoAUmcNUTAjJlFS4
eZUe/6R6j2PIp3cwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi83N2I1NjQyOC05
YjUyLTQxNmYtYjI3OS1iYmFlMTQ0MjJkZTIvYzA1Njc2YzczM2ZkOGNjYWU1YmU2
M2I5MmJkZGM5MGI3YTViNzRlNjk0NDljMWViMDQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNDI1ODJjNjctZGQzZi00YmM1LWJhNjAtZTk3
ZTU1MmM2ZTM1Lzc4NGIyYjE0LWNjNjUtNGRiOC1hY2JlLWMyMWFjNDBjNWU3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzQyNTgyYzY3LWRkM2YtNGJjNS1iYTYw
LWU5N2U1NTJjNmUzNS9fWXpLNWI1anVTdmR5UXQ2VzNUbWxFbkI2d1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdgfwAwDQYJKoZIhvcNAQELBQADggEBAFRmhku92KGzHTvVaB9aW2mK6+PC
ybmOIW0UDP+DZ0aBFQHhEFLftoMP4l57m5JxhQkl0Fl4lkC//oTn6tLoCWt1M42W
m0TrwaKf8RU6qWJxLuQ2QUevLlgqML5M4Ug+kmJx7sm55DdMcMFH66vkp7giesLC
WJ1JhBRs8P9gEZaqR6tUnzK+2FTvW/59Enbez955ydZEv0uUyEBj6i4fN/hKIqDX
v0zfF5SOy6RuZiYkDY5ZGM1zlFh3IZO88OdVbZAZ1dxDJ6+S2rFdgVuVMHwzexUT
wxDrV4fPdCX6N4oK+okgJaTu0r6M1NbZIHMCyhsrRfKeLarVDMTBCl3IIbk=
-----END CERTIFICATE-----