Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a0ca091-b3b5-4e0a-97dc-520e58a23e51.roa
File:                     0a0ca091-b3b5-4e0a-97dc-520e58a23e51.roa (raw, json)
Hash identifier:          hSnaZYxzDgcr/VpX2I28l8WVLgATLer4dWR+drvhhyU=
Subject key identifier:   8C:41:25:30:98:84:0E:48:A8:66:72:09:0D:61:04:84:2E:0F:84:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       09C9BC4DC53AAB3E48047A8C3E54C7C932F4E7AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a0ca091-b3b5-4e0a-97dc-520e58a23e51.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.87.4.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c9:bc:4d:c5:3a:ab:3e:48:04:7a:8c:3e:54:c7:c9:32:f4:e7:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=5b982d377cee2994ceba1322dbcb9410e5563a522c9faf6eeccdbd8929310d7d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:13:0c:21:7f:48:ad:cb:7a:5e:a0:34:f2:37:
                    00:98:93:fd:ff:31:e5:34:01:f3:8c:a2:d9:7b:59:
                    92:4a:af:ea:59:10:ed:e7:66:c1:8c:b6:0c:d2:b7:
                    73:04:25:29:ef:ab:1d:23:61:b6:23:8b:95:48:42:
                    ac:33:18:a4:a0:27:4a:12:1a:40:74:91:96:ae:13:
                    1d:05:64:e1:36:be:39:3d:6d:6c:d6:54:39:22:e1:
                    23:73:d2:0d:cf:b5:93:cf:45:23:74:d0:a7:c1:4e:
                    94:8a:08:6c:40:57:d0:8e:46:fd:0e:a5:92:f3:df:
                    58:e5:18:f4:7e:6b:41:ff:f8:73:7f:46:c3:b5:4f:
                    a3:8a:d2:d4:26:af:04:cc:25:4d:e3:83:2b:fd:1c:
                    29:21:ce:ef:17:37:8f:a5:68:fe:aa:cc:74:0b:d7:
                    2e:2b:81:9a:20:8f:e5:5b:f5:54:ec:d3:1b:5d:0f:
                    76:c5:33:95:13:52:e5:ea:e3:c9:61:ae:ae:20:e4:
                    dd:31:6d:5d:a7:cc:59:74:38:15:df:2a:ff:66:8d:
                    d7:37:41:6a:e2:1f:02:af:f6:86:fb:35:63:f7:cf:
                    d9:ec:96:94:b5:fd:0e:6d:5a:9e:e8:47:3a:85:82:
                    6b:56:5d:e3:e5:78:93:2b:c7:83:52:34:41:dc:05:
                    72:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:41:25:30:98:84:0E:48:A8:66:72:09:0D:61:04:84:2E:0F:84:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0a0ca091-b3b5-4e0a-97dc-520e58a23e51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.87.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:b3:00:04:d6:71:1d:7e:72:90:ad:57:13:f2:7e:3c:a3:0c:
         c2:a3:5e:11:9b:c8:55:04:53:8c:bc:b5:ad:97:a1:64:2a:27:
         0b:5f:fc:6d:e8:fd:5f:20:bf:ed:72:15:b8:11:41:95:93:aa:
         6d:7e:b1:28:99:8d:27:1e:34:5c:77:75:a8:84:2b:c1:2e:cc:
         7b:f2:93:34:f3:d9:80:de:da:e8:38:21:ed:d7:ad:6d:de:5f:
         09:d2:35:ce:ae:9a:06:99:c3:fa:a7:4d:8d:d2:0c:92:2b:ef:
         e0:41:fb:40:05:15:51:77:f3:4f:52:31:d7:ca:94:2b:e8:e6:
         f3:5b:cd:81:52:59:56:5e:da:6f:09:9a:ab:97:0a:3d:1a:ed:
         b1:c1:0b:5a:e1:d8:08:47:33:aa:bd:3c:ba:e6:0c:ea:10:c6:
         6a:d4:ab:da:ac:cb:1c:78:8c:b1:6e:20:22:b8:6c:9f:09:57:
         a4:0d:a3:60:73:26:c2:80:3c:d3:26:5c:b7:8a:16:f5:e4:0d:
         10:4a:13:3e:1b:85:07:08:77:13:ef:61:84:af:dc:c9:bd:33:
         76:c3:f4:db:f2:6f:ab:a9:15:b1:17:96:75:14:bc:fc:83:e6:
         4f:18:15:cb:4b:89:32:e0:00:94:10:bd:a4:17:a1:1b:fa:48:
         73:9f:46:40
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCcm8TcU6qz5IBHqMPlTHyTL056owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1Yjk4MmQzNzdjZWUyOTk0Y2ViYTEzMjJkYmNiOTQxMGU1
NTYzYTUyMmM5ZmFmNmVlY2NkYmQ4OTI5MzEwZDdkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSEwwhf0ity3peoDTyNwCYk/3/MeU0AfOMotl7WZJKr+pZ
EO3nZsGMtgzSt3MEJSnvqx0jYbYji5VIQqwzGKSgJ0oSGkB0kZauEx0FZOE2vjk9
bWzWVDki4SNz0g3PtZPPRSN00KfBTpSKCGxAV9CORv0OpZLz31jlGPR+a0H/+HN/
RsO1T6OK0tQmrwTMJU3jgyv9HCkhzu8XN4+laP6qzHQL1y4rgZogj+Vb9VTs0xtd
D3bFM5UTUuXq48lhrq4g5N0xbV2nzFl0OBXfKv9mjdc3QWriHwKv9ob7NWP3z9ns
lpS1/Q5tWp7oRzqFgmtWXePleJMrx4NSNEHcBXJBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjEElMJiEDkioZnIJDWEEhC4PhB4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhMGNhMDkxLWIzYjUtNGUwYS05N2RjLTUyMGU1OGEyM2U1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjVwQwDQYJKoZIhvcNAQELBQADggEBAIOzAATWcR1+cpCtVxPyfjyjDMKj
XhGbyFUEU4y8ta2XoWQqJwtf/G3o/V8gv+1yFbgRQZWTqm1+sSiZjSceNFx3daiE
K8EuzHvykzTz2YDe2ug4Ie3XrW3eXwnSNc6umgaZw/qnTY3SDJIr7+BB+0AFFVF3
809SMdfKlCvo5vNbzYFSWVZe2m8JmquXCj0a7bHBC1rh2AhHM6q9PLrmDOoQxmrU
q9qsyxx4jLFuICK4bJ8JV6QNo2BzJsKAPNMmXLeKFvXkDRBKEz4bhQcIdxPvYYSv
3Mm9M3bD9Nvyb6upFbEXlnUUvPyD5k8YFctLiTLgAJQQvaQXoRv6SHOfRkA=
-----END CERTIFICATE-----