Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d561628-fc32-41ca-978b-1f8088986b08.roa
File:                     1d561628-fc32-41ca-978b-1f8088986b08.roa (raw, json)
Hash identifier:          9Z+y473NYGms7qujNLrzP/GEk9XioBhCc5xggTShrYY=
Subject key identifier:   77:E5:FB:DB:2D:F2:59:69:65:6A:8A:08:8B:B0:90:0C:69:35:49:76
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       63B57DBF39FC3A46B5DE65BE2C2AC4D347DE27CA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d561628-fc32-41ca-978b-1f8088986b08.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.150.48.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:b5:7d:bf:39:fc:3a:46:b5:de:65:be:2c:2a:c4:d3:47:de:27:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fa:95:58:aa:6d:65:ad:a6:e0:31:d7:71:03:
                    11:60:53:0e:01:6a:53:0c:d2:e7:1e:8f:c8:e6:ff:
                    63:03:f1:e9:50:ee:ce:20:58:5a:c6:ee:8a:62:23:
                    5b:7a:7f:e4:ae:1d:dc:98:80:94:c1:71:14:0a:99:
                    a4:4e:31:51:a4:6a:ce:be:a0:c4:ee:ba:f7:91:6d:
                    fe:b0:ec:19:2b:18:f3:90:01:6e:4d:e6:7a:c9:de:
                    99:18:72:84:fd:02:3c:de:cc:73:28:ac:3f:fe:30:
                    56:73:18:17:06:a7:6d:2d:69:82:11:b9:d0:b4:84:
                    cd:ea:74:76:02:95:18:ac:9c:e9:f8:27:1c:25:94:
                    a9:c5:ab:7a:9c:d2:cb:c6:a0:ba:d0:a0:e1:3d:5d:
                    54:65:bd:3b:d7:a2:0c:bb:b3:f4:76:48:f8:75:55:
                    9f:a6:df:36:f2:b2:dd:5b:ad:3e:9b:ce:b5:de:e8:
                    75:96:07:9f:ba:77:05:78:fd:39:20:26:f4:3c:50:
                    c5:45:89:6f:7c:48:a2:70:ee:f3:58:4c:a8:50:e9:
                    46:cb:d4:12:c5:64:2d:81:7c:b5:28:a2:c2:b2:28:
                    2f:fe:1a:69:34:70:b5:f8:9e:b7:27:8d:31:92:da:
                    6d:bc:1e:9f:3d:d5:78:fb:98:dd:de:8c:46:27:d3:
                    13:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:E5:FB:DB:2D:F2:59:69:65:6A:8A:08:8B:B0:90:0C:69:35:49:76
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1d561628-fc32-41ca-978b-1f8088986b08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.150.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         42:c9:76:cf:78:5e:fd:bd:bf:10:51:26:37:ca:6c:13:c8:b6:
         91:64:09:28:4b:57:cb:0e:fc:47:ff:98:41:0d:81:f3:06:bf:
         13:7b:56:bf:b6:00:ea:b8:36:6c:52:f7:3b:0e:d8:df:66:fc:
         71:0f:86:e5:6f:d7:83:52:db:85:5a:18:4e:b8:3d:ec:af:d0:
         fd:9e:be:52:d2:75:55:8f:9f:b6:0f:86:9e:df:b0:32:f7:77:
         91:67:6b:89:f0:b1:90:e8:4b:69:2e:42:c6:03:09:66:20:31:
         40:f1:83:80:d0:a7:52:c6:0c:0c:50:fd:72:c3:96:24:cd:d9:
         28:f3:46:ef:c3:d3:6c:39:64:b0:b5:00:79:df:f5:41:e4:2c:
         1f:71:81:75:ce:4a:c2:87:bb:ea:b4:d0:75:cf:b7:5d:cb:3a:
         10:18:6b:a5:43:46:23:7c:11:55:0d:ad:e8:2b:70:38:a8:b8:
         a6:0f:51:88:19:d0:a6:de:7e:99:ce:4e:f3:87:fe:07:c6:9c:
         8c:00:1a:5d:ea:12:18:c7:d2:ec:82:d2:81:3a:d6:a8:bd:f1:
         a8:35:b1:11:28:e1:a1:e8:12:f4:2d:e9:13:4e:33:72:09:20:
         ae:74:9b:3b:1a:8f:37:2e:0a:71:06:00:45:6d:0d:1d:f9:d7:
         92:21:82:83
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY7V9vzn8Oka13mW+LCrE00feJ8owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NTE2OTQ5NWRhMGM1Mzg3MzdlMTgwNjdkMzE4NDUyZDkx
ZWQzNWU4MGFkMDMyOGU5YTQ1YTZmYzNjNmIxMDIyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb+pVYqm1lrabgMddxAxFgUw4BalMM0ucej8jm/2MD8elQ
7s4gWFrG7opiI1t6f+SuHdyYgJTBcRQKmaROMVGkas6+oMTuuveRbf6w7BkrGPOQ
AW5N5nrJ3pkYcoT9AjzezHMorD/+MFZzGBcGp20taYIRudC0hM3qdHYClRisnOn4
JxwllKnFq3qc0svGoLrQoOE9XVRlvTvXogy7s/R2SPh1VZ+m3zbyst1brT6bzrXe
6HWWB5+6dwV4/TkgJvQ8UMVFiW98SKJw7vNYTKhQ6UbL1BLFZC2BfLUoosKyKC/+
Gmk0cLX4nrcnjTGS2m28Hp891Xj7mN3ejEYn0xPhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUd+X72y3yWWllaooIi7CQDGk1SXYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkNTYxNjI4LWZjMzItNDFjYS05NzhiLTFmODA4ODk4NmIwOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjljAwDQYJKoZIhvcNAQELBQADggEBAELJds94Xv29vxBRJjfKbBPItpFk
CShLV8sO/Ef/mEENgfMGvxN7Vr+2AOq4NmxS9zsO2N9m/HEPhuVv14NS24VaGE64
Peyv0P2evlLSdVWPn7YPhp7fsDL3d5Fna4nwsZDoS2kuQsYDCWYgMUDxg4DQp1LG
DAxQ/XLDliTN2SjzRu/D02w5ZLC1AHnf9UHkLB9xgXXOSsKHu+q00HXPt13LOhAY
a6VDRiN8EVUNregrcDiouKYPUYgZ0KbefpnOTvOH/gfGnIwAGl3qEhjH0uyC0oE6
1qi98ag1sREo4aHoEvQt6RNOM3IJIK50mzsajzcuCnEGAEVtDR3515IhgoM=
-----END CERTIFICATE-----