Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fabe9e1-94c2-485f-9753-123a43e161e3.roa
File:                     1fabe9e1-94c2-485f-9753-123a43e161e3.roa (raw, json)
Hash identifier:          Jd37jC57n9TWjQoJmHKt2w18T9kH06OAlCUp3SYhHw0=
Subject key identifier:   DD:1C:07:51:BB:72:A0:BE:D0:39:29:F5:AF:0B:58:5E:9F:B2:A2:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       10A201EDD12943E63E4224CB6B5EE12890EF5A96
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fabe9e1-94c2-485f-9753-123a43e161e3.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        99.83.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:a2:01:ed:d1:29:43:e6:3e:42:24:cb:6b:5e:e1:28:90:ef:5a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=1e4ba367816b8682674bb629fb7f97233e87ffbee938c108709bc70b1f503d6c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:10:78:c4:a8:c9:35:41:3b:dc:19:96:4e:b8:
                    33:eb:2c:d3:02:12:85:01:c9:c9:b5:2e:af:c3:7a:
                    2e:36:d1:57:88:0e:d0:dd:dc:ce:4e:85:ff:67:28:
                    a1:ba:e9:b6:83:74:0b:f8:ca:97:24:72:44:69:e5:
                    41:43:a7:c4:a8:5e:92:73:9f:20:46:86:0f:fd:e9:
                    d3:92:f9:53:8c:7f:1a:75:5d:43:2b:b0:81:12:c0:
                    0d:29:66:90:ae:1d:b2:48:df:f7:33:7e:88:bf:13:
                    ed:ac:f7:f6:02:b7:3d:cf:6c:cf:7b:78:4f:aa:a8:
                    83:61:f4:40:d6:86:5f:2d:0c:fb:89:2e:88:f2:33:
                    66:35:f3:b3:d1:7a:c7:db:12:9b:66:dd:a2:a1:07:
                    f5:eb:cf:05:97:45:94:64:f4:d2:81:7f:f1:84:52:
                    d2:df:60:e4:2f:c8:37:80:ab:40:7f:02:db:92:2a:
                    01:97:32:06:c4:4d:4f:e9:95:f2:bc:ab:cf:48:45:
                    63:21:8d:62:6e:f0:76:73:6e:55:ca:5d:c3:e8:29:
                    a9:40:0a:ed:58:cd:d5:61:94:45:7b:ae:6c:26:34:
                    6a:e1:ee:f4:a5:27:71:8c:6e:9a:9a:2b:51:f9:aa:
                    f8:d6:34:79:26:48:2d:5a:40:9a:fa:a4:00:83:50:
                    eb:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:1C:07:51:BB:72:A0:BE:D0:39:29:F5:AF:0B:58:5E:9F:B2:A2:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1fabe9e1-94c2-485f-9753-123a43e161e3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.83.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         a0:2e:4e:e2:58:f0:4d:12:1b:8f:57:d3:4e:6f:68:14:cb:5a:
         b7:94:ec:15:d0:06:01:84:1b:16:ac:d2:5d:83:3f:a3:5a:c1:
         f2:f9:c1:0e:42:6b:3c:2b:4a:46:3b:d1:af:fc:53:f9:b3:41:
         64:5a:4f:18:a5:20:9d:5d:10:51:58:f5:fd:0e:8c:1f:80:7e:
         b9:94:48:46:df:c0:62:28:64:be:8c:ba:30:e6:8a:3c:ae:f8:
         80:fb:53:64:05:a5:c2:3d:d9:47:60:e8:33:a7:74:e6:55:db:
         29:e7:24:01:c5:01:60:1c:02:93:29:c5:67:aa:6a:8d:de:27:
         54:c5:b1:2b:ce:57:75:b6:d3:b5:f2:b9:76:38:a2:68:b8:41:
         ed:a2:e2:c7:c7:5d:95:6d:8c:94:ef:97:27:59:c9:3b:ff:79:
         9e:fd:a5:2f:22:b3:68:ae:46:8a:2a:d6:f7:2c:d9:2c:e7:ac:
         d1:32:3f:47:71:b9:f3:22:d4:08:75:19:b9:d5:80:87:ca:4b:
         83:2f:59:f0:50:48:a4:fc:b7:67:46:97:d7:2d:57:1f:76:fb:
         2d:75:79:ff:a4:74:25:3f:a7:2b:65:d7:25:21:b6:0b:f0:a2:
         ca:ff:d8:6d:6a:ac:54:43:37:cc:cb:60:23:32:72:2b:8a:5f:
         d2:32:94:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEKIB7dEpQ+Y+QiTLa17hKJDvWpYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTRiYTM2NzgxNmI4NjgyNjc0YmI2MjlmYjdmOTcyMzNl
ODdmZmJlZTkzOGMxMDg3MDliYzcwYjFmNTAzZDZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCREHjEqMk1QTvcGZZOuDPrLNMCEoUBycm1Lq/Dei420VeI
DtDd3M5Ohf9nKKG66baDdAv4ypckckRp5UFDp8SoXpJznyBGhg/96dOS+VOMfxp1
XUMrsIESwA0pZpCuHbJI3/czfoi/E+2s9/YCtz3PbM97eE+qqINh9EDWhl8tDPuJ
LojyM2Y187PResfbEptm3aKhB/XrzwWXRZRk9NKBf/GEUtLfYOQvyDeAq0B/AtuS
KgGXMgbETU/plfK8q89IRWMhjWJu8HZzblXKXcPoKalACu1YzdVhlEV7rmwmNGrh
7vSlJ3GMbpqaK1H5qvjWNHkmSC1aQJr6pACDUOuTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3RwHUbtyoL7QOSn1rwtYXp+yoiYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmYWJlOWUxLTk0YzItNDg1Zi05NzUzLTEyM2E0M2UxNjFlMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjU0AwDQYJKoZIhvcNAQELBQADggEBAKAuTuJY8E0SG49X005vaBTLWreU
7BXQBgGEGxas0l2DP6NawfL5wQ5CazwrSkY70a/8U/mzQWRaTxilIJ1dEFFY9f0O
jB+AfrmUSEbfwGIoZL6MujDmijyu+ID7U2QFpcI92Udg6DOndOZV2ynnJAHFAWAc
ApMpxWeqao3eJ1TFsSvOV3W207XyuXY4omi4Qe2i4sfHXZVtjJTvlydZyTv/eZ79
pS8is2iuRooq1vcs2SznrNEyP0dxufMi1Ah1GbnVgIfKS4MvWfBQSKT8t2dGl9ct
Vx92+y11ef+kdCU/pytl1yUhtgvwosr/2G1qrFRDN8zLYCMyciuKX9IylCc=
-----END CERTIFICATE-----