Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4061bcc9-1675-46ae-885e-5350c3322285.roa
File:                     4061bcc9-1675-46ae-885e-5350c3322285.roa (raw, json)
Hash identifier:          Tix5hFmRAdKCc5Sbivr/p96ZCiifO2VIXPr+YmpV5P8=
Subject key identifier:   C8:56:AE:0D:F6:95:CC:6C:B0:41:9B:40:65:7C:68:3C:4E:BA:47:82
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       439A0F32C91DCBDE8F0F374299A964F7C59D1E93
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4061bcc9-1675-46ae-885e-5350c3322285.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.78.160.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:9a:0f:32:c9:1d:cb:de:8f:0f:37:42:99:a9:64:f7:c5:9d:1e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:5b:b9:9a:12:f8:c2:72:7c:c1:0d:f6:5d:e6:
                    43:4a:fa:0a:bb:a3:72:86:4e:e1:f9:12:8d:ff:fd:
                    04:62:75:1e:61:32:bc:15:de:88:98:60:bb:85:d0:
                    fa:d0:53:2e:13:ce:4d:b3:cc:43:c3:93:95:1f:32:
                    81:45:05:3d:83:7c:cb:8d:d3:4b:bf:ab:89:24:62:
                    d4:fc:f7:60:12:a6:73:8f:62:d2:1b:b3:d3:64:0a:
                    41:63:51:3d:55:7a:54:a0:a7:bb:3d:39:d7:4f:44:
                    2d:eb:83:2c:ca:1f:ea:73:23:8b:00:dc:55:be:41:
                    0f:4b:f7:13:39:dd:b5:02:95:43:cd:f4:dd:7f:5c:
                    0f:da:fa:ba:20:f3:18:8a:46:09:b0:4a:e6:f0:30:
                    d6:d2:0f:99:d6:90:82:39:2f:91:52:a1:4a:47:50:
                    b4:41:8c:19:c4:7c:fe:c3:bb:da:b6:71:19:e6:ff:
                    44:2f:c1:85:3d:e8:00:e1:57:6a:35:7d:64:05:a3:
                    ef:84:81:49:60:ea:79:a4:77:63:b7:31:3b:31:e7:
                    b7:65:b4:23:c4:d9:e1:e9:ee:a1:67:7f:a6:f0:a1:
                    e2:c9:8d:74:2a:4b:91:d3:b9:f5:90:51:cd:a9:ba:
                    2d:26:ef:46:dc:80:6c:f6:12:4a:e4:0e:1b:b7:9f:
                    ff:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:56:AE:0D:F6:95:CC:6C:B0:41:9B:40:65:7C:68:3C:4E:BA:47:82
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4061bcc9-1675-46ae-885e-5350c3322285.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.78.160.0/21

    Signature Algorithm: sha256WithRSAEncryption
         78:34:e9:63:f3:74:b5:f9:a2:56:05:8f:3b:1a:2f:25:7d:96:
         22:80:17:57:49:51:59:e2:c9:ec:51:4c:bd:d0:d3:54:72:5b:
         8b:c5:b0:18:65:e6:fd:db:6e:31:df:99:24:d2:15:e1:8f:d6:
         b2:7c:f7:ba:40:d9:8b:ba:f0:95:fe:ba:90:f4:22:9f:d3:5c:
         5b:0c:0f:1b:d8:3c:23:78:a6:29:bb:43:1d:74:a5:f6:6e:89:
         27:57:d7:4d:e5:f2:6c:0c:6c:63:ab:0b:40:24:e2:7f:5f:d4:
         dc:35:fd:5f:65:54:7a:40:bf:6e:c3:d2:c9:cd:8f:dc:3d:08:
         19:89:1f:a6:09:33:32:52:c7:e2:da:04:9b:e1:bb:a4:55:4a:
         bf:45:e1:9c:3c:a7:15:15:4f:37:df:00:ac:a8:3f:92:f2:ee:
         53:61:2d:6b:35:b8:30:1d:25:99:8e:3d:8b:c5:eb:94:d3:28:
         c2:64:a0:9c:82:9a:03:b0:14:44:0b:00:8e:cd:4a:e4:98:39:
         07:82:54:08:6b:71:93:b0:78:8f:c1:64:21:a3:73:f3:71:fd:
         ce:a5:3b:35:df:09:35:e8:36:bb:b0:9e:42:b8:53:9f:d1:f9:
         04:f7:b0:29:8a:4d:57:4f:89:ef:99:d6:b6:13:55:95:67:fd:
         e2:8a:18:26
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQ5oPMskdy96PDzdCmalk98WdHpMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ODk4NGYwMThjODUwZjFhZjA5MTlhN2E4ZmYwNzc0NjYw
NzJhNjVhYTFjMTM4ZTdjZDc0ODYzYzg1ZGU3Nzk5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaW7maEvjCcnzBDfZd5kNK+gq7o3KGTuH5Eo3//QRidR5h
MrwV3oiYYLuF0PrQUy4Tzk2zzEPDk5UfMoFFBT2DfMuN00u/q4kkYtT892ASpnOP
YtIbs9NkCkFjUT1VelSgp7s9OddPRC3rgyzKH+pzI4sA3FW+QQ9L9xM53bUClUPN
9N1/XA/a+rog8xiKRgmwSubwMNbSD5nWkII5L5FSoUpHULRBjBnEfP7Du9q2cRnm
/0QvwYU96ADhV2o1fWQFo++EgUlg6nmkd2O3MTsx57dltCPE2eHp7qFnf6bwoeLJ
jXQqS5HTufWQUc2pui0m70bcgGz2EkrkDhu3n/99AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUyFauDfaVzGywQZtAZXxoPE66R4IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwNjFiY2M5LTE2NzUtNDZhZS04ODVlLTUzNTBjMzMyMjI4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjTqAwDQYJKoZIhvcNAQELBQADggEBAHg06WPzdLX5olYFjzsaLyV9liKA
F1dJUVniyexRTL3Q01RyW4vFsBhl5v3bbjHfmSTSFeGP1rJ897pA2Yu68JX+upD0
Ip/TXFsMDxvYPCN4pim7Qx10pfZuiSdX103l8mwMbGOrC0Ak4n9f1Nw1/V9lVHpA
v27D0snNj9w9CBmJH6YJMzJSx+LaBJvhu6RVSr9F4Zw8pxUVTzffAKyoP5Ly7lNh
LWs1uDAdJZmOPYvF65TTKMJkoJyCmgOwFEQLAI7NSuSYOQeCVAhrcZOweI/BZCGj
c/Nx/c6lOzXfCTXoNruwnkK4U5/R+QT3sCmKTVdPie+Z1rYTVZVn/eKKGCY=
-----END CERTIFICATE-----