Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/41dc6723-79fa-4012-907a-cad5481a91fc.roa
File:                     41dc6723-79fa-4012-907a-cad5481a91fc.roa (raw, json)
Hash identifier:          KqPnQoiJsSAptBT+lP+dGAGZVlQ/ikh6UhovoYPAhi4=
Subject key identifier:   22:66:87:69:93:A1:40:78:B2:DE:52:2E:05:5A:0E:DF:59:DB:30:3A
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       642B1F2E7B990D7DAB35E527D2A33CF2E0698497
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/41dc6723-79fa-4012-907a-cad5481a91fc.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:2b:1f:2e:7b:99:0d:7d:ab:35:e5:27:d2:a3:3c:f2:e0:69:84:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:99:98:21:12:4d:ec:5c:e3:73:ff:cc:c3:f7:
                    bc:c7:0e:9b:58:1b:f9:93:f6:d6:1c:b7:ea:77:e3:
                    ac:5b:62:d4:90:e4:d9:7d:c0:37:ea:2b:aa:82:00:
                    fd:32:f1:a3:46:97:50:75:ab:da:05:1b:43:37:3f:
                    eb:30:3f:ae:35:72:36:3d:b6:37:05:a2:79:ee:db:
                    e3:07:7b:ca:33:49:12:b1:7f:63:f7:70:2d:c4:dc:
                    68:6f:ef:3a:da:e6:9f:8f:75:e7:54:a7:d5:08:95:
                    d8:08:ba:4a:e8:6d:2e:6d:ed:46:c2:46:6e:d1:e7:
                    3b:79:e7:d5:77:13:26:a5:1e:7b:62:f6:a8:07:29:
                    f9:83:31:92:14:04:50:62:d4:b3:34:12:19:f5:04:
                    92:df:2a:5d:96:0b:4e:2c:32:0a:ec:0d:5c:5a:55:
                    58:cb:13:1a:29:de:94:d1:3c:ad:33:01:47:c6:4c:
                    2a:ad:4f:42:69:65:f2:dd:e1:a6:22:af:40:43:d9:
                    ea:85:a2:f4:23:b2:5c:9b:bb:d4:86:3c:ef:4a:9a:
                    31:ac:36:c1:85:33:3d:84:5e:a0:24:93:d4:5e:60:
                    72:c1:7c:3b:8f:9b:04:90:9a:22:aa:f3:00:94:f8:
                    56:f7:43:6e:51:13:81:da:1a:d8:f5:3e:7b:cd:b5:
                    85:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:66:87:69:93:A1:40:78:B2:DE:52:2E:05:5A:0E:DF:59:DB:30:3A
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/41dc6723-79fa-4012-907a-cad5481a91fc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         6c:31:51:ff:1e:89:1f:93:8e:e9:2a:97:a3:2f:61:fd:a1:73:
         7b:1b:9b:50:08:5f:06:58:0d:53:d8:13:c9:c2:5f:41:f8:d9:
         ca:f6:5d:32:93:64:8a:75:85:12:d1:8e:2e:83:54:c2:47:f5:
         d6:6a:10:2e:70:64:a0:7e:e8:fb:27:e8:c3:d5:1c:27:cd:e7:
         e9:1c:5c:36:24:36:7d:4a:80:05:2a:2d:3f:6c:96:55:97:64:
         56:11:b3:ab:90:b9:70:c4:df:1e:15:ce:af:6c:d0:41:60:68:
         10:21:10:65:92:3d:6c:51:8b:b3:e3:80:ad:13:67:5e:9c:f4:
         c0:8d:9b:d5:01:dc:fd:f3:1d:46:48:c1:85:e9:eb:e2:0b:90:
         5c:25:da:69:09:96:00:5f:f9:72:17:7f:1c:c2:e5:b6:56:24:
         67:1a:4b:5d:a7:f4:36:3b:bf:e7:1a:26:5b:83:0b:bc:34:cf:
         8f:1a:a7:15:04:79:e4:3e:24:20:b7:5e:de:72:f6:6a:46:af:
         6e:1a:eb:e4:22:c7:2a:9f:a0:9b:a7:06:a5:9d:e5:a5:da:ef:
         30:7e:c4:37:0a:af:23:97:78:83:88:ad:51:a1:e5:63:a9:8c:
         13:43:3f:46:a2:5f:95:22:c3:77:31:bf:01:eb:cc:93:84:f5:
         c5:ea:80:e1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZCsfLnuZDX2rNeUn0qM88uBphJcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YTQ3ZjQ2YmE5YjczNmNiMjE4MTBkNDA4MmNiZjlmOGVm
Zjk5ZTQzYjZjNjM0NGYwZTU2Zjg2MjM1NGZiNGI3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWmZghEk3sXONz/8zD97zHDptYG/mT9tYct+p346xbYtSQ
5Nl9wDfqK6qCAP0y8aNGl1B1q9oFG0M3P+swP641cjY9tjcFonnu2+MHe8ozSRKx
f2P3cC3E3Ghv7zra5p+PdedUp9UIldgIukrobS5t7UbCRm7R5zt559V3EyalHnti
9qgHKfmDMZIUBFBi1LM0Ehn1BJLfKl2WC04sMgrsDVxaVVjLExop3pTRPK0zAUfG
TCqtT0JpZfLd4aYir0BD2eqFovQjslybu9SGPO9KmjGsNsGFMz2EXqAkk9ReYHLB
fDuPmwSQmiKq8wCU+Fb3Q25RE4HaGtj1PnvNtYXJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUImaHaZOhQHiy3lIuBVoO31nbMDowHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQxZGM2NzIzLTc5ZmEtNDAxMi05MDdhLWNhZDU0ODFhOTFmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjl0AwDQYJKoZIhvcNAQELBQADggEBAGwxUf8eiR+Tjukql6MvYf2hc3sb
m1AIXwZYDVPYE8nCX0H42cr2XTKTZIp1hRLRji6DVMJH9dZqEC5wZKB+6Psn6MPV
HCfN5+kcXDYkNn1KgAUqLT9sllWXZFYRs6uQuXDE3x4Vzq9s0EFgaBAhEGWSPWxR
i7PjgK0TZ16c9MCNm9UB3P3zHUZIwYXp6+ILkFwl2mkJlgBf+XIXfxzC5bZWJGca
S12n9DY7v+caJluDC7w0z48apxUEeeQ+JCC3Xt5y9mpGr24a6+QixyqfoJunBqWd
5aXa7zB+xDcKryOXeIOIrVGh5WOpjBNDP0aiX5Uiw3cxvwHrzJOE9cXqgOE=
-----END CERTIFICATE-----