Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/469cccef-562f-4111-a7b0-768836838303.roa
File:                     469cccef-562f-4111-a7b0-768836838303.roa (raw, json)
Hash identifier:          mEwwBbZ61M2hUj0iui0C82/0QUJnYxsxOgp7DmiA2cw=
Subject key identifier:   E4:01:ED:29:F6:60:0C:BF:8E:F3:3C:6F:D8:FA:E0:05:B0:AB:F3:52
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       11627CBA11F828ACFBF33F3879E367C8C58532E2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/469cccef-562f-4111-a7b0-768836838303.roa
Signing time:             Mon 02 Dec 2024 00:00:00 +0000
ROA not before:           Mon 02 Dec 2024 00:00:00 +0000
ROA not after:            Mon 06 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        198.99.2.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:62:7c:ba:11:f8:28:ac:fb:f3:3f:38:79:e3:67:c8:c5:85:32:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec  2 00:00:00 2024 GMT
            Not After : Jan  6 23:59:59 2025 GMT
        Subject: serialNumber=9f6f310dd878573d4855659a2aeca5158cc584d21a25448ae0fa89c35b7ddd4c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:85:2d:44:43:ea:86:db:25:a4:d3:43:97:3e:
                    de:8e:db:57:c0:65:3c:49:af:1e:8e:a3:cd:46:9f:
                    e8:3d:7c:c4:96:05:cc:a0:09:49:94:b0:fa:de:8c:
                    f3:b4:a3:c8:7b:08:b7:21:84:82:8f:bc:c6:b0:b8:
                    14:be:29:21:2d:41:1f:f8:f2:c1:19:bf:7c:6a:bb:
                    70:c9:56:37:da:41:b8:3f:ba:d3:00:a5:9e:e2:f3:
                    5b:e6:c9:8c:fb:37:4b:6e:51:2a:d8:cc:e7:ed:fd:
                    a5:f4:4d:88:ca:b8:86:c8:7a:01:2c:6e:17:5c:51:
                    ff:22:76:aa:80:7a:ae:67:61:cd:77:6e:1d:1b:b4:
                    7f:07:93:6a:06:18:d5:8e:d6:d9:59:83:82:17:7c:
                    1b:ae:4f:72:ec:66:34:66:d3:ca:20:58:19:4d:82:
                    d9:cd:62:c7:27:05:3c:2c:ce:27:19:ae:dd:48:69:
                    57:94:26:a5:4f:f6:45:1f:79:53:0b:7c:46:9c:9f:
                    ee:53:2c:bc:bd:03:2d:5d:99:cb:4c:e6:43:ac:0f:
                    e2:5d:af:f2:32:af:bb:23:28:00:45:23:1e:78:a6:
                    37:02:18:77:83:85:5a:ab:44:a4:f6:20:7b:8f:88:
                    85:ae:84:9d:ce:4f:32:48:d6:99:13:42:6f:52:7c:
                    02:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:01:ED:29:F6:60:0C:BF:8E:F3:3C:6F:D8:FA:E0:05:B0:AB:F3:52
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/469cccef-562f-4111-a7b0-768836838303.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.99.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:05:4c:2e:15:13:40:72:86:11:14:b0:ba:6f:05:31:94:a0:
         d5:25:47:9c:da:b7:8b:01:ab:53:2c:14:61:0c:68:e0:df:2c:
         e1:99:2b:50:35:93:84:93:ec:9c:52:45:42:36:f3:e1:92:3f:
         c4:57:08:96:4f:f8:c6:c9:04:6a:b5:01:3a:a3:52:f4:00:8b:
         a0:a1:b0:4c:52:66:07:4b:2e:c8:b7:60:42:a5:7e:45:0f:33:
         89:c5:54:96:1a:85:78:e3:a7:f1:92:ba:5c:5d:bd:9c:35:fc:
         7c:45:74:c5:65:e5:23:bd:e2:0e:47:b1:c5:fd:2b:1b:7d:d5:
         20:84:17:e3:36:34:6e:8c:eb:cc:df:69:d6:12:da:f0:c1:e0:
         88:18:7b:06:a4:45:1a:38:9c:9b:55:26:b8:5c:c7:3f:7a:72:
         5c:75:d0:e1:9f:db:37:01:48:9d:9d:42:b8:86:05:77:a4:9f:
         b4:b9:74:10:fb:5e:49:fb:43:84:cc:66:f8:ac:e5:ef:ca:b9:
         4f:1c:2b:7e:ff:79:17:65:ea:0e:80:5a:25:b2:de:bf:30:9a:
         33:dd:97:c8:18:84:5e:be:14:18:b3:50:4e:69:5e:2b:97:13:
         74:47:87:f7:c8:cc:88:08:58:dd:5d:69:0a:3f:70:d8:fa:f9:
         37:f3:4f:61
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEWJ8uhH4KKz78z84eeNnyMWFMuIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjAyMDAwMDAwWhcNMjUwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZjZmMzEwZGQ4Nzg1NzNkNDg1NTY1OWEyYWVjYTUxNThj
YzU4NGQyMWEyNTQ0OGFlMGZhODljMzViN2RkZDRjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCPhS1EQ+qG2yWk00OXPt6O21fAZTxJrx6Oo81Gn+g9fMSW
BcygCUmUsPrejPO0o8h7CLchhIKPvMawuBS+KSEtQR/48sEZv3xqu3DJVjfaQbg/
utMApZ7i81vmyYz7N0tuUSrYzOft/aX0TYjKuIbIegEsbhdcUf8idqqAeq5nYc13
bh0btH8Hk2oGGNWO1tlZg4IXfBuuT3LsZjRm08ogWBlNgtnNYscnBTwszicZrt1I
aVeUJqVP9kUfeVMLfEacn+5TLLy9Ay1dmctM5kOsD+Jdr/Iyr7sjKABFIx54pjcC
GHeDhVqrRKT2IHuPiIWuhJ3OTzJI1pkTQm9SfAJ5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5AHtKfZgDL+O8zxv2PrgBbCr81IwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ2OWNjY2VmLTU2MmYtNDExMS1hN2IwLTc2ODgzNjgzODMwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADGYwIwDQYJKoZIhvcNAQELBQADggEBAMAFTC4VE0ByhhEUsLpvBTGUoNUl
R5zat4sBq1MsFGEMaODfLOGZK1A1k4ST7JxSRUI28+GSP8RXCJZP+MbJBGq1ATqj
UvQAi6ChsExSZgdLLsi3YEKlfkUPM4nFVJYahXjjp/GSulxdvZw1/HxFdMVl5SO9
4g5HscX9Kxt91SCEF+M2NG6M68zfadYS2vDB4IgYewakRRo4nJtVJrhcxz96clx1
0OGf2zcBSJ2dQriGBXekn7S5dBD7Xkn7Q4TMZvis5e/KuU8cK37/eRdl6g6AWiWy
3r8wmjPdl8gYhF6+FBizUE5pXiuXE3RHh/fIzIgIWN1daQo/cNj6+TfzT2E=
-----END CERTIFICATE-----