Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49fc0f24-3d8c-4663-b68c-1a84cda6d77a.roa
File:                     49fc0f24-3d8c-4663-b68c-1a84cda6d77a.roa (raw, json)
Hash identifier:          jPkAcZ3MXzEdgpykCrJAEb5KVHc8vfJvDiR/QjR0xc8=
Subject key identifier:   80:A2:DB:DB:8A:F9:F7:EB:9D:98:F8:23:07:E5:88:16:59:ED:60:60
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E73E2064C3AAE1C84BA41C5DDF93B578A9D9624
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49fc0f24-3d8c-4663-b68c-1a84cda6d77a.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.188.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:73:e2:06:4c:3a:ae:1c:84:ba:41:c5:dd:f9:3b:57:8a:9d:96:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7b:c5:c7:e3:54:f5:e0:0a:b0:46:3c:ed:cd:
                    6d:0a:d9:b6:f9:f2:b8:bf:8a:c8:a8:77:f4:02:e5:
                    2b:cc:8a:34:60:87:ef:aa:63:b5:98:90:dc:5f:5c:
                    88:52:95:dd:b7:eb:9f:dd:48:b3:8c:3f:94:7d:fd:
                    8b:20:1a:55:70:cd:de:f0:18:78:9f:79:7d:5c:4a:
                    46:32:ea:77:df:31:70:4b:52:cd:22:50:7e:0c:7e:
                    a8:20:7b:9e:17:8e:97:63:2a:17:95:61:7f:09:13:
                    35:48:d7:4a:db:56:35:f6:4e:d1:37:f1:c9:d6:a8:
                    a3:48:b6:7f:7a:62:aa:5d:f2:af:5e:d0:ba:f1:01:
                    8f:89:3a:e5:d3:70:b5:ee:9b:3f:bb:e9:e3:a2:2a:
                    35:74:18:f3:4e:31:79:85:13:d0:22:90:3d:06:d3:
                    8a:e6:69:77:4e:01:72:ef:e6:3e:00:02:da:2a:16:
                    05:cb:c2:00:b4:85:9c:e0:a6:a7:49:2c:db:d3:e0:
                    3f:a8:c6:3a:89:9c:0d:ff:97:13:74:ff:33:a2:6c:
                    3b:03:9f:fb:87:59:6d:d4:87:39:81:fb:47:e2:7f:
                    47:79:78:a3:29:a4:1f:9f:8d:9e:47:7b:ad:19:51:
                    6b:0a:07:05:de:74:cc:3f:00:85:07:cb:7c:69:f3:
                    1c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:A2:DB:DB:8A:F9:F7:EB:9D:98:F8:23:07:E5:88:16:59:ED:60:60
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/49fc0f24-3d8c-4663-b68c-1a84cda6d77a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:f5:4c:db:7b:14:55:d2:1c:30:bd:7f:74:d5:cc:39:2c:c9:
         22:f1:90:31:21:36:30:ed:60:e0:03:73:9d:af:e3:01:76:5b:
         0e:9f:ac:d9:b5:79:1b:aa:3e:83:a7:ce:70:4d:97:7f:69:15:
         c6:c7:b3:1c:cf:31:6d:6c:1e:d5:f6:92:89:14:81:0c:c3:af:
         66:6b:dd:c1:70:e6:b9:fa:20:c3:89:42:25:55:17:95:87:d6:
         b5:e6:5c:c9:98:3f:89:9a:19:96:04:9b:45:0e:84:1f:84:2c:
         b4:98:12:f7:14:de:40:a1:76:d1:ed:47:b4:44:11:15:62:4c:
         c2:45:a8:d5:19:ef:75:74:36:be:2f:14:3d:b1:7c:62:e9:42:
         d6:0f:e5:09:e7:1a:eb:c1:e4:95:c2:cd:cf:a3:d5:c8:42:50:
         a3:02:aa:80:b5:24:2b:db:09:cd:0e:7d:fd:36:61:bb:bb:f2:
         bc:fd:df:a3:7a:de:14:45:61:a5:ae:de:b5:9a:a8:09:43:28:
         8c:a1:18:51:f9:5a:1f:8f:45:2d:9e:55:a2:93:68:77:6b:8a:
         b9:bf:7b:7c:ee:ed:74:1c:34:5e:7d:d7:8e:4f:0a:44:13:67:
         d9:f7:d5:58:34:25:eb:2c:87:d8:61:07:60:71:aa:51:ae:9e:
         6e:63:0d:6e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbnPiBkw6rhyEukHF3fk7V4qdliQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3YThjNmMxYjAzZDUzM2E1MzNlZTU2YWQyODllNDlkNjky
NmYxNTg1ZWIzYjk2MGFiM2IyMzczM2Y0MTNjZjVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDoe8XH41T14AqwRjztzW0K2bb58ri/isiod/QC5SvMijRg
h++qY7WYkNxfXIhSld2365/dSLOMP5R9/YsgGlVwzd7wGHifeX1cSkYy6nffMXBL
Us0iUH4Mfqgge54XjpdjKheVYX8JEzVI10rbVjX2TtE38cnWqKNItn96Yqpd8q9e
0LrxAY+JOuXTcLXumz+76eOiKjV0GPNOMXmFE9AikD0G04rmaXdOAXLv5j4AAtoq
FgXLwgC0hZzgpqdJLNvT4D+oxjqJnA3/lxN0/zOibDsDn/uHWW3UhzmB+0fif0d5
eKMppB+fjZ5He60ZUWsKBwXedMw/AIUHy3xp8xzNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgKLb24r59+udmPgjB+WIFlntYGAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ5ZmMwZjI0LTNkOGMtNDY2My1iNjhjLTFhODRjZGE2ZDc3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAFjl7wwDQYJKoZIhvcNAQELBQADggEBAF31TNt7FFXSHDC9f3TVzDksySLx
kDEhNjDtYOADc52v4wF2Ww6frNm1eRuqPoOnznBNl39pFcbHsxzPMW1sHtX2kokU
gQzDr2Zr3cFw5rn6IMOJQiVVF5WH1rXmXMmYP4maGZYEm0UOhB+ELLSYEvcU3kCh
dtHtR7REERViTMJFqNUZ73V0Nr4vFD2xfGLpQtYP5QnnGuvB5JXCzc+j1chCUKMC
qoC1JCvbCc0Off02Ybu78rz936N63hRFYaWu3rWaqAlDKIyhGFH5Wh+PRS2eVaKT
aHdrirm/e3zu7XQcNF59145PCkQTZ9n31Vg0Jessh9hhB2BxqlGunm5jDW4=
-----END CERTIFICATE-----