Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a96787b-389c-46b2-919d-eda3b93c7241.roa
File:                     4a96787b-389c-46b2-919d-eda3b93c7241.roa (raw, json)
Hash identifier:          yge1K6vkPgu+6uNM3wKgLeA1vwPXXWOjtDG1P+0RWpU=
Subject key identifier:   93:6B:77:BE:A5:49:9F:89:7F:EE:52:94:41:42:CA:8B:E1:C3:85:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4AACAF57BACB5F628A5B549A8C0D4F18A64F2F26
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a96787b-389c-46b2-919d-eda3b93c7241.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.78.144.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:ac:af:57:ba:cb:5f:62:8a:5b:54:9a:8c:0d:4f:18:a6:4f:2f:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:b5:d0:8c:d5:77:1f:b6:75:63:95:33:d7:10:
                    df:34:d9:3b:54:98:82:e6:d0:d8:ed:f4:17:a8:cb:
                    ba:a0:1c:d2:56:0e:58:a6:52:dc:f0:55:30:41:88:
                    c3:13:13:6c:5c:55:16:cd:20:f7:f3:9b:25:5a:f5:
                    4f:2f:58:cf:16:01:67:c9:ff:a4:f6:d1:4b:53:c1:
                    15:3e:15:17:8f:bd:cc:b4:17:c5:6c:d6:ff:b3:93:
                    6e:99:cd:e7:13:06:a7:94:32:b4:23:ef:9a:17:ea:
                    ef:cd:3f:65:55:dc:61:ec:ca:40:bd:4d:67:d6:03:
                    e5:28:ab:af:0f:41:14:80:e1:ea:32:d7:61:7f:33:
                    e9:1b:db:2a:93:ff:97:7b:1c:e2:50:4f:2f:8a:b6:
                    fb:e9:f3:51:de:0e:05:64:0e:0e:f0:5b:a1:15:46:
                    49:42:b2:ae:09:45:96:43:93:05:9a:8b:f6:17:92:
                    78:57:b8:96:18:bb:6a:e3:43:13:44:d1:41:2f:3a:
                    7a:ca:ff:6c:da:5e:52:be:22:73:35:81:42:17:40:
                    f7:35:49:b2:ed:8c:02:d6:e8:27:61:0c:03:b0:df:
                    6a:4b:91:69:76:5d:33:04:ca:c2:7e:09:70:58:29:
                    dc:c5:98:94:01:ab:f4:67:06:18:aa:cb:2a:76:5e:
                    b6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6B:77:BE:A5:49:9F:89:7F:EE:52:94:41:42:CA:8B:E1:C3:85:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a96787b-389c-46b2-919d-eda3b93c7241.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.78.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         33:73:8b:21:67:ca:1d:fe:ba:39:0f:39:ff:47:84:9f:1d:83:
         f0:a9:ba:c0:a6:c5:a4:2b:15:7b:95:bc:ca:ac:d4:db:7f:08:
         7c:2b:71:56:4c:64:da:5a:3f:2d:31:2a:48:e3:ae:d3:f1:08:
         84:e6:e6:33:62:df:d5:01:36:77:80:99:a2:b4:ee:fb:f7:6a:
         9b:34:d1:d2:b9:81:55:7a:52:9a:19:e5:ce:9d:59:a7:04:18:
         a0:c2:7b:43:c2:56:86:9d:4b:18:68:bc:cb:95:a5:22:09:83:
         3a:54:08:49:6d:59:a0:f5:43:f9:e0:47:b9:e3:5b:86:b2:46:
         ae:ce:c8:47:75:4a:f0:22:c1:c2:20:46:cd:fa:9b:26:79:70:
         cf:a6:a2:41:7d:18:15:fb:d5:99:35:08:fc:53:1c:63:38:58:
         7e:00:0c:4d:ce:1d:fd:01:31:21:f8:9c:4e:65:ec:de:59:24:
         3e:d9:d9:1f:b0:c7:74:7a:8d:9b:e4:47:48:aa:ca:eb:42:da:
         8b:7a:b8:74:a0:3b:c9:65:1e:da:72:61:f2:7b:86:a6:2f:2e:
         95:93:76:1d:1b:83:c4:db:59:a3:5e:21:6a:e2:f7:e6:1a:e3:
         e9:a1:c1:01:09:2d:88:35:a2:b3:d6:ba:00:77:12:df:78:88:
         c0:f7:bc:f8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSqyvV7rLX2KKW1SajA1PGKZPLyYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNzkxOTlkOWMzYTc3NGIwMWI4ZDhjMTJjNjEwYjdjZmZm
NWQ1OTI5YmIzNDgzZGMyMjFjODU3YjdmMDEzZTAwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmtdCM1XcftnVjlTPXEN802TtUmILm0Njt9Beoy7qgHNJW
DlimUtzwVTBBiMMTE2xcVRbNIPfzmyVa9U8vWM8WAWfJ/6T20UtTwRU+FRePvcy0
F8Vs1v+zk26ZzecTBqeUMrQj75oX6u/NP2VV3GHsykC9TWfWA+Uoq68PQRSA4eoy
12F/M+kb2yqT/5d7HOJQTy+Ktvvp81HeDgVkDg7wW6EVRklCsq4JRZZDkwWai/YX
knhXuJYYu2rjQxNE0UEvOnrK/2zaXlK+InM1gUIXQPc1SbLtjALW6CdhDAOw32pL
kWl2XTMEysJ+CXBYKdzFmJQBq/RnBhiqyyp2XrZdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk2t3vqVJn4l/7lKUQULKi+HDhZEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhOTY3ODdiLTM4OWMtNDZiMi05MTlkLWVkYTNiOTNjNzI0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjTpAwDQYJKoZIhvcNAQELBQADggEBADNziyFnyh3+ujkPOf9HhJ8dg/Cp
usCmxaQrFXuVvMqs1Nt/CHwrcVZMZNpaPy0xKkjjrtPxCITm5jNi39UBNneAmaK0
7vv3aps00dK5gVV6UpoZ5c6dWacEGKDCe0PCVoadSxhovMuVpSIJgzpUCEltWaD1
Q/ngR7njW4ayRq7OyEd1SvAiwcIgRs36myZ5cM+mokF9GBX71Zk1CPxTHGM4WH4A
DE3OHf0BMSH4nE5l7N5ZJD7Z2R+wx3R6jZvkR0iqyutC2ot6uHSgO8llHtpyYfJ7
hqYvLpWTdh0bg8TbWaNeIWri9+Ya4+mhwQEJLYg1orPWugB3Et94iMD3vPg=
-----END CERTIFICATE-----