Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/547928a1-7996-4689-ac22-50da4d231b93.roa
File:                     547928a1-7996-4689-ac22-50da4d231b93.roa (raw, json)
Hash identifier:          lQddXiSAh31CkbJl94ay0+SsPvzCn1CZ7CVVAmirIKQ=
Subject key identifier:   78:0B:73:09:76:BC:A8:3F:94:6A:BA:78:21:0F:E4:00:DC:A7:CB:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7F7C780B7A6EE4B57025622D28296A7E1C17FBA4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/547928a1-7996-4689-ac22-50da4d231b93.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        99.144.192.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:7c:78:0b:7a:6e:e4:b5:70:25:62:2d:28:29:6a:7e:1c:17:fb:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=903cd7b71c7398420c4ab17693939e2e2d850aa7701032a82e5e3288b0815763, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b7:55:16:2a:1f:17:95:02:a8:2b:e0:f4:44:
                    4e:73:1d:31:ec:44:2b:3a:62:37:43:5a:9a:64:06:
                    5a:64:73:ff:db:32:62:c2:88:c5:ef:f5:48:4d:28:
                    72:7e:80:a3:03:59:b3:8c:83:af:68:88:86:2f:b5:
                    33:45:97:03:16:e4:8a:e4:aa:d7:05:d1:22:71:8d:
                    51:55:06:52:e1:bf:1a:84:98:62:08:f7:18:54:c3:
                    62:3a:49:da:4b:7a:ae:51:8d:3f:63:97:6e:5f:f7:
                    9a:3e:6f:fb:76:85:a5:3c:43:72:f3:ac:30:9a:55:
                    06:d3:54:6c:16:b6:82:de:c8:f6:c9:c2:86:ca:6a:
                    0f:95:da:1e:46:d3:3f:70:9c:37:95:c1:2e:3a:99:
                    b3:b5:e0:28:21:64:12:39:f1:ac:7d:87:a6:36:6b:
                    56:d5:01:78:22:4e:3b:f2:03:16:bf:d9:51:02:ab:
                    01:b9:b4:31:16:f2:c7:33:d4:aa:a3:99:d7:3c:46:
                    b1:c3:98:fd:de:6e:ed:ca:77:8d:c4:c9:67:05:ba:
                    bd:37:78:4f:a4:6f:6d:eb:f0:c5:a5:01:71:51:aa:
                    f2:46:b5:e2:f6:e9:b5:76:2b:0d:e7:86:fa:10:43:
                    d5:8a:9d:01:f2:9c:35:1a:5e:fd:83:eb:17:68:57:
                    52:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0B:73:09:76:BC:A8:3F:94:6A:BA:78:21:0F:E4:00:DC:A7:CB:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/547928a1-7996-4689-ac22-50da4d231b93.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.144.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         5d:3b:bb:85:59:e0:8c:40:8c:e6:17:18:17:b9:44:94:6d:57:
         4e:ec:52:d8:5f:37:e0:19:5a:79:49:2a:d8:04:2a:ea:a5:10:
         3c:a4:93:1b:e5:87:bd:3c:80:09:ce:d7:72:5f:6c:00:9b:d4:
         ab:49:20:79:bd:a4:ec:31:68:d5:de:97:d9:ed:31:5b:e0:fe:
         41:88:ef:a3:61:e3:6d:65:fe:e8:27:c0:16:78:a1:e4:5f:57:
         20:68:7d:ab:36:d7:a7:93:49:b6:c0:e3:a6:b9:3a:5c:58:c2:
         7e:b0:f1:20:b4:a9:47:12:86:dc:7d:9e:5b:58:d8:1c:3f:b8:
         b2:87:bd:30:9a:76:80:11:fd:ae:82:24:3a:03:ef:ae:2f:e9:
         e6:51:3c:cf:a5:84:c6:a1:50:41:1b:27:7f:3b:86:47:49:9b:
         29:35:ac:32:b1:32:34:72:6b:be:91:38:e4:89:23:10:bc:cd:
         6b:35:88:70:4b:1a:67:b1:9e:10:7a:28:f4:d2:e3:30:a1:d1:
         c6:37:62:dc:c7:9f:6c:4e:33:19:79:04:39:4f:7c:80:6e:11:
         27:ec:c1:c3:8f:d8:68:0b:76:61:4a:10:a5:a6:89:4c:98:a7:
         76:9f:06:26:28:39:7b:49:2f:b0:1c:d2:f5:9f:02:5a:10:c7:
         7c:76:60:d2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf3x4C3pu5LVwJWItKClqfhwX+6QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MDNjZDdiNzFjNzM5ODQyMGM0YWIxNzY5MzkzOWUyZTJk
ODUwYWE3NzAxMDMyYTgyZTVlMzI4OGIwODE1NzYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDct1UWKh8XlQKoK+D0RE5zHTHsRCs6YjdDWppkBlpkc//b
MmLCiMXv9UhNKHJ+gKMDWbOMg69oiIYvtTNFlwMW5IrkqtcF0SJxjVFVBlLhvxqE
mGII9xhUw2I6SdpLeq5RjT9jl25f95o+b/t2haU8Q3LzrDCaVQbTVGwWtoLeyPbJ
wobKag+V2h5G0z9wnDeVwS46mbO14CghZBI58ax9h6Y2a1bVAXgiTjvyAxa/2VEC
qwG5tDEW8scz1Kqjmdc8RrHDmP3ebu3Kd43EyWcFur03eE+kb23r8MWlAXFRqvJG
teL26bV2Kw3nhvoQQ9WKnQHynDUaXv2D6xdoV1L/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeAtzCXa8qD+Uarp4IQ/kANyny48wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU0NzkyOGExLTc5OTYtNDY4OS1hYzIyLTUwZGE0ZDIzMWI5My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjkMAwDQYJKoZIhvcNAQELBQADggEBAF07u4VZ4IxAjOYXGBe5RJRtV07s
UthfN+AZWnlJKtgEKuqlEDykkxvlh708gAnO13JfbACb1KtJIHm9pOwxaNXel9nt
MVvg/kGI76Nh421l/ugnwBZ4oeRfVyBofas216eTSbbA46a5OlxYwn6w8SC0qUcS
htx9nltY2Bw/uLKHvTCadoAR/a6CJDoD764v6eZRPM+lhMahUEEbJ387hkdJmyk1
rDKxMjRya76ROOSJIxC8zWs1iHBLGmexnhB6KPTS4zCh0cY3YtzHn2xOMxl5BDlP
fIBuESfswcOP2GgLdmFKEKWmiUyYp3afBiYoOXtJL7Ac0vWfAloQx3x2YNI=
-----END CERTIFICATE-----