Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565fbde7-2e82-4250-a8dd-4b8d4e28ff5e.roa
File:                     565fbde7-2e82-4250-a8dd-4b8d4e28ff5e.roa (raw, json)
Hash identifier:          ejhz19SIJ51Vt2vCk2j2hAcS0Zp6azImfleU8pNvU/Y=
Subject key identifier:   8E:10:C7:2E:8C:BB:AD:04:A8:EA:91:F0:C7:C3:DF:D5:5C:D6:0C:59
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1946804136CA8AC26D1600C72A0C4B9BAB753F9A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565fbde7-2e82-4250-a8dd-4b8d4e28ff5e.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.0.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:46:80:41:36:ca:8a:c2:6d:16:00:c7:2a:0c:4b:9b:ab:75:3f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:bb:c4:41:d8:63:2e:50:14:8c:cb:61:5f:17:
                    14:4a:6d:a5:76:d4:34:c9:47:52:92:3c:e2:f8:45:
                    92:29:bd:a5:eb:2c:fa:fa:9b:74:0e:9f:ed:f2:99:
                    b8:a6:ac:9a:32:79:ce:fc:18:11:1d:3f:49:9d:36:
                    be:78:60:17:3d:b6:b8:ca:d4:24:7a:05:82:a5:96:
                    70:b8:67:31:6f:6b:11:88:41:6f:2c:b1:3a:7a:38:
                    64:00:41:36:e3:03:58:eb:25:d9:bf:f5:e5:6a:36:
                    40:8c:80:74:9d:26:13:ee:9a:55:14:a9:e3:35:e6:
                    59:72:52:1b:1e:64:99:21:ce:19:8e:24:b5:b9:c5:
                    06:66:06:bc:80:10:7b:a6:86:69:2d:98:18:d8:c9:
                    a2:7a:9e:00:44:a5:dd:d8:b9:06:6f:5b:ce:43:b0:
                    42:8c:ad:30:2c:24:46:93:56:92:0b:28:2b:7c:5f:
                    7b:a0:a1:70:4e:46:b9:5a:c3:a3:b4:13:89:49:cc:
                    15:7d:a0:0d:74:56:98:8b:83:13:24:be:94:a1:42:
                    29:4c:da:ae:05:07:74:03:4e:d3:97:25:08:83:a2:
                    ff:8d:3b:f0:40:ef:65:7f:d1:98:a3:c5:5b:a3:29:
                    64:6e:f4:62:db:54:f7:26:d9:e4:57:fb:ff:03:c6:
                    db:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:10:C7:2E:8C:BB:AD:04:A8:EA:91:F0:C7:C3:DF:D5:5C:D6:0C:59
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/565fbde7-2e82-4250-a8dd-4b8d4e28ff5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d7:ce:f0:f9:08:c9:8c:43:f8:fa:5e:62:51:d1:24:a9:08:b0:
         fb:ac:c2:94:e5:fc:34:82:c9:20:d1:25:3e:18:dc:db:b8:70:
         d9:de:20:ff:6b:de:57:37:6f:3d:cb:1d:79:c4:7e:35:92:c2:
         f4:0a:d7:83:7b:3d:e6:5e:ec:88:67:16:89:c2:1c:61:60:8d:
         86:f6:0a:19:da:4e:52:d2:5f:a7:ae:21:d2:77:2a:b7:7e:56:
         a0:e6:47:61:5c:45:4d:d6:44:95:1b:29:f3:b2:9e:a7:2d:43:
         41:59:80:b9:a2:ce:ed:e1:ae:71:72:82:21:6a:fc:14:cf:6a:
         9a:04:70:89:ab:80:58:bc:c2:e7:ae:01:36:85:f1:32:8d:59:
         4b:0e:41:ee:83:b3:fa:c7:c2:6e:fc:83:fd:e0:1a:99:d2:33:
         41:4e:96:3a:ef:a4:62:ee:f2:db:03:70:ee:23:62:d9:cd:84:
         f9:bb:f6:c8:89:a8:52:f9:9e:25:3b:0e:9b:fb:74:e9:33:8e:
         ed:76:59:ab:37:70:dd:83:c9:0a:04:1d:c3:f1:62:9d:5d:d5:
         37:35:3a:6d:76:b2:1d:7c:e1:56:47:d9:e7:74:2d:35:4a:4d:
         31:f7:b0:97:3b:95:01:8d:63:54:9c:98:7b:d7:e9:03:8d:c3:
         4a:19:b3:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGUaAQTbKisJtFgDHKgxLm6t1P5owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ODZkMjY0N2Q3N2ZkZjRkMGJkODI2YTgwMDNjYzRjODQ4
NzQ4M2Q1NTVjYWExYmNlMGQyNDAxMmNhNTI1ZTcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCju8RB2GMuUBSMy2FfFxRKbaV21DTJR1KSPOL4RZIpvaXr
LPr6m3QOn+3ymbimrJoyec78GBEdP0mdNr54YBc9trjK1CR6BYKllnC4ZzFvaxGI
QW8ssTp6OGQAQTbjA1jrJdm/9eVqNkCMgHSdJhPumlUUqeM15llyUhseZJkhzhmO
JLW5xQZmBryAEHumhmktmBjYyaJ6ngBEpd3YuQZvW85DsEKMrTAsJEaTVpILKCt8
X3ugoXBORrlaw6O0E4lJzBV9oA10VpiLgxMkvpShQilM2q4FB3QDTtOXJQiDov+N
O/BA72V/0ZijxVujKWRu9GLbVPcm2eRX+/8DxtsrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUjhDHLoy7rQSo6pHwx8Pf1VzWDFkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2NWZiZGU3LTJlODItNDI1MC1hOGRkLTRiOGQ0ZTI4ZmY1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBARjTQAwDQYJKoZIhvcNAQELBQADggEBANfO8PkIyYxD+PpeYlHRJKkIsPus
wpTl/DSCySDRJT4Y3Nu4cNneIP9r3lc3bz3LHXnEfjWSwvQK14N7PeZe7IhnFonC
HGFgjYb2ChnaTlLSX6euIdJ3Krd+VqDmR2FcRU3WRJUbKfOynqctQ0FZgLmizu3h
rnFygiFq/BTPapoEcImrgFi8wueuATaF8TKNWUsOQe6Ds/rHwm78g/3gGpnSM0FO
ljrvpGLu8tsDcO4jYtnNhPm79siJqFL5niU7Dpv7dOkzju12Was3cN2DyQoEHcPx
Yp1d1Tc1Om12sh184VZH2ed0LTVKTTH3sJc7lQGNY1ScmHvX6QONw0oZs/k=
-----END CERTIFICATE-----