Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/636511bb-6fd0-43d6-9afa-224b33dead35.roa
File:                     636511bb-6fd0-43d6-9afa-224b33dead35.roa (raw, json)
Hash identifier:          asPS1kBUYmO4wmHf657KgB/fwmnRF6AfTwGtnNTBkJY=
Subject key identifier:   F4:31:37:63:A3:A6:6A:E1:59:12:99:EF:03:14:EC:74:96:F8:E6:91
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7BBB87E999293B1DDE8A51342092913A89BEB24D
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/636511bb-6fd0-43d6-9afa-224b33dead35.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.77.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:bb:87:e9:99:29:3b:1d:de:8a:51:34:20:92:91:3a:89:be:b2:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e7:d2:94:99:ef:66:18:ae:3e:c5:75:69:92:
                    79:4f:af:ba:65:be:d3:f6:fc:6a:79:b5:a2:f3:2e:
                    61:16:88:d8:1f:39:3a:55:8f:8f:c9:c8:11:89:62:
                    01:f0:a4:e1:fd:8b:8b:0e:5d:d9:3b:55:0c:01:a2:
                    05:f0:63:4e:ee:b4:e2:74:c9:68:8a:74:56:50:fd:
                    ab:c4:00:e8:c6:e7:15:5a:fa:4c:95:42:48:7b:29:
                    d4:df:b3:44:02:52:3c:27:82:77:46:51:52:c5:55:
                    09:cb:e7:47:d8:2b:43:78:d9:46:dc:ee:79:14:4f:
                    82:63:99:66:0b:e5:ae:c0:2a:bf:0d:cb:41:47:f0:
                    8f:5c:c6:6b:13:66:52:3c:70:d6:d1:8f:93:f6:44:
                    3e:26:73:44:21:6a:e2:41:5b:f8:a0:a8:5d:99:3e:
                    5a:b1:1a:be:44:f8:d7:01:98:4c:a3:bd:f4:b7:80:
                    a4:72:7e:a4:77:d5:5d:4e:0a:ae:d6:71:68:6f:c9:
                    b9:49:2f:06:12:b3:0f:71:61:13:b4:49:21:7c:55:
                    e4:d3:e8:d4:9f:35:48:39:42:6e:9e:a8:1c:38:f9:
                    df:c0:e6:cf:84:93:b0:56:4f:e3:f3:2b:9d:00:6d:
                    7e:f5:1e:61:65:cd:39:05:3d:53:18:18:f3:7f:d0:
                    fe:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:31:37:63:A3:A6:6A:E1:59:12:99:EF:03:14:EC:74:96:F8:E6:91
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/636511bb-6fd0-43d6-9afa-224b33dead35.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.77.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         9f:f1:2f:5f:cb:6e:59:86:76:25:27:02:76:db:9d:06:ca:48:
         d7:b7:07:e3:09:f2:43:a7:c4:22:c2:f0:af:a1:d5:64:5b:19:
         3d:09:db:b8:3e:6d:ba:2d:c7:25:28:f4:51:40:7e:27:8b:0c:
         70:bd:d0:0a:4b:5f:bc:1a:5a:ca:c8:24:cb:f8:3c:99:62:e2:
         d7:0d:5a:9b:c7:c4:b6:cd:2e:c1:a6:9b:da:53:68:9b:5e:33:
         02:56:dc:3e:e0:6b:df:b6:3a:ce:5a:5b:67:2c:b7:4f:78:1d:
         72:13:8c:c2:3a:54:82:e6:fd:45:72:0f:a6:c9:c7:ff:db:87:
         a4:45:87:0c:cb:54:d2:e2:9c:d2:0a:56:ec:73:28:95:dc:2a:
         f3:2d:67:01:52:40:7f:85:ce:9d:6e:8b:48:f7:d2:86:8c:fb:
         94:57:20:e8:10:9f:9e:d6:55:59:62:e1:b1:6c:f7:2b:82:68:
         86:48:43:af:9c:be:bf:61:19:9c:06:38:22:ef:2a:f3:3c:b6:
         56:ed:b6:c1:51:01:00:c5:a5:0d:18:50:a2:3d:04:8d:38:0a:
         1f:5c:fe:bc:d7:bd:fa:56:1b:f4:4e:44:a3:34:9a:d6:15:21:
         ea:34:34:1c:ae:b3:34:d4:4f:18:46:59:99:83:35:69:c0:02:
         5c:e7:0e:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe7uH6ZkpOx3eilE0IJKROom+sk0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A1MzhkMTY3NzJmNmQxY2E4Y2M3NDdiZTFlNjMzMzA1MDA1
ZTM5ZTY4ZDU1YzdjZTU0Yzc3MThjYWE0ZjczMGVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC859KUme9mGK4+xXVpknlPr7plvtP2/Gp5taLzLmEWiNgf
OTpVj4/JyBGJYgHwpOH9i4sOXdk7VQwBogXwY07utOJ0yWiKdFZQ/avEAOjG5xVa
+kyVQkh7KdTfs0QCUjwngndGUVLFVQnL50fYK0N42Ubc7nkUT4JjmWYL5a7AKr8N
y0FH8I9cxmsTZlI8cNbRj5P2RD4mc0QhauJBW/igqF2ZPlqxGr5E+NcBmEyjvfS3
gKRyfqR31V1OCq7WcWhvyblJLwYSsw9xYRO0SSF8VeTT6NSfNUg5Qm6eqBw4+d/A
5s+Ek7BWT+PzK50AbX71HmFlzTkFPVMYGPN/0P7JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9DE3Y6OmauFZEpnvAxTsdJb45pEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzYzNjUxMWJiLTZmZDAtNDNkNi05YWZhLTIyNGIzM2RlYWQzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAdjTYAwDQYJKoZIhvcNAQELBQADggEBAJ/xL1/LblmGdiUnAnbbnQbKSNe3
B+MJ8kOnxCLC8K+h1WRbGT0J27g+bbotxyUo9FFAfieLDHC90ApLX7waWsrIJMv4
PJli4tcNWpvHxLbNLsGmm9pTaJteMwJW3D7ga9+2Os5aW2cst094HXITjMI6VILm
/UVyD6bJx//bh6RFhwzLVNLinNIKVuxzKJXcKvMtZwFSQH+Fzp1ui0j30oaM+5RX
IOgQn57WVVli4bFs9yuCaIZIQ6+cvr9hGZwGOCLvKvM8tlbttsFRAQDFpQ0YUKI9
BI04Ch9c/rzXvfpWG/RORKM0mtYVIeo0NByuszTUTxhGWZmDNWnAAlznDr4=
-----END CERTIFICATE-----