Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65467053-c5f6-4d77-abbd-1f7cf36e1978.roa
File:                     65467053-c5f6-4d77-abbd-1f7cf36e1978.roa (raw, json)
Hash identifier:          nroYXZ1Ieyzi8lZUxOfQ2xsidLAa2lIjcIkgpNMti2U=
Subject key identifier:   50:E4:3A:31:84:11:44:53:58:B3:65:B1:90:99:B4:57:2B:AA:76:4E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6882A372C72811A815BF9319ED8A2058AE441E36
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65467053-c5f6-4d77-abbd-1f7cf36e1978.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        161.99.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:82:a3:72:c7:28:11:a8:15:bf:93:19:ed:8a:20:58:ae:44:1e:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=5adf6c89cc49d2a6f267ca4e14985a97cc5d4954b67c242a0e4d487fdebffaa4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:86:ce:82:26:24:d5:23:fe:17:02:69:e4:24:
                    15:fd:42:29:ed:ff:fa:09:14:32:31:89:39:76:23:
                    43:ca:b1:e6:69:4c:a6:32:56:91:7d:7b:fb:c5:b2:
                    8f:a8:fa:b0:c1:bf:ec:22:d5:2c:15:a7:5c:63:8f:
                    52:66:8b:78:89:7b:a9:1b:74:77:d3:78:0b:6d:c1:
                    59:40:b2:7d:93:0d:4b:e5:45:85:d0:96:3e:0d:e2:
                    b1:42:f4:b6:ba:79:e1:95:bc:51:21:83:b0:85:46:
                    f9:d8:9f:df:b5:ed:5a:db:17:4b:57:d6:d0:5b:a9:
                    63:a9:e0:d3:6d:6d:1d:4e:2c:7b:74:b7:19:01:35:
                    01:72:32:15:48:20:77:92:a2:8b:dd:b1:6c:fe:b0:
                    39:6f:96:85:5b:ff:b9:f2:d3:85:55:42:01:e6:5e:
                    ba:5b:45:36:e8:a4:d4:63:c4:86:5b:b5:26:ea:17:
                    0a:74:08:05:d5:45:b7:f9:60:03:05:d8:e4:fe:29:
                    7a:c3:a9:7f:34:ca:db:db:b0:53:4d:c3:95:75:f2:
                    95:cf:4f:5d:89:91:3d:ec:d8:04:89:e4:97:a6:0e:
                    d2:7e:fe:5c:6a:bd:59:56:51:9d:ed:66:ea:65:d4:
                    77:8e:b5:65:6f:51:c7:6d:4c:b2:a2:ba:4d:2e:de:
                    fc:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:E4:3A:31:84:11:44:53:58:B3:65:B1:90:99:B4:57:2B:AA:76:4E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65467053-c5f6-4d77-abbd-1f7cf36e1978.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.99.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         88:5d:d1:e3:1e:b5:1b:c9:de:2d:70:92:fa:dc:1c:81:88:f5:
         6b:a4:a4:48:a3:6b:6b:0f:86:67:e5:27:3f:9e:30:97:20:fb:
         d1:b3:1c:fe:e8:d0:e9:e7:21:d0:16:00:cd:18:fc:1c:a4:fd:
         07:74:07:fb:2a:a9:73:11:f4:b6:53:93:08:da:db:65:88:e8:
         7a:7c:37:07:b6:72:10:61:68:fc:8b:bc:55:33:35:6f:c0:8b:
         67:f0:05:be:14:8b:84:47:80:04:b6:88:df:ab:e9:6b:86:63:
         60:93:8c:c7:64:7a:6f:ca:c4:12:ea:7f:60:dd:f4:6e:19:c5:
         e1:db:35:85:97:f3:33:5f:25:01:de:d6:fc:c6:98:89:a6:1f:
         8f:10:c4:02:da:54:56:40:a5:9d:53:bd:1a:c8:a1:c6:c1:16:
         6f:75:b3:8d:26:c7:97:4b:cf:e1:08:b1:11:f1:2f:6d:98:35:
         84:87:4c:b6:d0:13:30:78:64:34:4f:b8:83:15:8a:0b:c0:14:
         8d:59:04:fb:2b:0e:12:83:d5:dc:f5:62:5e:80:17:74:54:57:
         a7:8c:75:c1:88:4c:40:ad:53:c0:a7:32:ed:df:0d:91:eb:f1:
         74:21:e7:39:39:68:3b:eb:ab:86:ca:ca:81:4b:0b:1c:46:e4:
         df:ae:f2:59
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaIKjcscoEagVv5MZ7YogWK5EHjYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YWRmNmM4OWNjNDlkMmE2ZjI2N2NhNGUxNDk4NWE5N2Nj
NWQ0OTU0YjY3YzI0MmEwZTRkNDg3ZmRlYmZmYWE0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDhs6CJiTVI/4XAmnkJBX9Qint//oJFDIxiTl2I0PKseZp
TKYyVpF9e/vFso+o+rDBv+wi1SwVp1xjj1Jmi3iJe6kbdHfTeAttwVlAsn2TDUvl
RYXQlj4N4rFC9La6eeGVvFEhg7CFRvnYn9+17VrbF0tX1tBbqWOp4NNtbR1OLHt0
txkBNQFyMhVIIHeSoovdsWz+sDlvloVb/7ny04VVQgHmXrpbRTbopNRjxIZbtSbq
Fwp0CAXVRbf5YAMF2OT+KXrDqX80ytvbsFNNw5V18pXPT12JkT3s2ASJ5JemDtJ+
/lxqvVlWUZ3tZupl1HeOtWVvUcdtTLKiuk0u3vzvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUOQ6MYQRRFNYs2WxkJm0Vyuqdk4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1NDY3MDUzLWM1ZjYtNGQ3Ny1hYmJkLTFmN2NmMzZlMTk3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAehY4AwDQYJKoZIhvcNAQELBQADggEBAIhd0eMetRvJ3i1wkvrcHIGI9Wuk
pEija2sPhmflJz+eMJcg+9GzHP7o0OnnIdAWAM0Y/Byk/Qd0B/sqqXMR9LZTkwja
22WI6Hp8Nwe2chBhaPyLvFUzNW/Ai2fwBb4Ui4RHgAS2iN+r6WuGY2CTjMdkem/K
xBLqf2Dd9G4ZxeHbNYWX8zNfJQHe1vzGmImmH48QxALaVFZApZ1TvRrIocbBFm91
s40mx5dLz+EIsRHxL22YNYSHTLbQEzB4ZDRPuIMVigvAFI1ZBPsrDhKD1dz1Yl6A
F3RUV6eMdcGITECtU8CnMu3fDZHr8XQh5zk5aDvrq4bKyoFLCxxG5N+u8lk=
-----END CERTIFICATE-----