Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65f36925-4ac2-4995-b3b2-b00a686181ce.roa
File:                     65f36925-4ac2-4995-b3b2-b00a686181ce.roa (raw, json)
Hash identifier:          hHNnQuzrm4a1hWEoew6rjja7oBJsYMmw8IfsSrLTsfk=
Subject key identifier:   39:2B:DB:31:59:C1:C0:6F:AB:A8:E4:FD:C4:72:13:DA:9F:3A:32:88
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5AA5E5A665F8E990BCA2C890DD00AC9ED657E553
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65f36925-4ac2-4995-b3b2-b00a686181ce.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.78.200.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:a5:e5:a6:65:f8:e9:90:bc:a2:c8:90:dd:00:ac:9e:d6:57:e5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:80:32:3a:1b:de:db:3b:d6:57:56:52:8e:0f:
                    d2:cf:86:be:e2:53:63:c1:80:12:e5:b7:9f:4e:fd:
                    b9:7e:89:6e:cd:70:1c:74:20:fa:1d:17:ea:c7:9d:
                    9d:89:86:ed:ed:73:90:c8:60:b7:2c:48:74:e9:6e:
                    b2:1d:19:8b:b8:52:6d:d5:d6:a0:a5:56:74:cc:54:
                    04:f6:00:54:23:af:c9:9d:23:71:ec:dd:12:f5:cd:
                    16:7c:14:df:10:00:df:72:c5:5a:a6:d2:11:a4:ff:
                    1f:bd:2b:05:5f:3e:e8:9e:7c:32:33:ea:4f:0e:ba:
                    9f:ce:62:91:9f:a1:90:74:46:9d:85:0f:52:70:5e:
                    0f:0f:cb:c0:ed:70:dd:60:7e:62:17:65:46:f2:9f:
                    b1:e2:91:74:0e:6e:2a:c6:81:f5:00:55:1d:60:a7:
                    56:3f:d5:fa:9c:22:12:ca:00:63:54:95:95:52:27:
                    a2:d1:48:ed:66:33:d6:2a:53:ed:29:ee:79:17:ea:
                    74:1a:db:bc:5b:12:7c:e5:cd:db:b0:5c:a7:88:75:
                    f3:42:79:52:26:12:f3:cc:4f:8f:ff:4b:e4:a6:1c:
                    bf:8b:44:6f:fd:6c:b9:01:cd:aa:e7:7f:b5:70:84:
                    50:72:3f:3c:dc:62:9a:1f:c0:65:97:8c:b7:c0:6d:
                    fb:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:2B:DB:31:59:C1:C0:6F:AB:A8:E4:FD:C4:72:13:DA:9F:3A:32:88
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/65f36925-4ac2-4995-b3b2-b00a686181ce.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.78.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         20:43:e0:21:a3:a0:f1:80:24:2a:a1:90:03:3c:5c:61:a2:aa:
         53:12:71:ac:38:ec:73:c7:7e:f9:34:0e:c5:29:53:c1:61:b1:
         da:e7:54:45:f4:9d:21:6d:da:f8:bc:97:e9:6c:5e:11:4f:73:
         44:42:37:9c:8d:32:7d:e9:36:18:47:69:98:9b:2b:20:84:81:
         0f:53:6d:d2:0b:8b:19:61:92:0e:6b:26:4d:8a:08:79:5f:64:
         37:11:28:8a:fe:75:29:58:bf:da:4a:b8:bd:48:6e:48:7e:26:
         77:a3:97:2f:92:40:fd:6b:54:c1:86:03:59:80:14:65:5c:e6:
         83:c5:77:16:3d:66:3a:77:31:e3:3e:35:36:ad:92:96:83:f6:
         0a:d7:bf:2b:3c:18:3e:9f:5b:07:3d:28:95:f3:11:a6:d5:25:
         fb:e5:ed:fc:ef:ca:08:0a:ad:c1:02:ec:1e:40:1d:2c:0d:02:
         52:1a:ee:37:cf:25:90:a3:7a:98:29:d1:42:09:42:00:e7:9c:
         01:04:86:02:33:9a:b9:ce:04:ca:06:f9:43:1f:8a:61:bf:c8:
         21:36:de:9c:2f:87:80:64:15:a3:fd:d1:69:8b:d0:c4:04:19:
         d0:88:bd:7d:ec:89:37:69:2f:d9:78:20:fe:56:5c:53:65:6f:
         73:af:6c:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWqXlpmX46ZC8osiQ3QCsntZX5VMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A5NmYwMTk0N2Y1ZjUxMTFmOWM3NGZhODQ5ZTkzZDUyZDM4
MGRjNzhlNTQxNDczZGFkZDAxNzA2NjI3YjE5M2E3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvgDI6G97bO9ZXVlKOD9LPhr7iU2PBgBLlt59O/bl+iW7N
cBx0IPodF+rHnZ2Jhu3tc5DIYLcsSHTpbrIdGYu4Um3V1qClVnTMVAT2AFQjr8md
I3Hs3RL1zRZ8FN8QAN9yxVqm0hGk/x+9KwVfPuiefDIz6k8Oup/OYpGfoZB0Rp2F
D1JwXg8Py8DtcN1gfmIXZUbyn7HikXQObirGgfUAVR1gp1Y/1fqcIhLKAGNUlZVS
J6LRSO1mM9YqU+0p7nkX6nQa27xbEnzlzduwXKeIdfNCeVImEvPMT4//S+SmHL+L
RG/9bLkBzarnf7VwhFByPzzcYpofwGWXjLfAbfsdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUOSvbMVnBwG+rqOT9xHIT2p86MogwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY1ZjM2OTI1LTRhYzItNDk5NS1iM2IyLWIwMGE2ODYxODFjZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjTsgwDQYJKoZIhvcNAQELBQADggEBACBD4CGjoPGAJCqhkAM8XGGiqlMS
caw47HPHfvk0DsUpU8FhsdrnVEX0nSFt2vi8l+lsXhFPc0RCN5yNMn3pNhhHaZib
KyCEgQ9TbdILixlhkg5rJk2KCHlfZDcRKIr+dSlYv9pKuL1Ibkh+Jnejly+SQP1r
VMGGA1mAFGVc5oPFdxY9Zjp3MeM+NTatkpaD9grXvys8GD6fWwc9KJXzEabVJfvl
7fzvyggKrcEC7B5AHSwNAlIa7jfPJZCjepgp0UIJQgDnnAEEhgIzmrnOBMoG+UMf
imG/yCE23pwvh4BkFaP90WmL0MQEGdCIvX3siTdpL9l4IP5WXFNlb3OvbBU=
-----END CERTIFICATE-----