Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/825c9753-a4c7-4ccd-9bdd-f034a8ee6f7f.roa
File:                     825c9753-a4c7-4ccd-9bdd-f034a8ee6f7f.roa (raw, json)
Hash identifier:          ltj37T1l3OmqDT+uE0+hQQtJDTIOGnK4WL81OzctuFA=
Subject key identifier:   DD:A6:AC:B8:D5:EA:BC:09:54:98:D4:CD:9B:D6:49:2E:D4:4A:42:73
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CD8823087B9BA183E5C48A88E35E3EF896C2E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/825c9753-a4c7-4ccd-9bdd-f034a8ee6f7f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        99.156.192.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:d8:82:30:87:b9:ba:18:3e:5c:48:a8:8e:35:e3:ef:89:6c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:23:9e:08:e8:a9:02:82:6f:c9:df:a6:28:b9:
                    0f:f2:44:94:83:c2:d0:ba:02:21:67:dc:a1:45:17:
                    ad:05:39:ec:f5:35:a3:c6:83:69:92:90:62:d9:03:
                    a4:bb:30:f6:51:16:e6:4a:d4:d1:4a:90:2c:a0:47:
                    89:ad:9d:80:a2:b8:01:fa:a5:3e:df:da:cd:60:0b:
                    1a:d3:80:15:4d:2a:04:d8:5f:b4:bc:9f:1c:5d:85:
                    47:c4:08:33:2f:c7:91:09:c3:db:b9:b9:db:0f:ea:
                    1b:8e:39:af:0b:4f:44:04:5d:d9:79:0e:a3:80:9f:
                    45:8b:d8:7c:0a:22:a6:e1:aa:e4:d1:e9:7a:e3:45:
                    e2:b2:ac:08:53:58:25:13:3f:38:44:3b:2b:b0:82:
                    d9:d7:72:44:d7:3a:f3:c2:1c:f5:93:08:d9:7e:34:
                    0d:92:1a:1a:f7:90:d3:81:8e:ed:08:ab:a3:d2:aa:
                    15:57:20:9d:cf:61:5d:20:da:e4:3e:a3:37:9a:51:
                    db:46:68:62:4b:5f:b8:8a:64:0a:6d:a3:81:03:a1:
                    4d:47:b3:1f:23:dc:15:3a:40:36:67:19:8c:fa:11:
                    b8:ea:9d:ea:78:f8:3d:5d:58:7f:61:ee:87:fb:42:
                    39:63:cc:73:b4:e7:b5:3c:a7:bc:79:32:90:c9:c1:
                    ff:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A6:AC:B8:D5:EA:BC:09:54:98:D4:CD:9B:D6:49:2E:D4:4A:42:73
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/825c9753-a4c7-4ccd-9bdd-f034a8ee6f7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.156.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         8b:6b:e8:91:4f:47:71:20:5b:a3:69:af:32:55:04:3d:a3:d5:
         7c:84:00:ba:09:2e:fa:06:31:3e:44:46:6b:b7:0d:06:73:3b:
         28:14:da:0f:47:59:f2:9f:5d:71:79:00:b8:27:fd:58:76:38:
         00:4d:a3:59:91:24:76:28:58:ee:9c:a7:a0:da:76:2b:3c:bd:
         18:0a:9e:7d:b7:3a:d0:fd:ec:fe:74:8a:27:37:40:92:ef:d5:
         e7:fb:17:84:ae:20:1d:d3:a9:a9:1d:25:07:0c:86:43:30:df:
         23:6f:05:3a:e4:1d:43:5c:c7:e2:4d:f2:59:7b:33:4a:1f:05:
         ea:8c:90:04:a1:3a:ec:77:f4:cd:2a:18:8b:2c:5c:15:a4:e1:
         2f:24:ed:ff:22:4a:d2:5b:6b:43:6f:0a:5d:82:1e:da:d3:e4:
         ce:65:87:b4:6d:9a:e0:11:61:bd:5f:06:d8:e1:3a:c5:09:fe:
         72:54:d8:79:ea:73:bc:6a:82:6d:d7:1a:3b:9d:44:33:54:6a:
         12:2d:47:58:f4:8f:e7:16:cc:c8:6f:e1:7b:74:ac:4d:dd:30:
         33:cd:2d:12:9e:b9:46:8a:6e:bf:ee:93:ef:78:e9:12:02:11:
         e0:44:18:12:5e:a9:67:2c:51:70:ab:b2:4c:cc:43:94:89:08:
         f7:e9:56:ef
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITTNiCMIe5uhg+XEiojjXj74lsLjANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI2ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAxOGQ0MmJlMzU4ZWIz
NzEwN2RiZThjYjcxZDBhNzAeFw0yNDEyMjcwMDAwMDBaFw0yNTAxMzEyMzU5NTla
MHoxSTBHBgNVBAUTQDg1MzRmODk0MmE4ODI1OWViZTJjZWY4YTZmNDkxYjU0NWU1
NjhiZmI0NTYzMzlhOWJmYjM0YmRmZjZmYTdkMWUxLTArBgNVBAMTJGIyNWM5NzBm
LWQ4MTMtNDQ1Yy1iZmUyLTYyNjY4NTE4Yzg3ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK8jngjoqQKCb8nfpii5D/JElIPC0LoCIWfcoUUXrQU57PU1
o8aDaZKQYtkDpLsw9lEW5krU0UqQLKBHia2dgKK4AfqlPt/azWALGtOAFU0qBNhf
tLyfHF2FR8QIMy/HkQnD27m52w/qG445rwtPRARd2XkOo4CfRYvYfAoipuGq5NHp
euNF4rKsCFNYJRM/OEQ7K7CC2ddyRNc688Ic9ZMI2X40DZIaGveQ04GO7Qiro9Kq
FVcgnc9hXSDa5D6jN5pR20ZoYktfuIpkCm2jgQOhTUezHyPcFTpANmcZjPoRuOqd
6nj4PV1Yf2Huh/tCOWPMc7TntTynvHkykMnB/6ECAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBTdpqy41eq8CVSY1M2b1kku1EpCczAfBgNVHSMEGDAWgBQQXdeNVXhAq0Nd
vRUhII8p+kk/rjAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MmEyNDY5NDctMmQ2Mi00YTZjLWJhMDUtODcxODdmMDA5OWIyLzFiYTMwMmI4LThk
YWItNDkxZC1iOWVkLWQ3YzkyZDAzMGQ4Mi82ZWQ4OGNhZDExZmVhYzc3NDQ5ZjAx
OGQ0MmJlMzU4ZWIzNzEwN2RiZThjYjcxZDBhNy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8yMGFhMzI5Yi1mYzUyLTRjNjEtYmY1My0wOTcy
NWMwNDI5NDIvODI1Yzk3NTMtYTRjNy00Y2NkLTliZGQtZjAzNGE4ZWU2ZjdmLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMt
MDk3MjVjMDQyOTQyL19xeDNSSjhCalVLLU5ZNnpjUWZiNk10eDBLYy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEBmOcwDANBgkqhkiG9w0BAQsFAAOCAQEAi2vokU9HcSBbo2mvMlUEPaPVfIQA
ugku+gYxPkRGa7cNBnM7KBTaD0dZ8p9dcXkAuCf9WHY4AE2jWZEkdihY7pynoNp2
Kzy9GAqefbc60P3s/nSKJzdAku/V5/sXhK4gHdOpqR0lBwyGQzDfI28FOuQdQ1zH
4k3yWXszSh8F6oyQBKE67Hf0zSoYiyxcFaThLyTt/yJK0ltrQ28KXYIe2tPkzmWH
tG2a4BFhvV8G2OE6xQn+clTYeepzvGqCbdcaO51EM1RqEi1HWPSP5xbMyG/he3Ss
Td0wM80tEp65Ropuv+6T73jpEgIR4EQYEl6pZyxRcKuyTMxDlIkI9+lW7w==
-----END CERTIFICATE-----