Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa87be32-1642-4058-b2ca-2d0f9d1bf3f5.roa
File:                     aa87be32-1642-4058-b2ca-2d0f9d1bf3f5.roa (raw, json)
Hash identifier:          vQPEfOOvQqIolfFF2DHhizvqaZqLHbNWHbxq1g8KlJc=
Subject key identifier:   67:5A:44:EA:52:D8:09:2C:43:12:7B:CC:5F:68:F4:76:12:F2:F9:D3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       744A69EAADACDD7A3E3ECA45B42FDD5AC06A74B8
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa87be32-1642-4058-b2ca-2d0f9d1bf3f5.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        99.87.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:4a:69:ea:ad:ac:dd:7a:3e:3e:ca:45:b4:2f:dd:5a:c0:6a:74:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:65:79:e0:87:5b:e6:dd:bc:5b:c9:ac:fb:ad:
                    81:84:cc:d7:b7:ae:1d:ad:19:90:15:9a:37:b8:2d:
                    ef:11:af:53:67:38:35:1c:f6:7d:ef:7d:b1:6b:29:
                    d4:89:1f:56:fc:a8:27:14:f5:4a:f1:1d:e6:e2:bd:
                    13:92:96:03:10:42:5b:24:ce:34:74:d7:1e:b8:aa:
                    9c:78:8f:14:c1:a6:9e:63:80:2d:65:06:fc:8f:c8:
                    76:22:7b:bc:8c:6d:c2:89:a2:3e:14:db:45:52:be:
                    2a:dd:59:e1:38:62:54:3b:0e:6c:a3:94:dd:e6:53:
                    24:07:bd:8c:4f:c5:31:eb:af:26:08:cc:a4:df:c6:
                    b9:8c:39:11:1b:3f:3d:af:dd:cf:bc:56:3b:0d:00:
                    2d:11:e9:c8:43:45:da:e1:8d:48:22:63:bc:41:25:
                    57:7b:e6:83:b7:7b:87:e9:c6:07:b7:b1:ec:56:4d:
                    07:b3:6d:19:0d:2b:00:29:ee:9c:21:c4:78:be:f1:
                    4f:8f:d9:f5:a2:ea:2b:4d:64:7c:37:4c:29:a6:06:
                    ac:28:04:1b:89:8d:a7:a9:f4:41:25:92:c3:72:4d:
                    be:c8:2c:74:00:7d:2f:e3:9d:b2:d3:15:21:aa:c0:
                    ac:1b:cc:f0:8b:c0:11:d5:04:7f:1c:2d:91:e5:ae:
                    58:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:5A:44:EA:52:D8:09:2C:43:12:7B:CC:5F:68:F4:76:12:F2:F9:D3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/aa87be32-1642-4058-b2ca-2d0f9d1bf3f5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.87.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         38:9a:f5:6c:87:02:48:4e:f4:67:cb:71:55:0e:21:1c:68:98:
         aa:2d:09:5b:80:ba:a2:d5:f8:55:7e:0e:d1:36:0d:38:6c:40:
         a2:71:70:e1:26:08:c4:4d:52:9a:a3:33:e4:96:35:9e:bb:b0:
         9f:95:b7:a0:c5:e0:e0:18:a3:59:8e:18:dd:33:7a:15:c7:b7:
         3e:f9:3d:6e:42:70:18:2c:09:86:3c:ce:71:66:73:5f:e6:a0:
         0d:bf:d1:63:95:5f:35:ca:03:72:cc:18:50:ca:dd:c0:cf:5f:
         17:7d:cc:7f:53:94:17:57:20:b2:ff:5f:de:d8:93:3a:eb:2a:
         88:9c:6a:d4:44:09:b3:36:09:6e:52:b3:e4:a2:47:f2:35:27:
         3b:b6:f5:78:af:2c:b3:4f:ed:d1:c3:e4:19:ba:f7:a4:db:85:
         86:78:50:c6:d1:ad:fb:56:de:38:44:17:f9:28:5a:03:5d:6a:
         21:fb:71:bb:38:99:da:76:e4:7b:5b:57:29:80:c0:3f:ee:60:
         ba:92:7d:66:7c:64:7c:04:12:ef:f9:76:f8:f6:51:a7:ee:a2:
         10:f1:c0:f1:c8:3c:fc:2e:f2:6d:bf:1c:45:41:45:ca:04:a5:
         68:24:f7:bc:f2:8b:a7:99:72:0c:77:dc:f7:d4:01:cb:fd:01:
         24:88:d0:11
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdEpp6q2s3Xo+PspFtC/dWsBqdLgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMWEyZmNmZGE0NThkMzNmZGVjYjExZTUxMGUzMzM2Njg2
OGRiNWFlOWRjYzc2YmE1MzQ4MmJjZGZlMThhODY5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0ZXngh1vm3bxbyaz7rYGEzNe3rh2tGZAVmje4Le8Rr1Nn
ODUc9n3vfbFrKdSJH1b8qCcU9UrxHebivROSlgMQQlskzjR01x64qpx4jxTBpp5j
gC1lBvyPyHYie7yMbcKJoj4U20VSvirdWeE4YlQ7DmyjlN3mUyQHvYxPxTHrryYI
zKTfxrmMOREbPz2v3c+8VjsNAC0R6chDRdrhjUgiY7xBJVd75oO3e4fpxge3sexW
TQezbRkNKwAp7pwhxHi+8U+P2fWi6itNZHw3TCmmBqwoBBuJjaep9EElksNyTb7I
LHQAfS/jnbLTFSGqwKwbzPCLwBHVBH8cLZHlrlhRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ1pE6lLYCSxDEnvMX2j0dhLy+dMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FhODdiZTMyLTE2NDItNDA1OC1iMmNhLTJkMGY5ZDFiZjNmNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAZjV4AwDQYJKoZIhvcNAQELBQADggEBADia9WyHAkhO9GfLcVUOIRxomKot
CVuAuqLV+FV+DtE2DThsQKJxcOEmCMRNUpqjM+SWNZ67sJ+Vt6DF4OAYo1mOGN0z
ehXHtz75PW5CcBgsCYY8znFmc1/moA2/0WOVXzXKA3LMGFDK3cDPXxd9zH9TlBdX
ILL/X97YkzrrKoicatRECbM2CW5Ss+SiR/I1Jzu29XivLLNP7dHD5Bm696TbhYZ4
UMbRrftW3jhEF/koWgNdaiH7cbs4mdp25HtbVymAwD/uYLqSfWZ8ZHwEEu/5dvj2
UafuohDxwPHIPPwu8m2/HEVBRcoEpWgk97zyi6eZcgx33PfUAcv9ASSI0BE=
-----END CERTIFICATE-----