Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d51ae661-222c-4615-86b1-4455f5d2cdea.roa
File:                     d51ae661-222c-4615-86b1-4455f5d2cdea.roa (raw, json)
Hash identifier:          rsge06SQqGetu+qUOFO5DF6V7vCGYEY8bPv2SNs3QzA=
Subject key identifier:   B7:38:0E:85:CC:DB:A8:C9:5A:83:86:DE:96:BE:F2:45:C3:63:EC:13
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       28EBFF12BA5129D17042B7E34FE319207FA7F5C9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d51ae661-222c-4615-86b1-4455f5d2cdea.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.78.184.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:eb:ff:12:ba:51:29:d1:70:42:b7:e3:4f:e3:19:20:7f:a7:f5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a2:1f:55:0f:f7:1b:ee:a4:53:a7:17:69:68:
                    3b:69:69:e6:52:b7:d3:cf:e7:02:7f:10:7d:06:77:
                    cf:b3:be:04:2a:6b:50:7b:af:13:63:fc:4b:95:cc:
                    67:b6:33:43:6e:9f:a7:20:df:4b:b2:3f:c7:b7:61:
                    dc:f8:26:b4:4f:55:63:c1:12:94:df:4d:c0:e4:2f:
                    43:e9:52:68:c8:16:c5:17:a9:2b:76:ec:35:da:fa:
                    b8:86:32:61:10:69:85:5e:1e:54:35:64:a9:70:c6:
                    31:22:26:08:63:f1:7b:56:9a:14:7e:a9:b4:9f:02:
                    74:cc:e1:19:51:42:8a:5a:cf:65:66:8d:2b:9b:dc:
                    0f:a3:65:e1:dc:5d:97:34:9a:50:25:4a:f1:67:4f:
                    11:0b:1f:85:2d:7b:80:2f:70:f6:ad:14:cd:53:54:
                    1f:9a:93:73:75:7e:bb:64:f7:a5:8d:b3:89:c2:68:
                    22:a6:fc:04:80:54:68:ef:ec:1d:82:e2:1c:7f:23:
                    88:a1:ca:53:ae:20:f3:93:14:da:e5:8c:3c:9d:4b:
                    c5:c3:e5:e8:d6:5c:06:47:84:6d:f7:3f:71:4f:18:
                    0f:b7:66:ac:22:6b:f3:f3:3c:d0:d2:f2:9e:b6:f9:
                    66:b1:b9:01:56:f3:86:9f:26:a2:46:ee:3a:e3:f6:
                    6a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:38:0E:85:CC:DB:A8:C9:5A:83:86:DE:96:BE:F2:45:C3:63:EC:13
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d51ae661-222c-4615-86b1-4455f5d2cdea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.78.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:a4:2f:02:34:2c:e3:95:3b:2d:2c:34:24:8e:e5:55:29:93:
         3d:5b:1d:d9:4a:be:ef:a7:ec:3c:08:35:47:d7:d8:b5:61:21:
         29:a8:0a:ac:5a:6c:37:52:e4:d1:7e:98:ad:c2:22:0d:f8:d2:
         53:62:4d:e5:b3:29:0c:28:46:01:ca:75:e9:25:42:76:ad:d6:
         05:a1:27:f8:82:95:5d:a7:f5:85:2f:3e:2c:0f:d9:07:f1:c6:
         03:a0:3e:c0:11:c1:c8:47:c5:4c:1d:f6:a9:fc:56:bc:99:90:
         6e:6d:e0:0d:24:30:8c:e9:fd:64:39:2c:08:39:6c:f0:04:94:
         1a:31:de:6f:b3:83:60:e0:8e:6b:e2:ca:ce:57:0d:26:b7:92:
         9c:d6:d8:2b:f5:95:8a:83:e5:2f:46:e2:eb:4b:27:19:6a:39:
         0d:6d:5a:ab:c8:44:54:e6:37:ae:b2:bd:ef:34:ce:0b:e4:ab:
         18:96:67:b7:52:62:7f:5c:f5:b0:28:71:41:ca:5f:08:e4:bc:
         a9:9e:6a:ad:ac:38:5d:16:da:09:53:07:e5:51:fc:fc:5e:a6:
         59:62:44:ac:ba:db:9f:3f:47:8b:a3:0e:7f:5d:e8:c2:29:a9:
         63:5c:e6:ef:f4:a5:0e:bc:30:4f:e2:2e:7a:6e:31:a3:5d:da:
         02:4a:30:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKOv/ErpRKdFwQrfjT+MZIH+n9ckwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhOTdkY2ExNjc2YzA5OTVhOTVkNjlhMmMwYTkyNzE3MDVi
YmI5ZTcyZDE5MWQ1OTg4NzJiNTczYzIwODdjNjc4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6oh9VD/cb7qRTpxdpaDtpaeZSt9PP5wJ/EH0Gd8+zvgQq
a1B7rxNj/EuVzGe2M0Nun6cg30uyP8e3Ydz4JrRPVWPBEpTfTcDkL0PpUmjIFsUX
qSt27DXa+riGMmEQaYVeHlQ1ZKlwxjEiJghj8XtWmhR+qbSfAnTM4RlRQopaz2Vm
jSub3A+jZeHcXZc0mlAlSvFnTxELH4Ute4AvcPatFM1TVB+ak3N1frtk96WNs4nC
aCKm/ASAVGjv7B2C4hx/I4ihylOuIPOTFNrljDydS8XD5ejWXAZHhG33P3FPGA+3
Zqwia/PzPNDS8p62+WaxuQFW84afJqJG7jrj9mqxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtzgOhczbqMlag4belr7yRcNj7BMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q1MWFlNjYxLTIyMmMtNDYxNS04NmIxLTQ0NTVmNWQyY2RlYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjTrgwDQYJKoZIhvcNAQELBQADggEBACmkLwI0LOOVOy0sNCSO5VUpkz1b
HdlKvu+n7DwINUfX2LVhISmoCqxabDdS5NF+mK3CIg340lNiTeWzKQwoRgHKdekl
Qnat1gWhJ/iClV2n9YUvPiwP2QfxxgOgPsARwchHxUwd9qn8VryZkG5t4A0kMIzp
/WQ5LAg5bPAElBox3m+zg2Dgjmviys5XDSa3kpzW2Cv1lYqD5S9G4utLJxlqOQ1t
WqvIRFTmN66yve80zgvkqxiWZ7dSYn9c9bAocUHKXwjkvKmeaq2sOF0W2glTB+VR
/PxeplliRKy6258/R4ujDn9d6MIpqWNc5u/0pQ68ME/iLnpuMaNd2gJKMOM=
-----END CERTIFICATE-----