Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d84ddace-20b9-4ca3-be5d-b63aaa0ee494.roa
File:                     d84ddace-20b9-4ca3-be5d-b63aaa0ee494.roa (raw, json)
Hash identifier:          ylrEe37hTS5BQ/6t4FTl2k8L4jJoY2sAC0BRPofbWe8=
Subject key identifier:   35:4F:E8:E9:03:DA:B3:24:CE:98:3B:F3:5D:19:A1:81:3E:CC:C5:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7EA0F6197EB673FE270A3531B81E65679ED0B96A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d84ddace-20b9-4ca3-be5d-b63aaa0ee494.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.64.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:a0:f6:19:7e:b6:73:fe:27:0a:35:31:b8:1e:65:67:9e:d0:b9:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c9:d2:58:80:f4:b7:30:6b:87:7d:fd:c2:4a:
                    32:21:c8:55:11:fa:2f:82:cf:ce:ef:9d:02:52:73:
                    78:a2:a8:8d:8b:d1:32:4a:93:c5:a2:8c:ff:da:c5:
                    72:d1:fa:7e:50:0c:93:62:8c:fa:4a:b1:c6:82:06:
                    45:45:13:fd:13:12:c9:b8:4c:8b:81:e7:22:35:58:
                    9c:25:be:18:c3:8c:32:46:d7:18:29:da:fa:87:ac:
                    eb:c3:7b:b2:da:e8:b4:f6:79:56:cb:bd:86:bc:4c:
                    e1:45:63:bb:f4:ef:4f:17:de:04:6d:5d:f5:29:6d:
                    7a:c2:52:32:93:70:ff:78:c8:f7:05:55:6f:65:7d:
                    d4:b1:ab:d0:de:ed:db:24:42:5e:64:b4:d8:1d:ab:
                    70:9b:61:b0:12:b6:b0:ac:86:b8:5a:44:04:9b:f7:
                    e4:eb:ef:df:db:d1:b4:98:35:0d:1f:fd:fb:bf:16:
                    c3:67:c6:42:18:37:07:7b:b8:16:30:45:d3:13:6e:
                    60:ed:ee:73:23:b5:a6:13:35:0a:19:cd:2b:99:a7:
                    bf:a5:e9:80:3f:a8:06:35:39:f8:92:03:4b:9b:a7:
                    61:e9:22:72:d4:f6:75:58:fd:a7:d5:ad:c4:b8:85:
                    54:04:79:a2:a9:12:ed:cd:ea:a0:ac:33:fa:f7:01:
                    f1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:4F:E8:E9:03:DA:B3:24:CE:98:3B:F3:5D:19:A1:81:3E:CC:C5:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d84ddace-20b9-4ca3-be5d-b63aaa0ee494.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         59:61:82:a5:ab:11:3e:12:7e:e7:53:29:c8:18:8e:2a:dc:b0:
         d4:3e:b8:b8:bc:42:26:fe:1c:c0:fa:49:3a:16:e6:b1:09:d1:
         d1:d1:08:65:63:b2:df:7c:0e:e9:e6:60:c2:2c:67:35:fd:28:
         9f:97:1a:94:8a:c5:39:46:3c:a9:07:fc:d0:a8:23:67:3f:3a:
         82:5b:c8:b0:5d:8c:56:34:2e:fd:74:a1:b8:3d:e0:cf:ee:f9:
         b1:6e:11:99:e7:0c:8b:4c:43:50:5f:37:3f:8b:e8:cf:9e:c2:
         79:33:95:61:b6:52:31:e7:99:b9:69:d4:89:6d:6c:2b:5e:2e:
         24:21:18:e8:4f:82:e4:c5:c9:35:b2:9a:9e:e3:11:2f:17:8d:
         40:b5:95:e7:3a:f4:92:44:eb:37:7f:95:14:8f:54:45:96:05:
         99:db:62:a6:11:20:86:08:7d:2b:77:ad:0e:5a:96:79:6a:47:
         04:0d:a7:d7:08:ec:b0:9e:08:e9:cd:05:ae:36:72:84:c3:41:
         7c:08:10:7d:1b:d6:e4:80:cd:25:cf:c7:2e:7d:96:2d:4d:9a:
         ef:fb:71:52:42:2a:72:35:99:7f:3a:d1:38:2e:f7:d7:7e:2f:
         12:bc:8a:aa:96:34:15:f8:54:85:40:ce:e8:06:f5:fb:e0:2a:
         63:e9:bf:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfqD2GX62c/4nCjUxuB5lZ57QuWowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZWM4ZGRiN2E3YTExNjBjYTAxYWM5NmEwOTMxNWE5Mzhi
ZDc2YzM0M2FhYjQ5NzYyMTc0NTU1OWVkMjc2NDcxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjydJYgPS3MGuHff3CSjIhyFUR+i+Cz87vnQJSc3iiqI2L
0TJKk8WijP/axXLR+n5QDJNijPpKscaCBkVFE/0TEsm4TIuB5yI1WJwlvhjDjDJG
1xgp2vqHrOvDe7La6LT2eVbLvYa8TOFFY7v0708X3gRtXfUpbXrCUjKTcP94yPcF
VW9lfdSxq9De7dskQl5ktNgdq3CbYbAStrCshrhaRASb9+Tr79/b0bSYNQ0f/fu/
FsNnxkIYNwd7uBYwRdMTbmDt7nMjtaYTNQoZzSuZp7+l6YA/qAY1OfiSA0ubp2Hp
InLU9nVY/afVrcS4hVQEeaKpEu3N6qCsM/r3AfGZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNU/o6QPasyTOmDvzXRmhgT7MxVAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q4NGRkYWNlLTIwYjktNGNhMy1iZTVkLWI2M2FhYTBlZTQ5NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl0AwDQYJKoZIhvcNAQELBQADggEBAFlhgqWrET4SfudTKcgYjircsNQ+
uLi8Qib+HMD6SToW5rEJ0dHRCGVjst98DunmYMIsZzX9KJ+XGpSKxTlGPKkH/NCo
I2c/OoJbyLBdjFY0Lv10obg94M/u+bFuEZnnDItMQ1BfNz+L6M+ewnkzlWG2UjHn
mblp1IltbCteLiQhGOhPguTFyTWymp7jES8XjUC1lec69JJE6zd/lRSPVEWWBZnb
YqYRIIYIfSt3rQ5alnlqRwQNp9cI7LCeCOnNBa42coTDQXwIEH0b1uSAzSXPxy59
li1Nmu/7cVJCKnI1mX860Tgu99d+LxK8iqqWNBX4VIVAzugG9fvgKmPpv28=
-----END CERTIFICATE-----