Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/df8623ce-5c31-4fbc-b51a-3c29778927c8.roa
File:                     df8623ce-5c31-4fbc-b51a-3c29778927c8.roa (raw, json)
Hash identifier:          p6ObQ8XA7rL0ElaT8UukjXB5+pajwhaFS6bMq4dmPIg=
Subject key identifier:   D8:87:83:1B:B3:2E:EC:3C:E7:2A:7C:0D:C8:D3:43:C5:41:5C:1A:31
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       563A7D61717B1CB52851BACF03217D51DBD4372B
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/df8623ce-5c31-4fbc-b51a-3c29778927c8.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        148.99.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:3a:7d:61:71:7b:1c:b5:28:51:ba:cf:03:21:7d:51:db:d4:37:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=24ed74ef25543ebe373658db7a471c46f697dd9e0501baaa4037e011205accd8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7b:bf:cf:cb:19:be:e6:e4:5c:85:73:29:a6:
                    f0:e8:44:01:81:9a:ed:a8:7d:84:5a:f8:72:22:2d:
                    63:71:0f:4e:14:20:97:0b:db:c2:62:50:77:c6:3d:
                    5b:5d:2c:da:d1:4e:88:d3:c7:86:8c:85:3e:43:e3:
                    e5:1e:e7:3f:47:a2:d8:c7:d6:54:1e:de:d8:df:f1:
                    b2:55:b1:f7:90:bf:32:8d:80:34:78:db:98:b7:60:
                    77:a2:c3:c7:f8:ab:d6:28:8e:34:55:9b:77:4c:30:
                    6b:49:cc:ab:8d:97:6d:fe:7b:50:14:da:be:85:49:
                    7a:94:d5:c0:80:e3:c9:46:50:03:3e:98:bc:eb:e1:
                    eb:e8:1b:15:bc:e2:35:c0:6e:3e:dc:86:11:0b:68:
                    d5:90:5d:a9:d5:fc:40:ae:02:5b:0e:bb:0a:b6:d5:
                    a9:cd:66:1b:9c:e2:a9:65:7f:3f:80:85:c7:82:19:
                    da:e0:2e:5d:07:71:48:34:fa:bd:d7:39:07:53:b1:
                    f3:e1:c2:17:a6:b0:6b:ee:63:b4:aa:89:1d:f9:17:
                    7a:bc:bd:3d:ce:74:8d:f4:ae:22:c6:84:df:17:7d:
                    3b:af:ca:22:fe:85:5e:a8:aa:bf:17:31:b1:e3:7c:
                    4c:42:8a:f7:47:bb:37:d9:bc:82:06:57:45:7c:4e:
                    0e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:87:83:1B:B3:2E:EC:3C:E7:2A:7C:0D:C8:D3:43:C5:41:5C:1A:31
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/df8623ce-5c31-4fbc-b51a-3c29778927c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.99.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d0:ad:17:84:4c:38:f4:a8:fa:49:65:e2:ca:33:dc:46:a8:e0:
         68:6f:09:fb:8a:a1:68:ef:32:20:3e:64:c8:98:ea:01:61:f9:
         dc:aa:02:6e:96:8b:9d:7c:69:70:ab:2b:18:87:06:3f:a5:0c:
         bd:95:04:8e:6c:fd:cb:7d:40:ff:d4:47:7e:77:e2:21:99:c9:
         9e:15:b0:5f:f5:a4:2c:2a:9f:b3:66:7d:ff:91:43:7f:73:4b:
         60:9a:15:af:90:7c:5b:15:75:9c:28:49:8c:d7:79:85:98:9a:
         ab:b5:a8:4d:ca:d3:41:ff:ad:dd:b3:ca:b9:93:11:8f:df:1b:
         35:80:ee:6c:cd:ba:f5:33:5d:90:d8:2d:19:34:41:8a:f7:47:
         87:e7:f5:bd:ba:7a:d3:39:22:2c:7a:4d:d0:7f:7b:47:4d:1d:
         94:a3:d4:e5:57:ae:20:3f:65:51:f1:42:2b:ab:dd:e8:c0:eb:
         fb:0d:ca:ff:e1:26:75:eb:b8:24:22:1c:2b:dd:eb:2f:71:8f:
         84:22:1e:45:b6:e6:60:f8:55:9d:8a:17:97:4a:10:93:1e:82:
         49:da:7d:c4:e1:9a:fb:06:86:0c:b7:16:04:46:aa:54:fd:da:
         a1:19:76:47:f7:a7:64:98:e7:c7:68:da:36:22:5d:30:9e:fd:
         02:41:22:e5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUVjp9YXF7HLUoUbrPAyF9UdvUNyswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyNGVkNzRlZjI1NTQzZWJlMzczNjU4ZGI3YTQ3MWM0NmY2
OTdkZDllMDUwMWJhYWE0MDM3ZTAxMTIwNWFjY2Q4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbe7/Pyxm+5uRchXMppvDoRAGBmu2ofYRa+HIiLWNxD04U
IJcL28JiUHfGPVtdLNrRTojTx4aMhT5D4+Ue5z9HotjH1lQe3tjf8bJVsfeQvzKN
gDR425i3YHeiw8f4q9YojjRVm3dMMGtJzKuNl23+e1AU2r6FSXqU1cCA48lGUAM+
mLzr4evoGxW84jXAbj7chhELaNWQXanV/ECuAlsOuwq21anNZhuc4qllfz+AhceC
GdrgLl0HcUg0+r3XOQdTsfPhwhemsGvuY7SqiR35F3q8vT3OdI30riLGhN8XfTuv
yiL+hV6oqr8XMbHjfExCivdHuzfZvIIGV0V8Tg7FAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU2IeDG7Mu7DznKnwNyNNDxUFcGjEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RmODYyM2NlLTVjMzEtNGZiYy1iNTFhLTNjMjk3Nzg5MjdjOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCUYzANBgkqhkiG9w0BAQsFAAOCAQEA0K0XhEw49Kj6SWXiyjPcRqjgaG8J
+4qhaO8yID5kyJjqAWH53KoCbpaLnXxpcKsrGIcGP6UMvZUEjmz9y31A/9RHfnfi
IZnJnhWwX/WkLCqfs2Z9/5FDf3NLYJoVr5B8WxV1nChJjNd5hZiaq7WoTcrTQf+t
3bPKuZMRj98bNYDubM269TNdkNgtGTRBivdHh+f1vbp60zkiLHpN0H97R00dlKPU
5VeuID9lUfFCK6vd6MDr+w3K/+Emdeu4JCIcK93rL3GPhCIeRbbmYPhVnYoXl0oQ
kx6CSdp9xOGa+waGDLcWBEaqVP3aoRl2R/enZJjnx2jaNiJdMJ79AkEi5Q==
-----END CERTIFICATE-----