Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e803c788-e3c5-4e0f-b60f-42ce430040b0.roa
File:                     e803c788-e3c5-4e0f-b60f-42ce430040b0.roa (raw, json)
Hash identifier:          JuUZOl4dAq4tRT0hmwJuPIQH+Fd20MnXc9eOvJmmW1s=
Subject key identifier:   88:B4:89:18:33:B0:AB:74:10:E4:4B:55:15:EC:13:0D:CD:6A:AF:C5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5BEFFAE75CC11737146D4D961D76CA8C897F9231
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e803c788-e3c5-4e0f-b60f-42ce430040b0.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.82.163.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ef:fa:e7:5c:c1:17:37:14:6d:4d:96:1d:76:ca:8c:89:7f:92:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:94:a0:a5:31:94:15:d9:e5:68:b4:45:2c:f1:
                    4d:52:09:0a:1f:9c:b0:56:cb:7a:f9:6c:98:c4:0b:
                    20:41:e3:96:b2:04:cb:7f:29:b0:8b:8a:30:45:56:
                    01:63:c1:75:b8:2f:a4:92:12:44:de:7b:06:1c:d9:
                    bd:3c:73:32:fc:ec:5c:ff:3b:80:37:ee:f0:8e:31:
                    15:db:75:76:4a:06:ce:77:99:c5:22:63:17:62:86:
                    25:35:f7:bc:9b:3b:ed:0e:3c:df:50:78:3d:b5:5a:
                    5e:57:16:26:85:25:ac:86:6c:99:9e:94:f4:b8:b7:
                    33:40:43:e6:d7:a0:eb:c3:62:85:54:4a:cf:ba:1c:
                    25:2e:07:1d:78:95:f3:36:a2:37:52:2d:14:92:6d:
                    ea:1d:14:80:ab:64:86:27:fe:74:1e:1b:68:a0:ed:
                    53:67:41:78:44:fb:71:16:a9:e4:bc:ba:3e:0b:ae:
                    bb:1f:41:d3:8d:c3:2d:1e:8f:5d:63:c9:90:90:f7:
                    3f:0d:be:ee:81:fc:00:1f:a4:8a:c8:92:4e:96:89:
                    35:fc:39:ea:a2:94:ff:ba:fa:21:9a:71:c6:8f:47:
                    3a:91:b6:3f:d3:77:78:9c:70:92:28:de:9b:21:a2:
                    51:60:58:99:07:f7:8d:c8:c7:f3:87:57:5f:40:40:
                    ff:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B4:89:18:33:B0:AB:74:10:E4:4B:55:15:EC:13:0D:CD:6A:AF:C5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/e803c788-e3c5-4e0f-b60f-42ce430040b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.82.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:97:59:74:76:48:87:87:ed:71:a2:89:2e:dd:51:67:2b:c8:
         ec:ce:e7:95:6e:97:64:80:ad:9e:b5:58:6b:67:1b:71:15:81:
         05:6b:0a:22:75:c8:43:04:ef:bb:7e:7a:b8:77:e8:31:cd:c1:
         f4:4c:c3:f8:d0:4c:fb:e2:33:28:4e:69:9a:71:0d:de:8f:e0:
         23:49:c8:63:1c:74:55:62:ac:ee:0e:36:99:e6:7d:3f:bd:d7:
         3c:84:5a:05:58:87:7b:1f:fe:eb:ef:69:93:d7:ef:b7:47:d1:
         c8:e7:94:ea:ba:b0:9f:f9:45:dc:08:84:2c:ed:be:12:35:7c:
         96:23:41:69:75:95:1e:60:26:8d:28:1b:9b:b0:a0:98:32:26:
         97:1c:70:c4:42:65:c2:56:ea:f2:f4:37:6f:9d:ee:3b:de:3c:
         81:02:b0:eb:a0:b4:45:de:2e:f5:f3:4b:6e:83:9d:19:95:82:
         a3:9a:e0:5e:07:b8:fd:60:b8:35:40:bd:d1:02:b6:89:f8:3e:
         a5:28:7e:d3:fa:5a:29:ac:e1:a1:78:26:5f:72:e0:5d:0d:89:
         cc:dd:45:cc:a6:ea:65:b7:02:b3:16:f0:db:da:e6:4d:b4:81:
         1a:e0:ff:50:05:51:20:76:b0:a5:62:90:b7:66:87:e4:be:fa:
         94:0e:dd:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW+/651zBFzcUbU2WHXbKjIl/kjEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AzMzhiNjRhNzE0YmZhNWE1ZDdkM2RjN2MxN2QyNmJkNzMz
NmZhMzdjNDU4NDk4MWU2YWZjYTMwYTY2ZTYwYzY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmlKClMZQV2eVotEUs8U1SCQofnLBWy3r5bJjECyBB45ay
BMt/KbCLijBFVgFjwXW4L6SSEkTeewYc2b08czL87Fz/O4A37vCOMRXbdXZKBs53
mcUiYxdihiU197ybO+0OPN9QeD21Wl5XFiaFJayGbJmelPS4tzNAQ+bXoOvDYoVU
Ss+6HCUuBx14lfM2ojdSLRSSbeodFICrZIYn/nQeG2ig7VNnQXhE+3EWqeS8uj4L
rrsfQdONwy0ej11jyZCQ9z8Nvu6B/AAfpIrIkk6WiTX8OeqilP+6+iGaccaPRzqR
tj/Td3iccJIo3psholFgWJkH943Ix/OHV19AQP8LAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiLSJGDOwq3QQ5EtVFewTDc1qr8UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2U4MDNjNzg4LWUzYzUtNGUwZi1iNjBmLTQyY2U0MzAwNDBiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjUqMwDQYJKoZIhvcNAQELBQADggEBACeXWXR2SIeH7XGiiS7dUWcryOzO
55Vul2SArZ61WGtnG3EVgQVrCiJ1yEME77t+erh36DHNwfRMw/jQTPviMyhOaZpx
Dd6P4CNJyGMcdFVirO4ONpnmfT+91zyEWgVYh3sf/uvvaZPX77dH0cjnlOq6sJ/5
RdwIhCztvhI1fJYjQWl1lR5gJo0oG5uwoJgyJpcccMRCZcJW6vL0N2+d7jvePIEC
sOugtEXeLvXzS26DnRmVgqOa4F4HuP1guDVAvdECton4PqUoftP6Wims4aF4Jl9y
4F0NiczdRcym6mW3ArMW8Nva5k20gRrg/1AFUSB2sKVikLdmh+S++pQO3bg=
-----END CERTIFICATE-----