Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7411dd-5096-4786-98d0-4438424a95cd.roa
File:                     ef7411dd-5096-4786-98d0-4438424a95cd.roa (raw, json)
Hash identifier:          7VU7ERsZX/9iKMQrZ1mfSbT4wSC6NUblRE3fVsEgozY=
Subject key identifier:   22:9B:A3:41:CB:8B:E3:55:F3:21:65:50:23:49:BE:1C:5A:23:60:C8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       17F52806AC3C9982D849101F6DFB39FE44E30AEA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7411dd-5096-4786-98d0-4438424a95cd.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.87.32.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f5:28:06:ac:3c:99:82:d8:49:10:1f:6d:fb:39:fe:44:e3:0a:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:75:36:f7:7c:1f:57:0f:f4:9b:43:d9:09:96:
                    cc:a9:e9:5d:59:e3:f5:75:5b:bb:87:6f:4d:e4:52:
                    2b:55:52:90:fe:df:dc:33:cd:8f:fb:46:63:39:19:
                    a4:b3:79:4d:00:7e:8e:af:75:ea:5f:ff:ae:bc:72:
                    ce:68:bc:fb:b8:75:2a:0f:a9:37:2c:b3:69:10:c4:
                    60:0c:38:9b:3b:7b:b6:1d:a4:a7:27:46:f3:0d:d6:
                    e4:c5:b6:a7:c0:1e:74:55:f8:be:2b:22:37:0a:d6:
                    92:c7:b4:a6:b4:fb:44:aa:c1:6a:7c:78:c6:f8:0e:
                    fd:1c:33:fe:b7:24:97:1f:9d:ea:89:52:73:dd:9d:
                    f3:09:c6:c7:ab:cf:c1:b2:4c:08:84:9c:30:25:4b:
                    2b:0d:31:85:fc:eb:09:e2:19:93:55:a8:39:43:14:
                    5b:7b:a6:92:7c:a0:09:a6:1b:d5:11:56:c3:0d:0d:
                    92:df:bc:14:14:9f:69:32:ca:8c:36:7d:ac:11:11:
                    b9:0a:20:92:2c:38:33:0a:78:f3:35:83:50:a5:df:
                    68:6f:e8:50:7c:df:b5:1a:ee:82:1e:a3:22:59:ea:
                    f9:8b:e6:3d:ce:2d:73:9c:41:79:1a:34:b6:f8:54:
                    7a:48:1e:36:d3:ef:dc:27:87:d4:ba:a8:af:30:e2:
                    a3:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:9B:A3:41:CB:8B:E3:55:F3:21:65:50:23:49:BE:1C:5A:23:60:C8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ef7411dd-5096-4786-98d0-4438424a95cd.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.87.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:17:62:8c:f9:b7:86:72:a9:43:75:12:13:26:04:1b:44:d1:
         24:4d:e5:e8:3f:4a:df:13:58:b9:2b:3a:5a:e4:ec:b2:04:3e:
         3c:48:1b:d6:e8:41:a9:5e:1d:2c:c7:d8:98:b9:0c:63:8c:92:
         94:36:aa:33:6d:e7:fd:49:f8:f4:7d:49:8e:de:f4:7c:b6:53:
         5b:d5:39:5e:ab:72:67:84:9f:e4:f2:a9:40:9a:f3:5e:6e:b5:
         af:e5:9c:69:99:44:ea:9a:f7:62:ed:5d:b1:20:90:be:4e:ae:
         bf:17:c7:b7:aa:13:4c:a7:59:eb:23:3b:9a:32:e7:45:ba:94:
         47:c0:78:d7:a7:0f:f7:e1:6c:97:12:9b:ec:96:90:a6:29:66:
         df:da:76:27:60:f6:1a:47:69:be:b3:ff:29:4b:6b:88:e8:85:
         83:9a:78:fe:36:ee:fa:8c:f3:2d:bd:51:9d:e0:e5:de:c6:b9:
         18:86:73:d6:2e:62:79:60:be:53:41:30:42:ea:f5:48:ed:a3:
         74:80:4c:f3:7e:92:79:f2:64:f1:51:60:8f:db:97:24:5f:7b:
         07:17:db:bd:57:b2:ea:3c:01:27:28:a5:37:d1:54:f3:a5:77:
         24:85:04:eb:c7:77:a3:9d:fa:b3:eb:32:33:87:12:f7:26:d3:
         10:ed:3c:6d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUF/UoBqw8mYLYSRAfbfs5/kTjCuowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNTcxMGIwNDM3Y2M0ODg3NjE2ZGRjNTExZDFhM2M1Y2Jl
NGY5ZGYxOWJiNDNlYjI4NTUyYjA2OTYyNmUyZDYzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCadTb3fB9XD/SbQ9kJlsyp6V1Z4/V1W7uHb03kUitVUpD+
39wzzY/7RmM5GaSzeU0Afo6vdepf/668cs5ovPu4dSoPqTcss2kQxGAMOJs7e7Yd
pKcnRvMN1uTFtqfAHnRV+L4rIjcK1pLHtKa0+0SqwWp8eMb4Dv0cM/63JJcfneqJ
UnPdnfMJxserz8GyTAiEnDAlSysNMYX86wniGZNVqDlDFFt7ppJ8oAmmG9URVsMN
DZLfvBQUn2kyyow2fawREbkKIJIsODMKePM1g1Cl32hv6FB837Ua7oIeoyJZ6vmL
5j3OLXOcQXkaNLb4VHpIHjbT79wnh9S6qK8w4qNzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIpujQcuL41XzIWVQI0m+HFojYMgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmNzQxMWRkLTUwOTYtNDc4Ni05OGQwLTQ0Mzg0MjRhOTVjZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjVyAwDQYJKoZIhvcNAQELBQADggEBABsXYoz5t4ZyqUN1EhMmBBtE0SRN
5eg/St8TWLkrOlrk7LIEPjxIG9boQaleHSzH2Ji5DGOMkpQ2qjNt5/1J+PR9SY7e
9Hy2U1vVOV6rcmeEn+TyqUCa815uta/lnGmZROqa92LtXbEgkL5Orr8Xx7eqE0yn
WesjO5oy50W6lEfAeNenD/fhbJcSm+yWkKYpZt/adidg9hpHab6z/ylLa4johYOa
eP427vqM8y29UZ3g5d7GuRiGc9YuYnlgvlNBMELq9Ujto3SATPN+knnyZPFRYI/b
lyRfewcX271Xsuo8AScopTfRVPOldySFBOvHd6Od+rPrMjOHEvcm0xDtPG0=
-----END CERTIFICATE-----