Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2acf447f-e3e9-49a1-b3e3-6b7a9ac0cd17.roa
File:                     2acf447f-e3e9-49a1-b3e3-6b7a9ac0cd17.roa (raw, json)
Hash identifier:          RQgLZtSl0+fHyjVtg+TDoLx2YZTkxkpH3inHPpinR+0=
Subject key identifier:   45:F7:FF:DB:76:24:3E:03:88:48:88:76:7C:CF:6C:C8:C8:2D:68:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       785ACD9B80CD282450FCF6110E4DA710582B941A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2acf447f-e3e9-49a1-b3e3-6b7a9ac0cd17.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.82.161.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:5a:cd:9b:80:cd:28:24:50:fc:f6:11:0e:4d:a7:10:58:2b:94:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=cc16975d1f3e22e13e790dad03152b5511eb60e76c4a2749894a5033815999c0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7d:ea:2d:c1:fb:35:01:41:b3:48:4b:f6:50:
                    07:ee:8b:73:e1:28:a9:e7:2b:1c:e4:3d:81:ef:95:
                    d6:c3:90:29:25:ca:25:e5:e3:db:fa:28:b5:8d:fe:
                    3a:68:a7:eb:6f:a4:55:0e:a5:71:b6:bc:0c:ec:67:
                    aa:d0:3f:97:95:37:f3:87:29:80:ba:b5:04:20:e0:
                    7d:8c:b8:8f:8e:5c:41:1c:7c:a3:67:a4:8e:06:22:
                    d5:8b:6e:b0:d0:6c:1d:39:76:be:77:7c:7b:8f:f8:
                    fa:51:00:78:ba:5e:24:3e:6e:bb:2f:fa:ec:ed:ca:
                    24:dc:13:f6:6c:88:b3:89:b1:17:3f:12:48:ba:4f:
                    6b:73:01:7b:43:a7:1b:73:02:86:10:88:ec:52:09:
                    8f:16:ff:38:08:4c:72:3e:fa:13:a8:36:bd:37:6e:
                    44:57:2e:f7:c5:04:98:9c:ea:a1:4d:e2:cb:b6:d7:
                    8c:0b:10:8b:65:ba:3f:72:31:95:a7:a8:e9:e4:cb:
                    f5:03:b8:74:77:88:98:92:13:2e:f1:b4:51:f0:7e:
                    59:e9:7b:42:d0:0d:8e:c6:a7:51:09:88:01:80:17:
                    0e:42:32:97:d7:e7:0d:38:4b:5e:5d:a3:06:0b:28:
                    f0:f9:6b:cd:40:a9:50:cb:b5:cd:d1:a1:6c:d9:f7:
                    dd:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F7:FF:DB:76:24:3E:03:88:48:88:76:7C:CF:6C:C8:C8:2D:68:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2acf447f-e3e9-49a1-b3e3-6b7a9ac0cd17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.82.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5a:e4:8e:61:94:35:f7:c5:dc:77:3c:a0:78:ff:09:53:45:
         5e:5f:17:dc:ca:99:ad:48:a9:56:7f:4e:d9:1e:d1:f0:58:ed:
         bd:71:17:98:94:45:78:ab:bf:3d:0c:6c:82:5a:f2:bf:46:0b:
         2e:14:5e:d9:36:f5:80:32:92:47:8a:9b:62:03:bc:7e:c6:06:
         dd:ee:cb:ce:4d:c8:b7:6a:eb:14:68:23:94:d2:07:22:e2:42:
         e2:fb:c5:0f:dd:19:08:db:69:cf:23:ba:9d:5b:f6:f9:cc:06:
         92:9c:cb:4b:eb:71:b7:ae:f9:e4:01:2b:24:63:ed:52:2b:86:
         88:c0:a1:39:ad:9f:75:27:6d:9e:47:a4:3f:62:6c:07:08:09:
         88:eb:ff:ce:d2:5d:5f:21:45:97:79:37:7f:e3:9a:1a:1b:8a:
         4d:15:7d:f4:79:25:99:eb:de:a6:1b:ae:d2:9a:c4:16:4a:ef:
         e6:20:90:05:cf:1b:4c:ef:ff:de:66:98:f0:15:3b:ce:4c:82:
         63:55:07:e5:7b:56:74:04:33:79:1c:55:5a:5c:eb:99:8e:ed:
         5e:83:af:f1:95:a0:2f:60:24:ad:62:31:1a:a1:bf:f5:50:b9:
         6c:30:69:aa:c5:4a:da:dc:f2:34:5b:4f:ab:83:91:82:db:a5:
         e3:08:bf:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeFrNm4DNKCRQ/PYRDk2nEFgrlBowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYzE2OTc1ZDFmM2UyMmUxM2U3OTBkYWQwMzE1MmI1NTEx
ZWI2MGU3NmM0YTI3NDk4OTRhNTAzMzgxNTk5OWMwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdfeotwfs1AUGzSEv2UAfui3PhKKnnKxzkPYHvldbDkCkl
yiXl49v6KLWN/jpop+tvpFUOpXG2vAzsZ6rQP5eVN/OHKYC6tQQg4H2MuI+OXEEc
fKNnpI4GItWLbrDQbB05dr53fHuP+PpRAHi6XiQ+brsv+uztyiTcE/ZsiLOJsRc/
Eki6T2tzAXtDpxtzAoYQiOxSCY8W/zgITHI++hOoNr03bkRXLvfFBJic6qFN4su2
14wLEItluj9yMZWnqOnky/UDuHR3iJiSEy7xtFHwflnpe0LQDY7Gp1EJiAGAFw5C
MpfX5w04S15dowYLKPD5a81AqVDLtc3RoWzZ990JAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQURff/23YkPgOISIh2fM9syMgtaJAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJhY2Y0NDdmLWUzZTktNDlhMS1iM2UzLTZiN2E5YWMwY2QxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBABjUqEwDQYJKoZIhvcNAQELBQADggEBACRa5I5hlDX3xdx3PKB4/wlTRV5f
F9zKma1IqVZ/Ttke0fBY7b1xF5iURXirvz0MbIJa8r9GCy4UXtk29YAykkeKm2ID
vH7GBt3uy85NyLdq6xRoI5TSByLiQuL7xQ/dGQjbac8jup1b9vnMBpKcy0vrcbeu
+eQBKyRj7VIrhojAoTmtn3UnbZ5HpD9ibAcICYjr/87SXV8hRZd5N3/jmhobik0V
ffR5JZnr3qYbrtKaxBZK7+YgkAXPG0zv/95mmPAVO85MgmNVB+V7VnQEM3kcVVpc
65mO7V6Dr/GVoC9gJK1iMRqhv/VQuWwwaarFStrc8jRbT6uDkYLbpeMIv7g=
-----END CERTIFICATE-----