Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f19d764-6d29-407c-9f3c-6955d5a33014.roa
File:                     3f19d764-6d29-407c-9f3c-6955d5a33014.roa (raw, json)
Hash identifier:          oxYnMG5iLN5VeRLRXclYJqD/C6nb7Ro3C3aIxYzH9Ec=
Subject key identifier:   71:8E:F7:74:03:14:88:8A:16:FB:E1:5B:21:2C:D8:CA:84:27:44:C1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       73955C325425812C63DEC096E2A4F3423A8AE7A1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f19d764-6d29-407c-9f3c-6955d5a33014.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.168.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:95:5c:32:54:25:81:2c:63:de:c0:96:e2:a4:f3:42:3a:8a:e7:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=2283ee3cb3976463e436d52f6503962d94aba22c4b934b2601af08188846743a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:8e:99:5d:35:8d:51:d5:45:20:78:eb:1d:
                    93:a3:54:fe:b0:1a:a0:17:d5:a2:92:91:ff:cc:53:
                    d9:1c:bd:6c:82:6c:e9:0f:da:bd:9c:8f:7a:95:63:
                    67:b8:d0:4f:93:29:54:4a:83:66:66:74:72:0e:8d:
                    24:7a:e4:a8:38:88:29:f3:1f:6f:f6:c0:9f:19:db:
                    a8:db:ff:20:ff:a9:e3:ee:19:b0:0e:45:0f:e3:4c:
                    bb:0a:3c:e5:3e:51:cf:64:bf:84:b9:bd:6d:61:41:
                    9b:4e:76:e0:b8:67:75:7b:dc:63:c4:af:41:ea:5c:
                    7d:00:1a:c8:18:c4:db:d7:55:00:a3:d2:5e:10:96:
                    5b:62:97:1f:69:a1:91:a6:1e:16:6e:7a:95:70:ed:
                    b7:f0:63:b9:60:d5:8c:b8:86:2d:02:96:8d:42:4c:
                    48:c4:24:e5:9e:ca:50:dc:93:1c:c4:83:13:65:4a:
                    19:78:f2:cf:4c:f9:74:e2:0c:97:5c:0c:7c:45:f5:
                    fb:d9:34:68:5d:bf:72:b5:6e:44:49:cb:2f:a1:b5:
                    71:71:4b:fa:63:60:be:54:39:38:64:dd:e3:3f:12:
                    ae:4d:d2:4f:92:47:f2:77:f2:d3:38:b6:75:68:9d:
                    8d:53:ec:ba:40:28:49:8b:30:3f:8e:ff:ac:36:39:
                    cb:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:8E:F7:74:03:14:88:8A:16:FB:E1:5B:21:2C:D8:CA:84:27:44:C1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3f19d764-6d29-407c-9f3c-6955d5a33014.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:9a:7b:7a:3d:90:f0:09:ae:e8:3d:13:c5:57:af:3e:ff:f3:
         ba:04:66:ba:c4:53:c7:2a:80:81:4c:ae:e6:98:6c:d2:34:7f:
         6a:ef:d4:63:c0:dc:09:e7:6f:9e:e0:e9:16:7a:f3:fa:a0:81:
         e7:e8:a3:cc:07:63:dc:0e:3b:46:39:9b:4d:7d:74:08:a4:1d:
         70:a8:60:2f:0d:c8:6b:bf:d6:9b:8d:a9:e4:6e:6e:15:af:4f:
         33:35:29:ea:58:c4:48:06:2b:7b:86:04:01:08:40:78:07:ce:
         86:8f:8d:a3:54:5b:21:d1:c8:d2:be:7c:dc:d5:74:fe:08:35:
         f4:7e:f2:bc:57:2d:4a:8d:53:12:78:9d:6b:a8:26:d9:25:1b:
         94:b7:7a:32:33:2f:e8:d2:13:99:ea:e6:8b:00:61:72:44:2c:
         e7:a3:fc:15:c9:18:14:d0:8c:81:47:ab:11:08:d3:c5:c0:02:
         ee:1e:77:86:52:30:29:5f:0d:dd:43:63:19:ed:32:cc:f9:5e:
         8e:26:12:da:ff:d2:53:a6:83:e1:44:14:9a:0f:0c:ab:a2:d0:
         cb:65:6d:fd:a3:38:46:de:e2:79:a4:40:ef:d4:ee:09:f8:42:
         60:7b:d8:46:e4:e8:d7:40:37:27:75:b1:1a:cc:5c:0f:7d:be:
         fa:c6:42:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc5VcMlQlgSxj3sCW4qTzQjqK56EwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjgzZWUzY2IzOTc2NDYzZTQzNmQ1MmY2NTAzOTYyZDk0
YWJhMjJjNGI5MzRiMjYwMWFmMDgxODg4NDY3NDNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3wY6ZXTWNUdVFIHjrHZOjVP6wGqAX1aKSkf/MU9kcvWyC
bOkP2r2cj3qVY2e40E+TKVRKg2ZmdHIOjSR65Kg4iCnzH2/2wJ8Z26jb/yD/qePu
GbAORQ/jTLsKPOU+Uc9kv4S5vW1hQZtOduC4Z3V73GPEr0HqXH0AGsgYxNvXVQCj
0l4Qlltilx9poZGmHhZuepVw7bfwY7lg1Yy4hi0Clo1CTEjEJOWeylDckxzEgxNl
Shl48s9M+XTiDJdcDHxF9fvZNGhdv3K1bkRJyy+htXFxS/pjYL5UOThk3eM/Eq5N
0k+SR/J38tM4tnVonY1T7LpAKEmLMD+O/6w2OcvzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcY73dAMUiIoW++FbISzYyoQnRMEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNmMTlkNzY0LTZkMjktNDA3Yy05ZjNjLTY5NTVkNWEzMzAxNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl6gwDQYJKoZIhvcNAQELBQADggEBAHaae3o9kPAJrug9E8VXrz7/87oE
ZrrEU8cqgIFMruaYbNI0f2rv1GPA3Annb57g6RZ68/qggefoo8wHY9wOO0Y5m019
dAikHXCoYC8NyGu/1puNqeRubhWvTzM1KepYxEgGK3uGBAEIQHgHzoaPjaNUWyHR
yNK+fNzVdP4INfR+8rxXLUqNUxJ4nWuoJtklG5S3ejIzL+jSE5nq5osAYXJELOej
/BXJGBTQjIFHqxEI08XAAu4ed4ZSMClfDd1DYxntMsz5Xo4mEtr/0lOmg+FEFJoP
DKui0Mtlbf2jOEbe4nmkQO/U7gn4QmB72Ebk6NdANyd1sRrMXA99vvrGQmo=
-----END CERTIFICATE-----