Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56a7ef53-352e-4b7a-860f-8a7658f7afa1.roa
File:                     56a7ef53-352e-4b7a-860f-8a7658f7afa1.roa (raw, json)
Hash identifier:          +HUn9gOCzrYza+4Y9p6DqzgY0sifuHC+PHNWFDikVBQ=
Subject key identifier:   FB:1C:FF:83:41:1B:BB:CB:94:8C:B8:01:79:1E:39:8C:E5:3A:D1:1F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       161564ACE465A73D5774E8AB678FD9D78AA584D2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56a7ef53-352e-4b7a-860f-8a7658f7afa1.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        161.99.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:15:64:ac:e4:65:a7:3d:57:74:e8:ab:67:8f:d9:d7:8a:a5:84:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=af69d31cae61d3eab0e46c5a1dd3ab6539c61766a61ffe0aebefd7d0bc0906c6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fe:9a:be:f6:ce:07:58:fb:bf:1e:ba:41:74:
                    79:1e:53:86:fc:6d:40:db:f8:83:cc:20:4d:13:e1:
                    08:53:5f:ef:7e:00:95:3e:b7:2c:aa:2f:f1:b5:56:
                    0e:cc:6b:98:31:54:1d:c8:09:52:c4:b2:5f:7a:c6:
                    3d:de:e9:77:b7:fc:91:54:de:4c:bd:52:6c:a3:c8:
                    2b:ac:2f:ec:47:b2:83:b1:c7:25:8c:ae:9e:44:c9:
                    1c:dc:47:af:2c:76:09:03:bf:be:fe:e9:c7:a0:ae:
                    7c:67:b2:b4:d2:56:98:69:bb:ce:e8:c8:a0:09:12:
                    1c:79:5b:8a:93:e1:86:36:30:7e:3d:92:85:75:57:
                    2e:ba:bb:f2:04:04:bb:2c:25:de:59:a0:01:21:05:
                    be:46:5a:73:a1:92:75:9f:d6:9a:8b:83:a9:7f:6f:
                    28:36:e6:ca:6f:b5:fd:49:ac:64:d3:8e:a3:28:1e:
                    30:37:88:18:52:c7:45:1c:20:4e:38:93:b8:c1:3c:
                    5c:45:20:18:73:2f:a2:4d:ce:c0:8b:6e:d7:ed:cc:
                    c6:3d:40:ca:bf:ff:91:cf:39:8c:a9:92:b4:be:28:
                    26:b5:2c:59:e8:2d:89:85:6b:f2:de:08:20:17:f5:
                    34:22:98:9e:1d:aa:1c:16:2f:dc:cd:8e:29:d4:38:
                    83:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:1C:FF:83:41:1B:BB:CB:94:8C:B8:01:79:1E:39:8C:E5:3A:D1:1F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/56a7ef53-352e-4b7a-860f-8a7658f7afa1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.99.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         d4:29:c6:69:bf:ab:d6:f9:e0:f6:b2:1f:14:9f:15:ef:6c:81:
         b1:95:4e:cb:79:c3:7a:f6:c4:8e:e0:11:9d:a7:1c:e9:53:1d:
         d5:81:9a:c6:68:f8:13:de:a4:ad:aa:64:88:11:29:26:cf:a7:
         53:5e:4b:5e:fe:69:29:53:7d:42:b4:6c:66:25:e8:e4:93:98:
         4b:7d:85:c6:e2:ec:88:01:b8:7e:bd:b3:e8:7f:1c:98:47:05:
         47:db:f7:44:ff:c5:34:c6:24:d7:d2:f2:fe:34:c9:d2:3a:8e:
         5a:6f:a9:1d:42:34:22:cb:5d:18:ea:10:99:b3:2b:14:f8:b8:
         22:16:80:8a:30:fb:41:d6:e7:94:20:7e:18:38:73:85:01:a8:
         94:a5:44:a7:f0:5b:6c:f2:33:e8:db:a8:f3:ec:69:93:55:92:
         cb:28:69:11:50:93:b5:09:1e:15:1d:7a:7e:0c:99:d5:c2:58:
         4a:ee:86:a9:f4:24:d3:39:fa:0f:56:e1:a8:89:68:0c:07:cf:
         fb:37:f8:e5:f8:a2:8b:e8:e7:90:29:df:42:0b:a3:2c:f2:3c:
         07:eb:6a:28:35:17:ad:1f:60:fb:a5:12:c8:0f:11:97:dd:00:
         12:47:ee:bd:6f:7d:31:ff:bd:68:9a:0b:cd:d8:32:c3:22:90:
         91:16:31:4e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUFhVkrORlpz1XdOirZ4/Z14qlhNIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZjY5ZDMxY2FlNjFkM2VhYjBlNDZjNWExZGQzYWI2NTM5
YzYxNzY2YTYxZmZlMGFlYmVmZDdkMGJjMDkwNmM2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCw/pq+9s4HWPu/HrpBdHkeU4b8bUDb+IPMIE0T4QhTX+9+
AJU+tyyqL/G1Vg7Ma5gxVB3ICVLEsl96xj3e6Xe3/JFU3ky9UmyjyCusL+xHsoOx
xyWMrp5EyRzcR68sdgkDv77+6cegrnxnsrTSVphpu87oyKAJEhx5W4qT4YY2MH49
koV1Vy66u/IEBLssJd5ZoAEhBb5GWnOhknWf1pqLg6l/byg25spvtf1JrGTTjqMo
HjA3iBhSx0UcIE44k7jBPFxFIBhzL6JNzsCLbtftzMY9QMq//5HPOYypkrS+KCa1
LFnoLYmFa/LeCCAX9TQimJ4dqhwWL9zNjinUOINjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU+xz/g0Ebu8uUjLgBeR45jOU60R8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzU2YTdlZjUzLTM1MmUtNGI3YS04NjBmLThhNzY1OGY3YWZhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAehY4AwDQYJKoZIhvcNAQELBQADggEBANQpxmm/q9b54PayHxSfFe9sgbGV
Tst5w3r2xI7gEZ2nHOlTHdWBmsZo+BPepK2qZIgRKSbPp1NeS17+aSlTfUK0bGYl
6OSTmEt9hcbi7IgBuH69s+h/HJhHBUfb90T/xTTGJNfS8v40ydI6jlpvqR1CNCLL
XRjqEJmzKxT4uCIWgIow+0HW55Qgfhg4c4UBqJSlRKfwW2zyM+jbqPPsaZNVksso
aRFQk7UJHhUden4MmdXCWEruhqn0JNM5+g9W4aiJaAwHz/s3+OX4oovo55Ap30IL
oyzyPAfraig1F60fYPulEsgPEZfdABJH7r1vfTH/vWiaC83YMsMikJEWMU4=
-----END CERTIFICATE-----