Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a80c34cc-5182-4a99-8955-425ef9b59bcb.roa
File:                     a80c34cc-5182-4a99-8955-425ef9b59bcb.roa (raw, json)
Hash identifier:          7vgXnii/FcwU7jlGUnSXaueAkBPGumbZcTGRAhH6beo=
Subject key identifier:   14:E6:F1:75:DD:AA:A7:95:1A:18:A9:B7:B9:DA:C3:F3:36:EB:BD:3D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       663F78E0AB13318ABD2715F43980E32CB3327032
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a80c34cc-5182-4a99-8955-425ef9b59bcb.roa
Signing time:             Thu 26 Dec 2024 00:00:00 +0000
ROA not before:           Thu 26 Dec 2024 00:00:00 +0000
ROA not after:            Thu 30 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        99.200.0.0/13 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:3f:78:e0:ab:13:31:8a:bd:27:15:f4:39:80:e3:2c:b3:32:70:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 26 00:00:00 2024 GMT
            Not After : Jan 30 23:59:59 2025 GMT
        Subject: serialNumber=cb89b53a638d1fceea7721a3c7fd1fcb4a3361feee7791b3b324cf62793373b6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a7:3c:22:a2:17:69:b3:d5:cc:c0:c4:62:e0:
                    22:5b:e4:bf:91:1b:71:7d:9b:f5:55:b5:d7:5e:64:
                    fd:24:63:81:8e:b5:28:16:8d:b6:24:23:40:d7:56:
                    f5:69:c1:b2:7d:99:78:b6:a9:63:0f:00:a5:a0:49:
                    fd:1a:b1:26:20:d8:4a:92:d7:d1:52:f2:86:58:17:
                    b5:04:db:12:1e:5f:d4:62:8c:fc:d6:3c:f1:90:88:
                    72:80:de:4e:fb:66:4c:b9:f6:6c:b8:38:6a:b1:18:
                    ca:4c:5b:f5:82:d5:91:d4:46:87:c8:18:0c:b4:ab:
                    eb:83:2f:53:60:54:b7:9c:c2:19:fa:81:8a:d3:58:
                    f2:06:e7:fb:b7:70:42:bc:13:3e:4a:ca:20:ff:8a:
                    76:5b:0e:4a:c4:e4:14:fb:14:d9:6f:e6:99:b8:77:
                    92:13:1a:57:7f:9f:9b:13:07:4a:f4:33:bf:5f:3f:
                    07:1e:a9:29:60:1c:95:cf:e5:c5:e1:a9:be:a2:00:
                    40:5b:4a:04:8e:d2:88:43:6c:7c:82:5e:c9:fa:87:
                    f3:98:b4:52:cb:a8:5c:bd:aa:b0:c3:d0:f9:bc:2f:
                    ab:98:bd:8b:c9:22:85:de:81:b8:d6:43:27:be:8e:
                    c1:21:e7:9e:fd:1c:63:41:e6:55:d6:57:28:db:ec:
                    79:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E6:F1:75:DD:AA:A7:95:1A:18:A9:B7:B9:DA:C3:F3:36:EB:BD:3D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a80c34cc-5182-4a99-8955-425ef9b59bcb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.200.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         7d:96:41:04:fc:8b:91:e7:96:95:9f:75:b4:6d:a3:e0:4c:5a:
         48:86:45:60:77:7e:bc:49:51:ce:77:c9:99:90:99:59:ab:fb:
         81:f3:1a:b2:7b:39:ad:bb:55:07:40:26:92:5e:1e:4f:e0:f5:
         58:c0:86:90:87:e0:45:5c:15:d6:98:16:a2:d8:a9:9a:8a:b0:
         d4:76:7f:3b:35:08:6d:8f:35:6b:51:c9:f1:6b:ec:4e:17:cc:
         87:31:39:75:1a:fa:e3:37:4e:78:fe:1c:19:6d:65:70:e7:2e:
         b0:d7:30:f3:16:66:ff:a3:bf:f3:45:6f:e9:c2:a1:f7:4e:d1:
         1e:b3:55:60:be:6f:7c:d8:45:3a:94:3d:9b:db:fd:69:92:40:
         0c:fb:c8:d3:6b:93:a4:44:84:e7:6c:59:27:f6:8e:52:f1:1a:
         b8:62:14:5c:4c:43:68:e2:3b:ac:04:04:20:6b:8d:7e:18:ac:
         1a:50:d2:5c:1b:cb:85:1d:96:49:f9:a5:1f:26:ea:eb:7f:85:
         42:29:49:15:46:d9:bf:b7:3a:e5:b4:c7:38:4a:8f:ea:0f:eb:
         f6:11:49:ad:26:22:d1:62:a3:c2:56:9f:80:4a:76:d0:70:8d:
         9b:14:3e:ae:91:e4:7a:cf:0b:c6:e8:9f:95:f6:42:56:d9:d3:
         45:7f:85:45
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZj944KsTMYq9JxX0OYDjLLMycDIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI2MDAwMDAwWhcNMjUwMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjYjg5YjUzYTYzOGQxZmNlZWE3NzIxYTNjN2ZkMWZjYjRh
MzM2MWZlZWU3NzkxYjNiMzI0Y2Y2Mjc5MzM3M2I2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6pzwiohdps9XMwMRi4CJb5L+RG3F9m/VVtddeZP0kY4GO
tSgWjbYkI0DXVvVpwbJ9mXi2qWMPAKWgSf0asSYg2EqS19FS8oZYF7UE2xIeX9Ri
jPzWPPGQiHKA3k77Zky59my4OGqxGMpMW/WC1ZHURofIGAy0q+uDL1NgVLecwhn6
gYrTWPIG5/u3cEK8Ez5KyiD/inZbDkrE5BT7FNlv5pm4d5ITGld/n5sTB0r0M79f
PwceqSlgHJXP5cXhqb6iAEBbSgSO0ohDbHyCXsn6h/OYtFLLqFy9qrDD0Pm8L6uY
vYvJIoXegbjWQye+jsEh5579HGNB5lXWVyjb7HkPAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUFObxdd2qp5UaGKm3udrD8zbrvT0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4MGMzNGNjLTUxODItNGE5OS04OTU1LTQyNWVmOWI1OWJjYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwNjyDANBgkqhkiG9w0BAQsFAAOCAQEAfZZBBPyLkeeWlZ91tG2j4ExaSIZF
YHd+vElRznfJmZCZWav7gfMasns5rbtVB0Amkl4eT+D1WMCGkIfgRVwV1pgWotip
moqw1HZ/OzUIbY81a1HJ8WvsThfMhzE5dRr64zdOeP4cGW1lcOcusNcw8xZm/6O/
80Vv6cKh907RHrNVYL5vfNhFOpQ9m9v9aZJADPvI02uTpESE52xZJ/aOUvEauGIU
XExDaOI7rAQEIGuNfhisGlDSXBvLhR2WSfmlHybq63+FQilJFUbZv7c65bTHOEqP
6g/r9hFJrSYi0WKjwlafgEp20HCNmxQ+rpHkes8LxuiflfZCVtnTRX+FRQ==
-----END CERTIFICATE-----