Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0994de7-9c23-4875-8abc-12c358973c20.roa
File:                     b0994de7-9c23-4875-8abc-12c358973c20.roa (raw, json)
Hash identifier:          Z/Dz8qsOYgdTQNr2aqJrvmXJSHbspd1CxpT7mYQoUJc=
Subject key identifier:   37:F7:EC:F0:8B:73:95:9D:E9:91:91:30:89:AC:DD:E7:88:2A:C5:C0
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0ACA038040B9D3F90C35A82BEE8F192A2C4BE6ED
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0994de7-9c23-4875-8abc-12c358973c20.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.151.120.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:ca:03:80:40:b9:d3:f9:0c:35:a8:2b:ee:8f:19:2a:2c:4b:e6:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=8081d621d2eb9a653c3f6dc775f40273aeb328bdf335c16434104914decf3d65, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:25:01:0c:d9:b8:f7:ec:09:0d:82:66:93:68:
                    1b:f0:c3:ea:30:69:dc:de:a0:4f:8c:c2:18:84:ea:
                    33:bb:8d:82:e2:db:b9:2b:93:8d:05:48:42:ae:7f:
                    af:39:1f:fc:8b:43:f5:41:7e:af:d1:5e:ab:68:24:
                    82:a1:ef:97:56:a6:6d:fc:4d:14:d5:74:79:06:90:
                    f6:02:22:c5:23:86:6e:67:2a:5c:a7:db:e9:a7:80:
                    cf:ac:34:11:cc:69:2b:53:49:b7:1e:b6:17:1c:66:
                    e0:c9:e5:d6:ff:d7:b8:fd:0f:c5:27:11:74:29:1d:
                    ee:1a:46:f1:29:5f:c7:39:5b:6b:a8:71:54:c9:1f:
                    8d:ff:90:e0:6e:60:40:a5:06:f5:d4:e8:23:c1:97:
                    42:14:77:8a:06:20:8e:86:5b:25:d9:85:89:47:39:
                    f8:42:aa:dd:25:5d:46:11:dc:81:bc:ff:c3:3f:d9:
                    30:05:2b:50:b8:1f:e1:24:27:fc:c3:a7:fd:7c:a8:
                    40:e1:07:6e:2c:68:61:65:b4:e7:4f:1e:e9:89:d0:
                    ad:c2:23:30:c6:be:fa:4e:3e:72:32:b6:8c:30:0a:
                    54:c5:73:81:c7:8d:ad:0e:5a:5f:55:8d:fe:c0:b3:
                    81:f1:cd:91:fc:04:d8:32:54:68:c4:67:b7:f0:bd:
                    b2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:F7:EC:F0:8B:73:95:9D:E9:91:91:30:89:AC:DD:E7:88:2A:C5:C0
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b0994de7-9c23-4875-8abc-12c358973c20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.151.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         76:a9:28:48:5d:f8:6e:b8:6b:2b:e8:79:65:27:08:55:5b:93:
         d7:cf:c1:5d:8b:72:f3:8e:74:49:b9:d0:51:9d:3f:c8:c7:d9:
         58:b4:a3:e7:0a:44:52:d2:bb:88:02:2f:f6:b3:6b:81:1f:4a:
         12:3f:fa:ec:47:f6:84:cb:65:d4:d2:de:9a:3f:41:5e:88:1b:
         1d:76:01:7d:45:a5:2e:8e:46:f5:3e:4d:15:8d:cf:4f:53:37:
         72:2e:df:90:12:77:7c:80:69:9c:16:1e:2a:37:7e:8c:93:aa:
         64:8a:83:5d:38:d9:2f:ca:e5:6f:84:c6:54:e9:91:cc:eb:59:
         69:34:7c:a9:ca:48:a9:b8:f0:fd:95:43:f8:f1:22:2c:1a:69:
         6e:a3:82:36:22:3c:fc:9a:bb:68:83:3a:6e:73:c7:3a:a9:bf:
         45:d1:dc:48:fc:12:9a:51:de:be:68:ab:93:54:e2:d2:d8:00:
         e6:e3:4c:b6:83:91:d1:c5:8a:c0:f7:5b:28:03:cd:b4:cf:b7:
         16:ef:43:7f:15:18:95:64:9a:28:ae:56:f8:ee:73:08:19:72:
         57:5c:49:8a:8c:63:74:ef:29:46:c1:74:49:a0:63:00:d0:0b:
         36:a6:e9:99:2e:d5:82:fe:ae:09:ae:7b:51:33:ae:21:50:4e:
         6e:92:be:91
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCsoDgEC50/kMNagr7o8ZKixL5u0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4MDgxZDYyMWQyZWI5YTY1M2MzZjZkYzc3NWY0MDI3M2Fl
YjMyOGJkZjMzNWMxNjQzNDEwNDkxNGRlY2YzZDY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCjJQEM2bj37AkNgmaTaBvww+owadzeoE+MwhiE6jO7jYLi
27krk40FSEKuf685H/yLQ/VBfq/RXqtoJIKh75dWpm38TRTVdHkGkPYCIsUjhm5n
Klyn2+mngM+sNBHMaStTSbcethccZuDJ5db/17j9D8UnEXQpHe4aRvEpX8c5W2uo
cVTJH43/kOBuYEClBvXU6CPBl0IUd4oGII6GWyXZhYlHOfhCqt0lXUYR3IG8/8M/
2TAFK1C4H+EkJ/zDp/18qEDhB24saGFltOdPHumJ0K3CIzDGvvpOPnIytowwClTF
c4HHja0OWl9Vjf7As4HxzZH8BNgyVGjEZ7fwvbJ1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUN/fs8ItzlZ3pkZEwiazd54gqxcAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IwOTk0ZGU3LTljMjMtNDg3NS04YWJjLTEyYzM1ODk3M2MyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBANjl3gwDQYJKoZIhvcNAQELBQADggEBAHapKEhd+G64ayvoeWUnCFVbk9fP
wV2LcvOOdEm50FGdP8jH2Vi0o+cKRFLSu4gCL/aza4EfShI/+uxH9oTLZdTS3po/
QV6IGx12AX1FpS6ORvU+TRWNz09TN3Iu35ASd3yAaZwWHio3foyTqmSKg1042S/K
5W+ExlTpkczrWWk0fKnKSKm48P2VQ/jxIiwaaW6jgjYiPPyau2iDOm5zxzqpv0XR
3Ej8EppR3r5oq5NU4tLYAObjTLaDkdHFisD3WygDzbTPtxbvQ38VGJVkmiiuVvju
cwgZcldcSYqMY3TvKUbBdEmgYwDQCzam6Zku1YL+rgmue1EzriFQTm6SvpE=
-----END CERTIFICATE-----