Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bced566b-6d8e-433e-b6b5-482ebdc3be99.roa
File:                     bced566b-6d8e-433e-b6b5-482ebdc3be99.roa (raw, json)
Hash identifier:          Z6Ebhk1icwB9OPufhNRoNF9Df5vJ8DgF0PW/6lI9huM=
Subject key identifier:   53:6B:C3:E7:92:8E:B7:46:1B:8C:25:D5:BD:0B:38:F6:69:4A:76:09
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EEE3712A3B63B89C4C6AAA990788366B6F6DB35
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bced566b-6d8e-433e-b6b5-482ebdc3be99.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        99.78.156.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ee:37:12:a3:b6:3b:89:c4:c6:aa:a9:90:78:83:66:b6:f6:db:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=1e990b9ca0395f65cb7f5bd9fb03ab13755b55b0afeb1d952434467a05a5cc5a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bb:6c:c7:97:54:93:a7:ee:08:6a:e1:fb:af:
                    0e:81:70:25:ab:81:77:10:6f:e1:4b:40:a3:37:9d:
                    34:c8:13:0b:97:dd:a8:10:1b:fa:70:73:03:c6:c8:
                    42:f1:3e:e1:eb:b1:60:01:bb:5d:ac:b0:3c:c3:06:
                    8d:0b:f6:bc:f0:26:30:af:a4:b3:29:cf:e8:10:09:
                    e8:20:94:e3:fb:35:60:e7:c3:ac:fb:61:0c:ab:a9:
                    f1:9a:1f:70:13:48:4b:b9:4f:71:61:05:d6:8c:02:
                    2e:ba:fd:51:ab:20:04:b7:9a:07:34:9c:59:15:1e:
                    95:e0:91:27:d8:6d:46:7f:18:2b:65:b0:da:a7:7b:
                    e9:27:09:7d:ee:bb:76:6c:4b:94:b7:a6:46:14:b3:
                    ad:14:dc:34:e2:71:fb:6c:8d:06:95:b9:e8:6b:12:
                    a3:d6:92:2f:6c:5b:56:c0:3a:01:a1:4c:53:76:da:
                    8e:a7:2a:a5:8e:97:6e:22:36:29:f0:e9:84:fe:6c:
                    de:c5:93:c0:1b:87:3f:51:02:b6:5b:39:f1:a7:a1:
                    4d:9c:f0:c6:f1:18:5a:87:05:c0:25:1c:95:40:73:
                    92:f0:75:9d:95:07:1b:bf:ed:fd:85:16:a8:01:58:
                    f3:f3:8d:c6:5c:61:ae:ed:cd:e9:2c:ec:67:48:64:
                    ad:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:6B:C3:E7:92:8E:B7:46:1B:8C:25:D5:BD:0B:38:F6:69:4A:76:09
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bced566b-6d8e-433e-b6b5-482ebdc3be99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  99.78.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:c8:98:47:b5:b3:05:b3:1d:6c:ad:3e:dd:48:7e:eb:f1:75:
         1f:dd:19:ed:89:fc:2f:7a:55:db:46:25:93:24:1c:d8:75:0b:
         3e:9b:ed:df:65:62:17:d0:81:3d:e1:21:82:f5:d6:cb:16:66:
         c0:b8:4a:b5:c2:ff:03:50:94:4d:8a:86:91:26:fa:04:e1:0a:
         73:61:dc:34:13:fa:76:05:56:7c:5b:70:c2:71:0f:64:a8:5c:
         e5:44:30:2f:7b:b1:0e:0b:86:fc:c2:1e:df:21:d5:d0:ea:1f:
         02:14:69:37:d9:41:7f:bd:8b:9f:c6:f4:79:9f:22:db:6f:76:
         30:8b:03:83:10:1a:42:0e:f9:b3:0c:26:09:57:fb:79:60:8a:
         43:1f:c1:c8:b5:39:7b:fa:27:15:10:84:43:9c:86:27:5d:bb:
         08:28:9d:05:b6:1a:01:56:f0:e6:c5:fe:a8:e9:21:e7:ea:4f:
         e5:48:5b:51:39:fc:37:2f:90:1a:3e:5d:06:17:2d:21:3d:83:
         35:30:6d:80:20:b5:af:d9:2b:33:32:14:f1:95:0b:ac:46:29:
         65:eb:e1:08:e9:73:51:b9:06:c1:4f:77:55:94:05:9b:48:29:
         e5:d4:f2:c4:35:5e:58:ad:df:e2:64:c7:2f:7c:fc:68:0a:89:
         1a:30:e6:3a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTu43EqO2O4nExqqpkHiDZrb22zUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTk5MGI5Y2EwMzk1ZjY1Y2I3ZjViZDlmYjAzYWIxMzc1
NWI1NWIwYWZlYjFkOTUyNDM0NDY3YTA1YTVjYzVhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7u2zHl1STp+4IauH7rw6BcCWrgXcQb+FLQKM3nTTIEwuX
3agQG/pwcwPGyELxPuHrsWABu12ssDzDBo0L9rzwJjCvpLMpz+gQCegglOP7NWDn
w6z7YQyrqfGaH3ATSEu5T3FhBdaMAi66/VGrIAS3mgc0nFkVHpXgkSfYbUZ/GCtl
sNqne+knCX3uu3ZsS5S3pkYUs60U3DTicftsjQaVuehrEqPWki9sW1bAOgGhTFN2
2o6nKqWOl24iNinw6YT+bN7Fk8Abhz9RArZbOfGnoU2c8MbxGFqHBcAlHJVAc5Lw
dZ2VBxu/7f2FFqgBWPPzjcZcYa7tzeks7GdIZK1DAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUU2vD55KOt0YbjCXVvQs49mlKdgkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JjZWQ1NjZiLTZkOGUtNDMzZS1iNmI1LTQ4MmViZGMzYmU5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAJjTpwwDQYJKoZIhvcNAQELBQADggEBAIbImEe1swWzHWytPt1IfuvxdR/d
Ge2J/C96VdtGJZMkHNh1Cz6b7d9lYhfQgT3hIYL11ssWZsC4SrXC/wNQlE2KhpEm
+gThCnNh3DQT+nYFVnxbcMJxD2SoXOVEMC97sQ4LhvzCHt8h1dDqHwIUaTfZQX+9
i5/G9HmfIttvdjCLA4MQGkIO+bMMJglX+3lgikMfwci1OXv6JxUQhEOchidduwgo
nQW2GgFW8ObF/qjpIefqT+VIW1E5/DcvkBo+XQYXLSE9gzUwbYAgta/ZKzMyFPGV
C6xGKWXr4Qjpc1G5BsFPd1WUBZtIKeXU8sQ1Xlit3+Jkxy98/GgKiRow5jo=
-----END CERTIFICATE-----