Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e32197f-650f-4bab-9e63-ce764834242f.roa
File:                     3e32197f-650f-4bab-9e63-ce764834242f.roa (raw, json)
Hash identifier:          qDPZ83SywdVL8r4HVPIUKYZpdGo8ClYQF86ZVJ9BJv4=
Subject key identifier:   43:46:BE:1D:6E:8E:A7:8E:7D:EB:54:B8:A6:C9:F2:C4:AA:EB:94:F5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       661E5D521704B11108BADD560C0EEC3ECB892B03
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e32197f-650f-4bab-9e63-ce764834242f.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        149.98.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:1e:5d:52:17:04:b1:11:08:ba:dd:56:0c:0e:ec:3e:cb:89:2b:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8c:a9:79:da:54:9a:b3:2b:07:45:d6:93:6a:
                    6b:cc:43:14:30:ce:ca:de:b1:17:eb:3b:5a:27:0f:
                    dd:99:e1:67:67:37:12:87:20:a9:6f:f1:f3:55:ae:
                    d1:41:10:bc:a5:7d:2d:2b:20:7f:63:d2:0c:8d:97:
                    9c:88:19:aa:66:b0:33:9d:27:d7:72:af:49:d8:ae:
                    a5:c0:d5:eb:da:97:52:12:15:56:b7:e7:4d:2d:75:
                    46:29:07:7b:62:47:71:23:bb:7c:56:f4:00:23:96:
                    d5:be:f3:dc:7b:da:39:a1:9e:be:ac:0d:c7:c9:dc:
                    3c:6e:7d:24:b5:b9:6a:f3:9c:21:00:ca:0d:6e:7a:
                    65:aa:ce:6e:46:61:d0:3e:91:5f:9f:28:24:60:64:
                    a6:6c:c5:00:72:3a:f1:4f:7d:68:a0:2d:fe:35:a8:
                    a4:4e:1e:1f:8e:3b:47:c0:09:e6:d4:78:5d:61:4c:
                    44:32:34:81:50:c4:03:6e:b9:62:1d:7c:4d:9d:9d:
                    bc:70:8d:67:c4:7c:23:6a:6b:d5:b6:dd:fd:04:c0:
                    a1:96:3a:3c:60:ef:d5:b1:77:5c:76:6b:f6:1f:01:
                    cc:76:3e:72:5e:f7:c8:9e:4d:df:42:eb:55:9e:b5:
                    ce:7c:f5:4e:a4:7c:7a:2c:2b:97:7d:26:d7:a0:e2:
                    84:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:46:BE:1D:6E:8E:A7:8E:7D:EB:54:B8:A6:C9:F2:C4:AA:EB:94:F5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3e32197f-650f-4bab-9e63-ce764834242f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.98.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7e:a2:36:1c:79:29:a9:63:e5:d2:0b:8c:a5:2b:1f:3f:01:76:
         cf:d6:ae:8b:0b:3a:a6:15:0d:11:1c:4d:ad:3c:f1:62:4b:a0:
         5d:f6:0a:15:3e:14:6b:90:4d:58:88:8b:79:c5:0c:4a:62:87:
         09:77:c7:3f:2c:fb:30:46:76:1a:19:e3:80:ff:07:94:4e:b9:
         c9:54:28:25:70:e8:9b:ed:d8:6b:4b:50:0a:b6:33:e6:0f:f9:
         fa:dd:a3:b9:0b:b2:bb:0f:43:5b:e5:e4:95:8f:8c:eb:0c:1d:
         63:ac:d4:a7:bc:41:f9:43:1c:c5:5d:ec:15:63:b8:99:51:00:
         0a:16:d4:c3:b8:8d:a3:88:2f:8f:1f:b3:56:a3:22:cc:36:62:
         d5:1f:ef:59:dc:eb:4f:9e:91:35:10:23:7a:90:e5:37:d9:d0:
         fc:3d:09:de:31:f8:75:3c:94:bc:9e:8d:df:22:d7:e9:65:d5:
         c6:d8:02:7c:9c:6a:31:70:ce:fb:fb:7c:5f:cf:4c:ca:4c:a9:
         a3:7a:14:80:95:1a:d0:c0:0d:f7:a9:25:10:62:3c:cc:5c:91:
         aa:16:45:4f:4e:6d:eb:36:61:73:ba:a8:2c:a9:78:aa:1c:35:
         0c:67:59:30:cd:f6:a8:0e:d6:f5:ab:8a:26:21:42:ff:88:07:
         5a:f8:ad:e3
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUZh5dUhcEsREIut1WDA7sPsuJKwMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MGE1ODExNjU3MTI4YzFjZjlhOTA1MzQ5MDViODQ3Mzhk
MjU2MzdmZTM4YzhhNzhkNjVjNjZkNDcyMDIyOGFjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqjKl52lSasysHRdaTamvMQxQwzsresRfrO1onD92Z4Wdn
NxKHIKlv8fNVrtFBELylfS0rIH9j0gyNl5yIGapmsDOdJ9dyr0nYrqXA1eval1IS
FVa3500tdUYpB3tiR3Eju3xW9AAjltW+89x72jmhnr6sDcfJ3DxufSS1uWrznCEA
yg1uemWqzm5GYdA+kV+fKCRgZKZsxQByOvFPfWigLf41qKROHh+OO0fACebUeF1h
TEQyNIFQxANuuWIdfE2dnbxwjWfEfCNqa9W23f0EwKGWOjxg79Wxd1x2a/YfAcx2
PnJe98ieTd9C61Wetc589U6kfHosK5d9Jteg4oS9AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUQ0a+HW6Op45961S4psnyxKrrlPUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNlMzIxOTdmLTY1MGYtNGJhYi05ZTYzLWNlNzY0ODM0MjQyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCVYjANBgkqhkiG9w0BAQsFAAOCAQEAfqI2HHkpqWPl0guMpSsfPwF2z9au
iws6phUNERxNrTzxYkugXfYKFT4Ua5BNWIiLecUMSmKHCXfHPyz7MEZ2GhnjgP8H
lE65yVQoJXDom+3Ya0tQCrYz5g/5+t2juQuyuw9DW+XklY+M6wwdY6zUp7xB+UMc
xV3sFWO4mVEAChbUw7iNo4gvjx+zVqMizDZi1R/vWdzrT56RNRAjepDlN9nQ/D0J
3jH4dTyUvJ6N3yLX6WXVxtgCfJxqMXDO+/t8X89Mykypo3oUgJUa0MAN96klEGI8
zFyRqhZFT05t6zZhc7qoLKl4qhw1DGdZMM32qA7W9auKJiFC/4gHWvit4w==
-----END CERTIFICATE-----