Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/643c0cf3-3134-472f-9ae1-10268fea0382.roa
File:                     643c0cf3-3134-472f-9ae1-10268fea0382.roa (raw, json)
Hash identifier:          9aWy46tTfmuuaNeaT+g8GLHawO7KeuFdBXnRdc8JLEQ=
Subject key identifier:   3F:3B:62:68:EE:CF:8A:02:D6:D9:E2:C6:E2:17:AA:56:C3:FC:C3:8F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E047A6C6309CFCF57047BCEF65FD399F3FC2DC3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/643c0cf3-3134-472f-9ae1-10268fea0382.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        56.98.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:04:7a:6c:63:09:cf:cf:57:04:7b:ce:f6:5f:d3:99:f3:fc:2d:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=fc3a74f3d7f92905c2bbaf81c659782784a4a479a744168d65c32a5fc67d81f4, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0f:ff:68:af:37:2c:66:51:f7:4c:90:5c:5f:
                    2d:7e:d7:e1:a3:58:b9:50:aa:7e:4a:55:59:2a:b6:
                    37:20:9c:7e:9b:94:04:e6:a5:3a:1c:4b:b2:8c:c8:
                    9f:62:54:9a:77:c6:fd:8e:c5:a6:79:8c:da:58:fa:
                    0c:76:dc:3c:b5:66:56:7c:43:cf:1c:d3:8e:2d:66:
                    e2:30:68:34:58:ba:7f:ee:38:c7:d5:74:37:4a:a3:
                    e2:66:a5:ce:08:dc:ee:e0:80:30:3f:2b:2b:18:75:
                    c3:fa:92:39:ff:23:fc:32:80:28:67:a2:f6:b2:45:
                    b5:13:6f:0e:d3:6b:30:63:cf:97:a0:b5:ed:c1:77:
                    d9:24:17:6a:ec:93:75:5f:37:4e:d4:ef:82:e1:10:
                    2b:be:9d:eb:90:22:e5:35:a2:4c:7b:b9:e0:d0:73:
                    66:fc:c8:57:eb:1e:c6:13:f3:69:24:25:9b:e6:f6:
                    97:f3:b0:e2:86:16:72:b9:c8:60:76:69:80:e1:0f:
                    92:20:4e:60:e7:1e:15:ce:7b:99:d7:e1:58:e1:06:
                    b6:08:b6:33:60:e7:1b:9e:c6:6f:70:cf:61:e5:aa:
                    8f:fb:b1:e9:28:fd:93:4f:91:9a:68:50:e0:cb:9c:
                    10:77:fe:99:d9:b8:b5:23:79:a2:07:cd:99:41:98:
                    ad:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:3B:62:68:EE:CF:8A:02:D6:D9:E2:C6:E2:17:AA:56:C3:FC:C3:8F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/643c0cf3-3134-472f-9ae1-10268fea0382.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  56.98.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         0a:83:ed:fb:f2:fb:24:6a:03:1a:e5:02:c0:17:4d:07:46:c3:
         73:b7:48:b2:b5:12:59:11:2d:23:eb:9f:f2:0b:9e:60:37:c5:
         59:97:b4:09:1e:a0:5d:43:77:58:79:67:42:e7:7d:01:f9:7f:
         32:6f:fd:f4:e4:6b:a9:ca:02:21:5d:55:7a:b7:a9:c7:8d:e7:
         c6:ad:ae:49:06:e8:51:da:76:0e:43:c5:4a:9e:32:37:9a:87:
         25:49:8b:d6:f2:0b:4c:dd:f2:68:be:89:50:a9:69:f2:e6:02:
         6b:04:1f:69:e5:a2:21:86:fa:39:7e:cc:56:53:d1:e6:af:c8:
         8e:c0:1d:fe:be:ee:91:ac:82:41:bd:b1:b3:dc:8b:14:40:8a:
         b8:79:ee:d4:49:eb:56:b4:f9:a0:f4:90:fb:ca:b7:e8:71:9e:
         7f:bc:57:dc:78:19:f9:1b:1a:32:79:88:3e:d3:61:6a:b5:73:
         b5:2b:af:3d:49:77:5a:0d:98:70:a1:07:36:a6:63:63:68:fe:
         00:cc:dc:13:ef:a6:24:68:a9:a7:cd:64:33:3e:e5:5f:3c:9f:
         79:38:2e:7d:f1:d2:08:e1:8c:dd:77:04:40:e5:4a:2b:56:22:
         fc:cd:58:0e:91:17:89:94:15:7f:9e:0c:af:94:69:49:7f:3e:
         52:d2:bf:c5
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHgR6bGMJz89XBHvO9l/TmfP8LcMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmYzNhNzRmM2Q3ZjkyOTA1YzJiYmFmODFjNjU5NzgyNzg0
YTRhNDc5YTc0NDE2OGQ2NWMzMmE1ZmM2N2Q4MWY0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9D/9orzcsZlH3TJBcXy1+1+GjWLlQqn5KVVkqtjcgnH6b
lATmpTocS7KMyJ9iVJp3xv2OxaZ5jNpY+gx23Dy1ZlZ8Q88c044tZuIwaDRYun/u
OMfVdDdKo+Jmpc4I3O7ggDA/KysYdcP6kjn/I/wygChnovayRbUTbw7TazBjz5eg
te3Bd9kkF2rsk3VfN07U74LhECu+neuQIuU1okx7ueDQc2b8yFfrHsYT82kkJZvm
9pfzsOKGFnK5yGB2aYDhD5IgTmDnHhXOe5nX4VjhBrYItjNg5xuexm9wz2Hlqo/7
seko/ZNPkZpoUODLnBB3/pnZuLUjeaIHzZlBmK2bAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUPztiaO7PigLW2eLG4heqVsP8w48wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY0M2MwY2YzLTMxMzQtNDcyZi05YWUxLTEwMjY4ZmVhMDM4Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA4YjANBgkqhkiG9w0BAQsFAAOCAQEACoPt+/L7JGoDGuUCwBdNB0bDc7dI
srUSWREtI+uf8gueYDfFWZe0CR6gXUN3WHlnQud9Afl/Mm/99ORrqcoCIV1Verep
x43nxq2uSQboUdp2DkPFSp4yN5qHJUmL1vILTN3yaL6JUKlp8uYCawQfaeWiIYb6
OX7MVlPR5q/IjsAd/r7ukayCQb2xs9yLFECKuHnu1EnrVrT5oPSQ+8q36HGef7xX
3HgZ+RsaMnmIPtNharVztSuvPUl3Wg2YcKEHNqZjY2j+AMzcE++mJGipp81kMz7l
XzyfeTguffHSCOGM3XcEQOVKK1Yi/M1YDpEXiZQVf54Mr5RpSX8+UtK/xQ==
-----END CERTIFICATE-----