Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9328b321-4ce5-4951-ac7b-db57c5a9c0dc.roa
File:                     9328b321-4ce5-4951-ac7b-db57c5a9c0dc.roa (raw, json)
Hash identifier:          l9RLGWlsq7MC3zeAEOUOxAXm0uSAtQc+64f4QS4C62Y=
Subject key identifier:   80:29:F9:E6:7B:3E:79:AB:03:82:0B:65:95:89:BD:46:8B:88:4A:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       420049C1D76350F0FC4122615A718E34916FDF20
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9328b321-4ce5-4951-ac7b-db57c5a9c0dc.roa
Signing time:             Thu 26 Dec 2024 00:00:00 +0000
ROA not before:           Thu 26 Dec 2024 00:00:00 +0000
ROA not after:            Thu 30 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        98.68.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:00:49:c1:d7:63:50:f0:fc:41:22:61:5a:71:8e:34:91:6f:df:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 26 00:00:00 2024 GMT
            Not After : Jan 30 23:59:59 2025 GMT
        Subject: serialNumber=90f865162d0370826b6c8c93308fa72067467c57347d0700f8ff48e0f7826a54, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:0b:34:6b:c5:c0:17:d3:8c:d0:ed:f5:7b:80:
                    1e:26:a0:5c:31:a7:6e:31:e7:f4:d4:68:0d:ca:d2:
                    22:0a:d5:c7:db:8d:49:5b:4a:0f:1a:30:15:12:d8:
                    d1:aa:54:49:f1:d9:3d:f3:a8:2e:4f:0d:09:57:58:
                    53:3e:41:3a:07:f5:5f:dd:c1:9c:79:7e:17:7b:a9:
                    a5:9c:86:20:35:6a:b3:a3:d4:ab:f6:75:9d:ee:0b:
                    35:cd:14:72:ab:a1:e7:80:dd:97:76:aa:2d:aa:c6:
                    07:8f:18:e3:12:c9:84:f0:62:c5:cb:b0:4c:e5:a8:
                    ce:2b:9b:a3:26:b6:93:31:09:ca:4f:61:95:c2:62:
                    b1:a7:89:e4:2c:5b:6e:a8:07:5a:ff:2f:3f:6c:b7:
                    09:00:17:f0:d4:ea:0b:b5:b0:3a:74:9c:18:c0:38:
                    0f:ec:52:71:e4:47:2d:63:f9:86:14:a3:e1:fd:16:
                    1c:23:cc:68:15:d0:39:eb:5c:85:85:3b:5c:46:65:
                    6d:51:ad:f3:7a:96:45:00:11:4a:1b:d4:c4:17:01:
                    40:af:76:e2:97:25:62:4d:0e:b1:10:bf:05:ef:3e:
                    af:46:51:ea:1d:51:3c:53:37:94:c2:bb:4f:df:59:
                    22:75:70:31:28:d8:8d:8e:c5:51:2b:fa:c5:a7:c1:
                    aa:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:29:F9:E6:7B:3E:79:AB:03:82:0B:65:95:89:BD:46:8B:88:4A:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9328b321-4ce5-4951-ac7b-db57c5a9c0dc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.68.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         c7:02:1e:a0:f3:91:85:33:41:ed:16:0e:ed:14:22:b3:2f:cb:
         af:82:c5:7f:cf:24:f3:c8:ad:c1:0d:73:c8:32:ef:b6:a1:2c:
         ee:94:50:8e:70:36:0f:08:b3:c7:0d:76:f9:22:e3:a9:31:65:
         81:2b:99:47:d5:55:b3:25:ee:eb:b0:9b:b3:94:6e:ca:df:73:
         57:76:81:38:ed:10:ac:2d:b0:6b:03:88:c6:12:1a:0d:19:99:
         70:94:2e:fa:28:d1:8f:db:4b:5a:be:2a:5b:14:ed:89:c3:6c:
         24:32:14:d7:29:8b:c1:39:2b:7e:51:e6:ee:89:b0:4a:58:cd:
         44:39:1a:f7:a1:9c:22:41:8b:40:00:51:58:60:a0:99:6f:63:
         33:82:8e:7d:e8:85:c3:54:28:66:e8:d0:92:36:01:e6:74:8f:
         5a:e5:e4:4f:f7:25:cd:5d:a8:89:13:65:1c:16:34:43:bc:14:
         93:c7:7b:58:50:ea:1d:4d:e5:7a:06:2b:56:11:77:ec:0e:ef:
         e0:2b:57:ad:19:72:cb:ea:ef:a9:e5:d7:3d:ea:5c:a1:bb:d5:
         0c:6e:1c:6c:99:2b:9f:4e:ca:b7:5f:c2:40:ef:ff:6b:51:9b:
         e8:6d:7c:2c:63:0d:72:17:83:81:d0:16:76:c8:12:69:61:1e:
         95:26:98:53
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQgBJwddjUPD8QSJhWnGONJFv3yAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI2MDAwMDAwWhcNMjUwMTMwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5MGY4NjUxNjJkMDM3MDgyNmI2YzhjOTMzMDhmYTcyMDY3
NDY3YzU3MzQ3ZDA3MDBmOGZmNDhlMGY3ODI2YTU0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0CzRrxcAX04zQ7fV7gB4moFwxp24x5/TUaA3K0iIK1cfb
jUlbSg8aMBUS2NGqVEnx2T3zqC5PDQlXWFM+QToH9V/dwZx5fhd7qaWchiA1arOj
1Kv2dZ3uCzXNFHKroeeA3Zd2qi2qxgePGOMSyYTwYsXLsEzlqM4rm6MmtpMxCcpP
YZXCYrGnieQsW26oB1r/Lz9stwkAF/DU6gu1sDp0nBjAOA/sUnHkRy1j+YYUo+H9
FhwjzGgV0DnrXIWFO1xGZW1RrfN6lkUAEUob1MQXAUCvduKXJWJNDrEQvwXvPq9G
UeodUTxTN5TCu0/fWSJ1cDEo2I2OxVEr+sWnwar/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUgCn55ns+easDggtllYm9RouISiMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzkzMjhiMzIxLTRjZTUtNDk1MS1hYzdiLWRiNTdjNWE5YzBkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwBiRDANBgkqhkiG9w0BAQsFAAOCAQEAxwIeoPORhTNB7RYO7RQisy/Lr4LF
f88k88itwQ1zyDLvtqEs7pRQjnA2Dwizxw12+SLjqTFlgSuZR9VVsyXu67Cbs5Ru
yt9zV3aBOO0QrC2wawOIxhIaDRmZcJQu+ijRj9tLWr4qWxTticNsJDIU1ymLwTkr
flHm7omwSljNRDka96GcIkGLQABRWGCgmW9jM4KOfeiFw1QoZujQkjYB5nSPWuXk
T/clzV2oiRNlHBY0Q7wUk8d7WFDqHU3legYrVhF37A7v4CtXrRlyy+rvqeXXPepc
obvVDG4cbJkrn07Kt1/CQO//a1Gb6G18LGMNcheDgdAWdsgSaWEelSaYUw==
-----END CERTIFICATE-----