Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98fe3088-892e-477a-9113-7d0af06fa535.roa
File:                     98fe3088-892e-477a-9113-7d0af06fa535.roa (raw, json)
Hash identifier:          PiVVUv7sERffqq9h9NWfwKrtztnAPZFO5HFINbMJLwg=
Subject key identifier:   2E:9F:B1:CE:B6:29:7B:5B:30:6C:D3:D0:77:97:6F:CC:8B:00:17:B5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6C6F02236480E6E3DF1F6ACB9A22858E4CCFABF5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98fe3088-892e-477a-9113-7d0af06fa535.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.48.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:6f:02:23:64:80:e6:e3:df:1f:6a:cb:9a:22:85:8e:4c:cf:ab:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=2087a9aded40bbfd710a7ae4b4011630ab3c44754b4bc48b45b5b6eb8b2f615c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:9d:69:ff:b7:98:2e:49:e6:b6:f0:66:e4:
                    a5:60:b0:2e:2b:55:08:d5:cd:e7:b2:f4:d4:bd:1d:
                    fd:fb:91:2b:87:dc:f7:ba:92:53:53:60:83:d4:21:
                    16:f5:3b:d0:58:89:c0:36:32:1a:e4:89:46:6a:1b:
                    55:95:9e:b8:05:b8:cb:ff:63:01:a4:71:b6:e7:b6:
                    ba:2d:bc:a5:c7:a1:76:e6:af:cb:71:e8:f1:ba:8e:
                    b6:50:3e:a0:4b:bc:07:7d:05:06:01:26:b7:aa:89:
                    6f:bb:3b:60:e4:7a:0f:72:2a:e5:1d:a0:9a:8c:6d:
                    ff:02:a8:44:50:53:6c:c0:02:ce:18:02:08:b6:29:
                    0f:5e:19:9d:f3:1c:9a:86:57:0c:5b:a4:d2:13:c5:
                    82:1c:58:2f:2b:f9:9f:2f:f2:e1:25:3f:d6:52:6e:
                    5c:d7:e2:c1:b2:53:27:25:64:b3:89:1f:16:76:6e:
                    af:1a:57:02:91:1e:8f:d3:be:3c:88:f9:ec:5c:ff:
                    5e:52:bd:b5:84:de:fb:35:2f:4c:e6:a9:e9:a1:dc:
                    0c:f2:a9:f6:56:84:51:4b:62:dd:2e:2e:a5:b6:92:
                    22:0e:69:cf:38:0e:14:62:17:f3:fa:d2:96:9d:4a:
                    55:fb:18:35:46:d4:cc:b3:0a:6e:62:0f:79:77:96:
                    8c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:9F:B1:CE:B6:29:7B:5B:30:6C:D3:D0:77:97:6F:CC:8B:00:17:B5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/98fe3088-892e-477a-9113-7d0af06fa535.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.48.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         96:39:e2:12:81:13:6c:ef:d0:3e:0d:89:f5:f1:97:fc:bd:51:
         6f:d3:24:e9:78:c9:35:92:8b:f1:c3:46:5f:a0:bf:ea:9d:6b:
         7e:b0:a7:09:9d:e8:89:10:e7:93:09:aa:80:7c:0b:3f:1c:45:
         46:bd:62:36:39:16:8b:31:09:a4:2c:5b:0d:76:1f:69:e2:fb:
         fa:a5:8a:5f:3f:9b:53:2f:d7:a2:8b:8e:87:73:83:3a:70:5a:
         40:b6:b1:3e:95:77:d1:33:1c:8b:5a:2c:82:f2:b9:a5:f3:40:
         05:2f:45:60:9c:1d:44:c2:5c:45:5e:69:3e:58:31:0f:53:79:
         57:0e:d0:25:7d:b5:3b:2a:91:d3:51:f0:13:db:d7:74:be:fa:
         4e:6e:b1:0a:0c:09:f7:0b:12:ea:f6:81:72:76:89:74:e4:61:
         0b:d4:a6:f6:d1:c5:e9:99:7d:cf:2e:91:bb:c2:05:87:b4:de:
         21:b0:b6:3b:bc:95:3e:c5:cd:e5:cb:c1:0a:e4:6b:eb:cc:2e:
         81:4a:93:f6:e3:3d:02:66:cd:e3:4a:fb:7e:fb:fb:5d:5d:45:
         a0:c4:b4:14:53:e4:e4:3b:4b:b0:92:67:80:c3:15:34:9c:d0:
         d8:46:16:0c:d5:36:75:3e:33:5a:09:37:24:ff:89:de:4b:8a:
         3e:08:a1:4c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUbG8CI2SA5uPfH2rLmiKFjkzPq/UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMDg3YTlhZGVkNDBiYmZkNzEwYTdhZTRiNDAxMTYzMGFi
M2M0NDc1NGI0YmM0OGI0NWI1YjZlYjhiMmY2MTVjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5oZ1p/7eYLknmtvBm5KVgsC4rVQjVzeey9NS9Hf37kSuH
3Pe6klNTYIPUIRb1O9BYicA2MhrkiUZqG1WVnrgFuMv/YwGkcbbntrotvKXHoXbm
r8tx6PG6jrZQPqBLvAd9BQYBJreqiW+7O2Dkeg9yKuUdoJqMbf8CqERQU2zAAs4Y
Agi2KQ9eGZ3zHJqGVwxbpNITxYIcWC8r+Z8v8uElP9ZSblzX4sGyUyclZLOJHxZ2
bq8aVwKRHo/TvjyI+exc/15SvbWE3vs1L0zmqemh3AzyqfZWhFFLYt0uLqW2kiIO
ac84DhRiF/P60padSlX7GDVG1MyzCm5iD3l3lowbAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULp+xzrYpe1swbNPQd5dvzIsAF7UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk4ZmUzMDg4LTg5MmUtNDc3YS05MTEzLTdkMGFmMDZmYTUzNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjMDANBgkqhkiG9w0BAQsFAAOCAQEAljniEoETbO/QPg2J9fGX/L1Rb9Mk
6XjJNZKL8cNGX6C/6p1rfrCnCZ3oiRDnkwmqgHwLPxxFRr1iNjkWizEJpCxbDXYf
aeL7+qWKXz+bUy/XoouOh3ODOnBaQLaxPpV30TMci1osgvK5pfNABS9FYJwdRMJc
RV5pPlgxD1N5Vw7QJX21OyqR01HwE9vXdL76Tm6xCgwJ9wsS6vaBcnaJdORhC9Sm
9tHF6Zl9zy6Ru8IFh7TeIbC2O7yVPsXN5cvBCuRr68wugUqT9uM9AmbN40r7fvv7
XV1FoMS0FFPk5DtLsJJngMMVNJzQ2EYWDNU2dT4zWgk3JP+J3kuKPgihTA==
-----END CERTIFICATE-----