Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/df37622f-c70a-4a6c-9804-378a9f342829.roa
File:                     df37622f-c70a-4a6c-9804-378a9f342829.roa (raw, json)
Hash identifier:          1X6sYF/VkrUXwSATFoshGKsH7ndIXpmyMQRC2EYsSKk=
Subject key identifier:   F3:41:D9:B2:1D:CB:4B:52:9D:A0:70:BF:EE:58:C4:36:CE:66:C6:9C
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       2794B629F87BBBF057A99C6E584E34C7CD1F83E7
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/df37622f-c70a-4a6c-9804-378a9f342829.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.96.0.0/12 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:94:b6:29:f8:7b:bb:f0:57:a9:9c:6e:58:4e:34:c7:cd:1f:83:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c7:63:98:8c:05:9e:2b:16:7f:fe:db:7e:97:
                    ac:90:41:4a:06:e9:6d:3b:20:a4:1e:72:71:0d:3b:
                    13:07:3c:39:77:b0:ad:1d:56:e9:e5:0f:a9:ca:e1:
                    39:bf:84:ef:ef:01:51:a4:15:1f:bc:1a:f8:f9:8a:
                    00:78:94:df:06:70:8f:e8:70:36:9f:13:ea:4a:44:
                    46:17:3e:1a:82:ef:3c:dd:6d:88:86:06:5a:e5:f7:
                    a0:a4:a7:f7:bf:d8:2b:b1:bd:24:e1:51:ed:76:cc:
                    9b:85:58:00:bb:be:93:19:54:30:5d:61:c4:6e:91:
                    5b:aa:90:54:0b:1e:30:29:5c:88:12:a0:ea:80:67:
                    a0:c8:d6:d8:39:b3:f3:c9:aa:cb:c5:f3:1e:d1:18:
                    a8:9f:24:ca:42:68:d6:82:ee:40:e8:c5:94:1d:29:
                    e4:2a:58:b1:da:89:31:62:b3:f7:0a:f3:64:e6:3e:
                    80:84:56:16:31:18:a2:4f:1a:cc:f5:39:e0:65:8c:
                    89:83:2e:7d:61:c4:07:30:66:7e:95:63:99:be:fb:
                    21:60:7b:4e:78:38:5f:32:e7:ce:97:8f:78:e4:7a:
                    59:70:25:fd:8c:f5:f3:a4:63:1c:82:de:50:1b:4f:
                    5e:46:a2:e9:30:7e:3b:a7:d7:91:4c:53:d6:a5:9b:
                    d3:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:41:D9:B2:1D:CB:4B:52:9D:A0:70:BF:EE:58:C4:36:CE:66:C6:9C
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/df37622f-c70a-4a6c-9804-378a9f342829.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         7d:d0:04:92:91:78:a4:fe:db:fb:f7:0d:e8:3c:5c:cf:63:a7:
         0f:d8:f4:2f:a1:a9:be:8e:e2:7a:17:be:88:d7:3f:e6:87:92:
         40:59:8d:39:7b:24:97:02:67:2c:b0:d7:32:44:69:c8:e6:aa:
         a8:eb:0a:8b:38:c9:7c:af:ec:5a:fe:66:3a:e5:9a:6b:94:f8:
         b9:98:fb:7e:3a:fe:78:6f:15:4f:b1:33:d7:24:45:b2:e2:87:
         e3:96:31:c1:9d:1e:97:ab:64:3a:46:3d:9f:25:57:83:69:18:
         3c:2d:1c:fc:ef:f1:54:2c:1c:a2:ab:e3:16:3f:a7:f5:8b:09:
         7b:f6:b5:e6:9c:ba:d9:f9:7a:56:2d:4f:28:da:fe:1e:bb:cd:
         5c:46:7a:da:8e:19:e9:e8:96:4a:33:ce:32:a5:be:98:50:96:
         5a:b2:38:1b:cc:3e:72:59:74:79:eb:07:7b:4b:b8:64:f6:2c:
         30:0e:74:33:17:51:ae:c6:e3:55:6e:f9:98:59:0b:e2:86:e3:
         b1:b4:b7:8c:29:c4:6d:50:57:4c:15:99:b1:f3:60:5a:47:d0:
         e8:4e:05:b3:ba:a8:c9:ec:12:3d:86:39:ab:9c:8f:5e:d7:a8:
         f4:06:dc:4c:ac:28:98:ba:00:3e:e5:c0:ee:06:7d:1d:27:e9:
         d2:9f:e9:1b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUJ5S2Kfh7u/BXqZxuWE40x80fg+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BlZDU1OGQ4OGY2NzBmZjBlZTI0ZGQ4OGJiMTFlYWNmNjIy
NTVhZGMxNjRjZDY1NzIzZjBlOGQzZmQ2YTdmZTU3MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrx2OYjAWeKxZ//tt+l6yQQUoG6W07IKQecnENOxMHPDl3
sK0dVunlD6nK4Tm/hO/vAVGkFR+8Gvj5igB4lN8GcI/ocDafE+pKREYXPhqC7zzd
bYiGBlrl96Ckp/e/2CuxvSThUe12zJuFWAC7vpMZVDBdYcRukVuqkFQLHjApXIgS
oOqAZ6DI1tg5s/PJqsvF8x7RGKifJMpCaNaC7kDoxZQdKeQqWLHaiTFis/cK82Tm
PoCEVhYxGKJPGsz1OeBljImDLn1hxAcwZn6VY5m++yFge054OF8y586Xj3jkellw
Jf2M9fOkYxyC3lAbT15Goukwfjun15FMU9alm9NZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU80HZsh3LS1KdoHC/7ljENs5mxpwwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2RmMzc2MjJmLWM3MGEtNGE2Yy05ODA0LTM3OGE5ZjM0MjgyOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjYDANBgkqhkiG9w0BAQsFAAOCAQEAfdAEkpF4pP7b+/cN6Dxcz2OnD9j0
L6Gpvo7iehe+iNc/5oeSQFmNOXsklwJnLLDXMkRpyOaqqOsKizjJfK/sWv5mOuWa
a5T4uZj7fjr+eG8VT7Ez1yRFsuKH45YxwZ0el6tkOkY9nyVXg2kYPC0c/O/xVCwc
oqvjFj+n9YsJe/a15py62fl6Vi1PKNr+HrvNXEZ62o4Z6eiWSjPOMqW+mFCWWrI4
G8w+cll0eesHe0u4ZPYsMA50MxdRrsbjVW75mFkL4objsbS3jCnEbVBXTBWZsfNg
WkfQ6E4Fs7qoyewSPYY5q5yPXteo9AbcTKwomLoAPuXA7gZ9HSfp0p/pGw==
-----END CERTIFICATE-----