Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0e8ebf9c-f8ac-46fc-80f8-0a74b9f68513.roa
File:                     0e8ebf9c-f8ac-46fc-80f8-0a74b9f68513.roa (raw, json)
Hash identifier:          +8g/L4sLxyCLCI/FFNcXtkbJKM8wzO+Rsvd12g+yYLU=
Subject key identifier:   E1:29:08:2A:62:7B:A0:B5:5B:C0:C4:01:72:94:5E:A7:91:83:69:6E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       61D09C49F3BE9E7D0410EF6ED1D7D7F6E842106E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0e8ebf9c-f8ac-46fc-80f8-0a74b9f68513.roa
Signing time:             Fri 10 Jan 2025 00:00:00 +0000
ROA not before:           Fri 10 Jan 2025 00:00:00 +0000
ROA not after:            Fri 14 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        13.35.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:d0:9c:49:f3:be:9e:7d:04:10:ef:6e:d1:d7:d7:f6:e8:42:10:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 10 00:00:00 2025 GMT
            Not After : Feb 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e0:bc:fb:79:6c:90:a8:b7:16:a2:fa:21:02:
                    20:1e:e5:15:08:d6:e9:68:73:83:b5:df:5d:7e:59:
                    0d:1e:6f:7e:b1:43:d5:e4:d5:4a:a9:18:b1:0f:f6:
                    d9:2c:95:be:2d:f3:ff:3c:54:66:a7:58:4e:8a:9f:
                    75:c3:e3:fb:04:54:50:fc:bc:33:d4:25:68:67:9e:
                    a9:58:36:39:b1:8b:a4:4b:26:cb:37:9d:66:d5:ca:
                    3d:ed:8a:e9:34:50:84:ad:99:91:99:aa:ed:68:79:
                    58:e2:24:3d:06:59:75:5f:be:56:3a:1c:76:de:ac:
                    97:20:62:8d:1a:a8:66:2d:27:f5:eb:ad:02:be:c4:
                    fb:e4:f5:0d:ec:b2:6c:d2:af:7b:f5:bd:66:e6:77:
                    d2:13:45:ab:31:86:de:a3:81:76:aa:aa:72:1a:47:
                    ed:5c:05:86:f2:83:67:72:86:5b:b5:3e:36:fe:7d:
                    2c:c1:da:9e:0b:66:1e:0c:d6:07:93:57:1c:2c:e2:
                    6d:21:4a:5f:e9:9c:d3:10:6e:ce:c7:ee:a5:2d:f9:
                    2a:b1:d4:b4:34:60:5c:3a:0f:7b:f5:c3:aa:39:b2:
                    f0:ce:2b:d1:63:ab:2f:40:ee:a8:4f:62:d6:41:ed:
                    a1:74:47:35:e0:f8:8e:df:61:5f:1c:77:a5:9d:18:
                    03:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:29:08:2A:62:7B:A0:B5:5B:C0:C4:01:72:94:5E:A7:91:83:69:6E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0e8ebf9c-f8ac-46fc-80f8-0a74b9f68513.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  13.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2b:ab:bf:e0:e0:21:41:1d:7e:ed:4c:d1:91:a0:36:34:ad:1b:
         17:ed:6d:24:c0:cf:8c:03:40:6f:6a:c8:c9:2a:c0:d0:d7:31:
         c8:51:76:cd:4f:f8:ca:71:ea:72:84:81:60:5c:a5:5e:f5:9c:
         10:d6:17:a5:61:1d:f6:06:21:c0:48:82:29:9f:84:93:77:e5:
         20:b2:aa:b2:b7:31:d6:1c:1a:95:8f:b8:8c:5f:64:57:0e:18:
         be:19:90:15:cb:25:c5:e2:b4:79:d6:a7:aa:ca:4e:3c:ac:3b:
         f9:89:74:4e:53:ff:5f:8f:b1:da:1a:f9:06:50:75:a4:39:3d:
         65:fc:30:18:b4:a6:11:73:6a:ae:4e:f8:12:46:ac:b9:85:36:
         9f:1d:55:7e:fa:5f:31:66:8e:3a:f9:9d:51:62:d3:27:1f:2f:
         c8:7e:d6:75:a5:72:30:5b:2b:f3:ad:46:ba:7b:fe:cb:bf:73:
         bc:9a:af:ee:ba:bd:1f:2b:03:82:00:f7:0f:f5:46:0b:b2:9f:
         4a:a5:94:ad:d6:f1:c8:16:2f:51:7c:70:e8:9a:16:0e:91:e6:
         19:94:9a:b1:80:da:09:3a:0b:a8:4a:69:55:5c:fa:0c:e1:7e:
         4e:df:59:29:ce:54:14:ba:64:41:f8:95:2d:f1:cb:c4:78:ea:
         6f:2e:15:cf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYdCcSfO+nn0EEO9u0dfX9uhCEG4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEwMDAwMDAwWhcNMjUwMjE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWMxNDc0Yjc2ODdkOTBjNTE1N2FlYjk4NjNjYzdmNDJl
MzA1MDkzZGNmYzE3YmNlMWE3ODBmYzE4MmZiZGIyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI4Lz7eWyQqLcWovohAiAe5RUI1uloc4O1311+WQ0eb36x
Q9Xk1UqpGLEP9tkslb4t8/88VGanWE6Kn3XD4/sEVFD8vDPUJWhnnqlYNjmxi6RL
Jss3nWbVyj3tiuk0UIStmZGZqu1oeVjiJD0GWXVfvlY6HHberJcgYo0aqGYtJ/Xr
rQK+xPvk9Q3ssmzSr3v1vWbmd9ITRasxht6jgXaqqnIaR+1cBYbyg2dyhlu1Pjb+
fSzB2p4LZh4M1geTVxws4m0hSl/pnNMQbs7H7qUt+Sqx1LQ0YFw6D3v1w6o5svDO
K9Fjqy9A7qhPYtZB7aF0RzXg+I7fYV8cd6WdGANXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU4SkIKmJ7oLVbwMQBcpRep5GDaW4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlOGViZjljLWY4YWMtNDZmYy04MGY4LTBhNzRiOWY2ODUxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwANIzANBgkqhkiG9w0BAQsFAAOCAQEAK6u/4OAhQR1+7UzRkaA2NK0bF+1t
JMDPjANAb2rIySrA0NcxyFF2zU/4ynHqcoSBYFylXvWcENYXpWEd9gYhwEiCKZ+E
k3flILKqsrcx1hwalY+4jF9kVw4YvhmQFcslxeK0edanqspOPKw7+Yl0TlP/X4+x
2hr5BlB1pDk9ZfwwGLSmEXNqrk74EkasuYU2nx1VfvpfMWaOOvmdUWLTJx8vyH7W
daVyMFsr861Gunv+y79zvJqv7rq9HysDggD3D/VGC7KfSqWUrdbxyBYvUXxw6JoW
DpHmGZSasYDaCToLqEppVVz6DOF+Tt9ZKc5UFLpkQfiVLfHLxHjqby4Vzw==
-----END CERTIFICATE-----