Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8b1a6225-d73a-41b3-a8c7-0e2db1a29695.roa
File:                     8b1a6225-d73a-41b3-a8c7-0e2db1a29695.roa (raw, json)
Hash identifier:          nSjCnF1k7wLcfmgGzwTmxSTd1a8R6b5D2+/ihv2FnGw=
Subject key identifier:   0F:9B:12:67:F3:5A:BF:0D:B0:63:C3:85:78:55:0B:BA:65:2A:1A:65
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1D96591EF8A89D0EB11240A0CFFD25015A6F4749
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8b1a6225-d73a-41b3-a8c7-0e2db1a29695.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.71.109.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:96:59:1e:f8:a8:9d:0e:b1:12:40:a0:cf:fd:25:01:5a:6f:47:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:00:21:8c:91:16:6f:04:25:68:5a:57:9c:ef:
                    ed:15:08:bd:7a:19:69:aa:c8:ee:67:7a:c1:2a:15:
                    f1:ce:70:4b:31:81:7d:56:01:57:2a:93:be:bc:40:
                    0c:59:f9:5b:37:59:73:4a:6c:93:a6:bd:70:37:e0:
                    9b:0c:3b:ef:ec:59:5c:1f:ee:cd:2b:32:cf:39:46:
                    44:1e:a6:c3:a5:39:4c:86:b2:57:8a:d9:94:5d:9a:
                    32:56:d7:94:38:28:2a:a5:5c:26:5c:e7:df:c0:16:
                    6e:70:16:95:47:2c:ca:dd:03:94:4f:0a:d0:22:d0:
                    d6:b5:20:92:c0:cd:e1:59:57:db:6f:08:14:25:02:
                    6c:bb:78:bf:ef:43:5c:d1:6f:41:5f:71:87:a5:2b:
                    a8:63:bb:2b:7a:09:9f:78:3a:8b:09:1f:39:e3:56:
                    4d:06:61:00:7e:da:58:27:26:c7:76:01:50:13:3d:
                    52:6c:38:29:da:8c:16:c4:60:2f:65:5e:c1:aa:14:
                    be:e7:3d:40:a2:1f:82:67:2b:a5:1c:d8:13:7b:e5:
                    89:66:7b:18:13:68:ae:93:ff:43:5d:1d:4f:c1:25:
                    c1:b5:a2:f9:85:8c:52:ee:90:63:e4:47:e3:63:cc:
                    54:52:b0:53:4f:d3:e0:34:34:62:01:41:cd:7b:29:
                    f0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:9B:12:67:F3:5A:BF:0D:B0:63:C3:85:78:55:0B:BA:65:2A:1A:65
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/8b1a6225-d73a-41b3-a8c7-0e2db1a29695.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.71.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:df:f7:d0:cd:98:28:ff:8e:f4:9f:d1:24:9f:94:b4:64:51:
         fc:1f:b5:55:70:5c:07:dc:dc:9b:22:8d:31:6c:24:1f:39:c4:
         be:14:66:ed:2b:19:c1:c5:83:94:66:25:00:b6:e7:14:64:36:
         6b:fb:c2:f6:a8:35:61:93:57:31:ae:33:75:88:12:3a:4c:68:
         a3:dc:d3:f4:d6:e3:5f:a1:93:a9:c1:7c:28:17:18:7b:4f:29:
         a3:ea:76:46:13:e8:60:1c:de:47:b3:30:94:d6:7a:18:1b:53:
         21:0a:11:c3:fa:98:1f:24:ce:9e:09:c5:a0:3f:87:61:e9:fe:
         6a:46:3a:0d:f7:b2:63:54:cd:da:ec:53:41:7c:aa:71:d4:c1:
         30:5b:8e:07:6c:81:f2:5a:e6:24:89:e4:17:46:5f:16:75:f6:
         73:d9:0d:6c:64:e6:ff:31:21:ed:0a:3f:80:74:0c:29:fd:c1:
         fb:ad:7a:05:ce:9d:a1:f0:4d:a7:6b:12:97:09:0f:c1:f3:52:
         7c:ad:4f:1e:99:25:87:a1:7b:4f:2c:4e:ca:36:e9:80:bb:af:
         61:11:a0:f3:45:ec:4d:52:c7:94:ed:35:36:f0:6c:bf:79:8e:
         33:5f:43:6f:22:2b:83:ae:c2:07:02:a6:34:3c:ab:a1:b7:6d:
         ff:63:99:c3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHZZZHvionQ6xEkCgz/0lAVpvR0kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjczMWJjMmM1ZTE1YTMyZGI2YTc5MzRlNGU0YjUzZGEw
NTc0NmM2OTE2NzA5ZmQzZjZjY2I1MzQyYTYwMjdhMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3ACGMkRZvBCVoWlec7+0VCL16GWmqyO5nesEqFfHOcEsx
gX1WAVcqk768QAxZ+Vs3WXNKbJOmvXA34JsMO+/sWVwf7s0rMs85RkQepsOlOUyG
sleK2ZRdmjJW15Q4KCqlXCZc59/AFm5wFpVHLMrdA5RPCtAi0Na1IJLAzeFZV9tv
CBQlAmy7eL/vQ1zRb0FfcYelK6hjuyt6CZ94OosJHznjVk0GYQB+2lgnJsd2AVAT
PVJsOCnajBbEYC9lXsGqFL7nPUCiH4JnK6Uc2BN75YlmexgTaK6T/0NdHU/BJcG1
ovmFjFLukGPkR+NjzFRSsFNP0+A0NGIBQc17KfBBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUD5sSZ/Navw2wY8OFeFULumUqGmUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzhiMWE2MjI1LWQ3M2EtNDFiMy1hOGM3LTBlMmRiMWEyOTY5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjR20wDQYJKoZIhvcNAQELBQADggEBAGff99DNmCj/jvSf0SSflLRkUfwf
tVVwXAfc3JsijTFsJB85xL4UZu0rGcHFg5RmJQC25xRkNmv7wvaoNWGTVzGuM3WI
EjpMaKPc0/TW41+hk6nBfCgXGHtPKaPqdkYT6GAc3kezMJTWehgbUyEKEcP6mB8k
zp4JxaA/h2Hp/mpGOg33smNUzdrsU0F8qnHUwTBbjgdsgfJa5iSJ5BdGXxZ19nPZ
DWxk5v8xIe0KP4B0DCn9wfutegXOnaHwTadrEpcJD8HzUnytTx6ZJYehe08sTso2
6YC7r2ERoPNF7E1Sx5TtNTbwbL95jjNfQ28iK4OuwgcCpjQ8q6G3bf9jmcM=
-----END CERTIFICATE-----