Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1de410ca-a949-4fbd-a61a-7db676f0245c.roa
File:                     1de410ca-a949-4fbd-a61a-7db676f0245c.roa (raw, json)
Hash identifier:          nU1CZAajuh8FHBMFYxJM/pvMe3e443a5YSfH2u1gTi0=
Subject key identifier:   2B:5A:B6:67:54:14:2C:EE:EB:F3:F4:E9:21:66:18:10:E9:AD:54:ED
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       33426916FB045F2A7633CBAE2E2A8EC688490891
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1de410ca-a949-4fbd-a61a-7db676f0245c.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.51.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:42:69:16:fb:04:5f:2a:76:33:cb:ae:2e:2a:8e:c6:88:49:08:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=f1e0073c688ef834eaa44aade37a15a113975aebf25f501766aebecab9c6b882, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:42:2c:f6:b6:e3:8d:c7:30:a7:29:fe:03:d1:
                    6d:29:27:ec:ff:04:2b:e2:ce:57:f3:c0:74:75:56:
                    04:d5:88:8a:4d:11:d2:32:f2:a5:01:6e:cd:bb:aa:
                    9b:7c:48:8e:14:ba:ba:79:6f:03:e7:b0:cc:a3:c4:
                    74:52:2b:a7:f2:48:d7:c7:83:e1:7a:29:9c:fd:3f:
                    37:d6:ae:83:b2:30:70:92:37:90:6d:f3:92:42:40:
                    2e:5f:c2:ca:2a:37:6c:fb:cf:fa:55:a0:52:60:d2:
                    d8:f4:1e:48:9b:47:54:19:0f:61:8c:81:80:f1:d9:
                    10:c9:d1:65:13:67:df:4b:c8:e7:7e:b0:b6:e0:3c:
                    b1:64:25:e8:6c:6d:c6:12:7e:ca:03:72:ff:93:80:
                    14:6e:66:ab:be:e3:34:e0:43:ff:b3:b2:95:55:c3:
                    46:90:0a:2a:5c:c8:6e:c3:2a:91:41:a7:bf:7b:4c:
                    44:41:47:a2:b2:e9:bf:5e:f7:48:be:ba:4b:c0:f5:
                    5e:86:dc:9a:b9:96:35:e5:0f:27:a6:ed:d5:95:37:
                    3b:6b:5e:a9:85:8a:97:21:40:12:be:70:60:57:a0:
                    9d:9b:dc:aa:49:0f:27:d8:30:cf:36:bf:68:34:79:
                    25:e4:04:50:f7:f9:9f:92:1e:d3:b7:3e:de:62:0b:
                    79:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:5A:B6:67:54:14:2C:EE:EB:F3:F4:E9:21:66:18:10:E9:AD:54:ED
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1de410ca-a949-4fbd-a61a-7db676f0245c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.51.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1a:0d:c4:31:a4:a5:58:18:9f:32:61:8c:b8:b4:34:c3:81:4b:
         c7:02:6b:da:17:65:7c:a9:f7:d6:ab:47:d0:a2:85:c2:65:1f:
         e1:44:36:c7:94:80:dc:2c:2f:3a:99:c0:cc:9c:60:4f:b1:b4:
         85:57:7c:78:f7:78:70:24:20:ed:42:2f:41:ae:ef:f1:08:7e:
         98:3c:c1:f1:d8:f5:30:26:8d:ed:9e:c0:36:79:2a:74:97:2a:
         fc:86:e8:36:a2:89:25:63:b3:ce:1b:d8:6d:34:e8:5b:b5:d9:
         a8:1c:16:e7:f2:cd:da:42:9c:1b:1e:27:04:81:e2:ba:4c:2a:
         16:76:c6:16:59:23:c1:6e:7a:76:0f:75:6d:51:28:ec:cb:0f:
         f4:10:e8:7b:30:e6:0a:9a:24:d4:90:37:5d:d6:1b:79:77:a4:
         35:56:e4:52:78:d2:81:44:69:1d:9b:1a:d8:8f:9c:73:88:c2:
         98:d4:30:d9:78:9a:2f:e9:6d:4c:41:eb:31:00:64:cb:83:15:
         22:2b:a1:16:d7:40:13:58:2c:b8:2a:e3:35:d6:34:1b:76:35:
         0d:0e:71:8f:fb:94:8b:d0:6c:c2:da:1e:b1:41:cb:7f:d1:fc:
         58:be:bc:a9:1d:7a:6e:22:82:a5:99:b4:f4:7f:08:46:d3:85:
         2d:af:d7:8c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUM0JpFvsEXyp2M8uuLiqOxohJCJEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMWUwMDczYzY4OGVmODM0ZWFhNDRhYWRlMzdhMTVhMTEz
OTc1YWViZjI1ZjUwMTc2NmFlYmVjYWI5YzZiODgyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmQiz2tuONxzCnKf4D0W0pJ+z/BCvizlfzwHR1VgTViIpN
EdIy8qUBbs27qpt8SI4Uurp5bwPnsMyjxHRSK6fySNfHg+F6KZz9PzfWroOyMHCS
N5Bt85JCQC5fwsoqN2z7z/pVoFJg0tj0HkibR1QZD2GMgYDx2RDJ0WUTZ99LyOd+
sLbgPLFkJehsbcYSfsoDcv+TgBRuZqu+4zTgQ/+zspVVw0aQCipcyG7DKpFBp797
TERBR6Ky6b9e90i+ukvA9V6G3Jq5ljXlDyem7dWVNztrXqmFipchQBK+cGBXoJ2b
3KpJDyfYMM82v2g0eSXkBFD3+Z+SHtO3Pt5iC3lRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUK1q2Z1QULO7r8/TpIWYYEOmtVO0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFkZTQxMGNhLWE5NDktNGZiZC1hNjFhLTdkYjY3NmYwMjQ1Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjMzANBgkqhkiG9w0BAQsFAAOCAQEAGg3EMaSlWBifMmGMuLQ0w4FLxwJr
2hdlfKn31qtH0KKFwmUf4UQ2x5SA3CwvOpnAzJxgT7G0hVd8ePd4cCQg7UIvQa7v
8Qh+mDzB8dj1MCaN7Z7ANnkqdJcq/IboNqKJJWOzzhvYbTToW7XZqBwW5/LN2kKc
Gx4nBIHiukwqFnbGFlkjwW56dg91bVEo7MsP9BDoezDmCpok1JA3XdYbeXekNVbk
UnjSgURpHZsa2I+cc4jCmNQw2XiaL+ltTEHrMQBky4MVIiuhFtdAE1gsuCrjNdY0
G3Y1DQ5xj/uUi9BswtoesUHLf9H8WL68qR16biKCpZm09H8IRtOFLa/XjA==
-----END CERTIFICATE-----