Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ef164be-018b-431e-af2f-296c04ef8a8d.roa
File:                     2ef164be-018b-431e-af2f-296c04ef8a8d.roa (raw, json)
Hash identifier:          2F/edX/AWin3WZZ54xytldV+NsJAc06pIJbiaYjtD94=
Subject key identifier:   24:91:F1:F2:F0:AC:ED:73:04:C8:41:97:CE:94:8B:87:58:F1:38:03
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B7577ED977252AE431CAA50546816491821BADA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ef164be-018b-431e-af2f-296c04ef8a8d.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.54.32.0/19 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:75:77:ed:97:72:52:ae:43:1c:aa:50:54:68:16:49:18:21:ba:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:15:37:15:69:5f:a7:63:11:39:cd:bb:8c:a3:
                    ec:46:7a:b7:23:a7:f0:20:b1:d5:82:f2:f9:15:e5:
                    87:40:0e:30:11:07:b4:d9:e8:60:46:08:63:39:c3:
                    be:31:a1:7e:82:88:be:0b:0c:f8:d9:2e:4c:0a:63:
                    26:40:9a:06:f7:de:6b:bd:b5:04:91:81:a6:fb:6a:
                    ed:10:35:79:93:60:cd:18:2b:27:4c:16:22:1c:9a:
                    e4:81:aa:df:d1:50:23:3e:cb:0a:af:be:52:aa:89:
                    6d:1a:c9:44:79:46:16:d1:68:00:01:a5:63:ff:b1:
                    ab:cc:ad:35:bf:cd:cc:fe:e7:59:98:06:b5:a4:01:
                    ec:af:d2:e1:88:1f:3e:f8:3d:9d:05:34:0f:c3:cf:
                    6c:d9:60:fe:62:89:c8:eb:75:f0:0e:57:14:fe:52:
                    25:3c:28:db:ad:3b:12:ff:cb:25:62:e5:7c:55:0b:
                    bd:dc:5f:5d:73:05:40:2c:40:65:fb:21:be:d0:33:
                    8a:e5:73:eb:f6:86:d1:3c:d8:f5:a2:74:98:be:29:
                    5d:b2:81:d6:9d:09:95:c9:e8:11:44:6f:41:fb:1b:
                    1b:7b:54:18:57:93:54:72:ce:d8:31:c2:fb:de:75:
                    8b:6a:7c:68:bd:81:ad:c8:c1:30:c1:e0:07:c4:7e:
                    b9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:91:F1:F2:F0:AC:ED:73:04:C8:41:97:CE:94:8B:87:58:F1:38:03
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2ef164be-018b-431e-af2f-296c04ef8a8d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.54.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a9:e4:11:b1:4d:7e:b0:0b:55:a2:ab:65:e9:a8:77:11:55:c6:
         c5:3f:a8:49:fb:88:65:05:03:17:d2:c7:49:e6:34:45:f6:93:
         b5:0d:f8:59:e3:0d:10:95:f6:4c:4d:f9:55:aa:63:78:0a:72:
         ce:c1:8b:53:3f:a1:b0:8b:de:d2:5b:d8:5f:fd:4b:ea:63:96:
         f8:04:4b:b8:c7:a1:ee:9a:4d:88:88:9c:18:92:43:1e:f7:c2:
         36:74:1d:7a:51:a1:d5:b7:96:eb:f0:7b:49:03:e5:42:aa:c9:
         7e:d9:23:de:71:58:fa:f9:0f:28:91:eb:b8:ef:fd:57:5e:10:
         f4:51:30:d9:db:3c:66:e1:94:28:84:60:d8:6c:02:ce:14:da:
         f3:2f:70:5b:b6:7a:2c:d8:1a:f4:7a:0a:5e:a9:3c:4e:cb:b5:
         9e:3b:ea:e9:bf:75:f7:2d:d9:73:24:15:82:2b:ed:55:8e:36:
         94:2b:93:9a:fd:24:02:df:9d:62:6d:6b:24:19:08:37:33:c1:
         e5:1a:64:07:4c:19:7e:36:d7:60:c6:da:d7:a0:e5:a6:d9:97:
         de:fa:68:e6:ca:72:34:f9:72:d1:4d:8b:5f:80:79:03:fe:e3:
         ad:43:f5:37:0a:d0:08:eb:c0:da:8e:b3:e7:7d:b7:4f:41:09:
         f7:3c:5a:79
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK3V37ZdyUq5DHKpQVGgWSRghutowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYjg3MDNiNzRiYTI5OWUyNjY2OWVlODgyYWIyNWFlYjVk
MzljMDdmNDg4YmM1NzZiNzkzOTA2MWRiNjQ0YWE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRFTcVaV+nYxE5zbuMo+xGercjp/AgsdWC8vkV5YdADjAR
B7TZ6GBGCGM5w74xoX6CiL4LDPjZLkwKYyZAmgb33mu9tQSRgab7au0QNXmTYM0Y
KydMFiIcmuSBqt/RUCM+ywqvvlKqiW0ayUR5RhbRaAABpWP/savMrTW/zcz+51mY
BrWkAeyv0uGIHz74PZ0FNA/Dz2zZYP5iicjrdfAOVxT+UiU8KNutOxL/yyVi5XxV
C73cX11zBUAsQGX7Ib7QM4rlc+v2htE82PWidJi+KV2ygdadCZXJ6BFEb0H7Gxt7
VBhXk1RyztgxwvvedYtqfGi9ga3IwTDB4AfEfrkJAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUJJHx8vCs7XMEyEGXzpSLh1jxOAMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJlZjE2NGJlLTAxOGItNDMxZS1hZjJmLTI5NmMwNGVmOGE4ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAUjNiAwDQYJKoZIhvcNAQELBQADggEBAKnkEbFNfrALVaKrZemodxFVxsU/
qEn7iGUFAxfSx0nmNEX2k7UN+FnjDRCV9kxN+VWqY3gKcs7Bi1M/obCL3tJb2F/9
S+pjlvgES7jHoe6aTYiInBiSQx73wjZ0HXpRodW3luvwe0kD5UKqyX7ZI95xWPr5
DyiR67jv/VdeEPRRMNnbPGbhlCiEYNhsAs4U2vMvcFu2eizYGvR6Cl6pPE7LtZ47
6um/dfct2XMkFYIr7VWONpQrk5r9JALfnWJtayQZCDczweUaZAdMGX4212DG2teg
5abZl976aObKcjT5ctFNi1+AeQP+461D9TcK0AjrwNqOs+d9t09BCfc8Wnk=
-----END CERTIFICATE-----