Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/411e7baf-0d1b-401b-9610-0fef3616491c.roa
File:                     411e7baf-0d1b-401b-9610-0fef3616491c.roa (raw, json)
Hash identifier:          rOTk641oKsUaD63v5w6l5XbcdAB1hrtJcNbX9rBLsmw=
Subject key identifier:   E6:D7:0A:47:BD:18:D5:AC:15:83:CD:94:E4:C5:6C:07:79:60:8D:3B
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       790BEBA2C945FA4D2993815D8F12E40DD06C74AA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/411e7baf-0d1b-401b-9610-0fef3616491c.roa
Signing time:             Sat 21 Dec 2024 00:00:00 +0000
ROA not before:           Sat 21 Dec 2024 00:00:00 +0000
ROA not after:            Sat 25 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.34.80.0/20 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:0b:eb:a2:c9:45:fa:4d:29:93:81:5d:8f:12:e4:0d:d0:6c:74:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 21 00:00:00 2024 GMT
            Not After : Jan 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:fb:9d:49:07:7b:45:46:ab:c7:2c:1a:81:13:
                    2a:48:de:37:2b:d5:a6:a2:1b:b1:ca:01:bb:be:99:
                    55:5d:12:ac:73:1c:cc:0c:cb:16:34:f3:15:6c:2d:
                    5b:b5:0b:ab:80:8c:17:01:77:a0:b5:c1:34:1e:06:
                    f4:1e:89:6d:7a:15:d9:c7:54:50:57:59:67:6f:1c:
                    e3:b1:87:af:0b:82:32:dd:b1:0b:8a:f9:d8:8d:6c:
                    e2:f5:76:45:7a:11:43:51:07:2f:e6:61:f2:a5:e7:
                    ba:69:16:ec:10:d6:28:23:f9:57:ea:d3:9c:29:a3:
                    4b:63:23:f1:d6:3f:c8:09:f5:98:28:41:0c:07:d8:
                    e4:e2:15:2c:2c:30:3e:2f:f4:0f:e8:a5:14:c7:70:
                    94:af:2e:ef:63:e9:8c:fd:77:c0:e2:5b:a0:1c:fe:
                    b1:d9:32:17:66:c2:f7:47:20:e0:b8:b2:1c:67:0f:
                    2f:30:56:f3:10:ce:b1:f8:bc:5e:88:49:63:18:88:
                    1e:84:5f:a8:0c:51:4a:7b:ff:9f:5e:3d:4b:08:63:
                    85:21:1a:c6:96:49:73:8d:b2:7b:d6:bd:9d:5a:9c:
                    7f:76:de:24:78:58:1c:d6:6e:99:4a:b2:44:81:37:
                    3b:45:ec:63:81:c0:1a:03:82:2c:86:58:8a:7c:1b:
                    1d:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D7:0A:47:BD:18:D5:AC:15:83:CD:94:E4:C5:6C:07:79:60:8D:3B
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/411e7baf-0d1b-401b-9610-0fef3616491c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.34.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         47:79:b9:eb:e4:2d:17:d3:fa:62:dc:ee:9f:08:53:b2:3d:52:
         76:78:cf:40:a7:3b:42:39:29:ca:96:6f:1f:05:d5:8d:e4:51:
         85:27:d1:97:bc:f4:35:98:ee:1d:e0:5e:d7:81:26:f3:f9:58:
         36:06:42:c2:bf:3e:63:6e:86:6a:b3:41:5d:91:80:3f:ff:77:
         d7:5a:09:db:86:0a:b0:46:9c:19:85:76:03:91:f2:30:44:83:
         76:6c:83:e5:82:ad:d3:8c:d2:77:a1:3a:2e:76:7c:57:67:da:
         3f:c4:62:c7:bd:65:cd:b7:33:8e:64:33:48:1c:8b:88:00:9c:
         c1:dd:19:3b:36:e4:07:11:4d:74:46:2d:50:6e:f1:99:e5:e2:
         17:83:22:53:02:08:c4:0e:3b:1e:5b:b2:7e:f6:40:50:32:d3:
         9b:c2:a6:97:aa:af:97:70:6d:85:0b:f9:01:8d:cf:93:11:61:
         78:a9:9d:1b:b0:26:63:e0:78:f1:38:17:d5:db:f1:ad:74:27:
         de:8e:b1:a9:9c:a5:29:2d:85:88:82:18:b2:96:87:45:db:da:
         6a:41:e0:b9:a1:49:77:f2:9a:7b:e9:21:89:eb:77:63:51:5f:
         0b:58:53:75:d0:d3:52:cd:c6:26:35:ef:38:63:23:da:6d:eb:
         c8:c7:23:b2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeQvroslF+k0pk4FdjxLkDdBsdKowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIxMDAwMDAwWhcNMjUwMTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NDkzYWVhNDFhNjk3ZjJlODI1ZmEwMmI4OGZhNjdiMzQ4
MTVjMGVjZWJmZTZjZThhYTc0ODQ3M2NhMTA4YjY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDo+51JB3tFRqvHLBqBEypI3jcr1aaiG7HKAbu+mVVdEqxz
HMwMyxY08xVsLVu1C6uAjBcBd6C1wTQeBvQeiW16FdnHVFBXWWdvHOOxh68LgjLd
sQuK+diNbOL1dkV6EUNRBy/mYfKl57ppFuwQ1igj+Vfq05wpo0tjI/HWP8gJ9Zgo
QQwH2OTiFSwsMD4v9A/opRTHcJSvLu9j6Yz9d8DiW6Ac/rHZMhdmwvdHIOC4shxn
Dy8wVvMQzrH4vF6ISWMYiB6EX6gMUUp7/59ePUsIY4UhGsaWSXONsnvWvZ1anH92
3iR4WBzWbplKskSBNztF7GOBwBoDgiyGWIp8Gx2tAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU5tcKR70Y1awVg82U5MVsB3lgjTswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQxMWU3YmFmLTBkMWItNDAxYi05NjEwLTBmZWYzNjE2NDkxYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQjIlAwDQYJKoZIhvcNAQELBQADggEBAEd5uevkLRfT+mLc7p8IU7I9UnZ4
z0CnO0I5KcqWbx8F1Y3kUYUn0Ze89DWY7h3gXteBJvP5WDYGQsK/PmNuhmqzQV2R
gD//d9daCduGCrBGnBmFdgOR8jBEg3Zsg+WCrdOM0nehOi52fFdn2j/EYse9Zc23
M45kM0gci4gAnMHdGTs25AcRTXRGLVBu8Znl4heDIlMCCMQOOx5bsn72QFAy05vC
ppeqr5dwbYUL+QGNz5MRYXipnRuwJmPgePE4F9Xb8a10J96OsamcpSkthYiCGLKW
h0Xb2mpB4LmhSXfymnvpIYnrd2NRXwtYU3XQ01LNxiY17zhjI9pt68jHI7I=
-----END CERTIFICATE-----