Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b92a41e-1980-4234-9bc5-a9e6cebdc03e.roa
File:                     5b92a41e-1980-4234-9bc5-a9e6cebdc03e.roa (raw, json)
Hash identifier:          JxMcKArD6TZ2Xl6jicjH4uc0nEHbZ8fBdBZjR0LNb1M=
Subject key identifier:   88:98:B2:E2:AD:50:39:36:20:DB:B3:50:85:A1:1F:CE:0F:09:1D:43
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       32A5F0CFEDD5590D191C3BB025E8214C705B91F1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b92a41e-1980-4234-9bc5-a9e6cebdc03e.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.34.128.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:a5:f0:cf:ed:d5:59:0d:19:1c:3b:b0:25:e8:21:4c:70:5b:91:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b4:b1:ae:38:56:e3:ba:82:d8:5a:5f:c2:a2:
                    05:35:9c:0a:ad:89:8b:2b:88:4d:32:db:fe:5d:82:
                    5a:03:e1:01:17:61:56:14:48:4e:9c:a8:9c:2c:ae:
                    29:20:e9:ce:ec:be:60:fc:ed:47:6b:24:32:87:f3:
                    dd:ef:dc:dd:58:09:18:58:8e:5c:87:54:85:99:a0:
                    0a:72:a2:62:10:0c:87:86:6a:4e:9b:d0:b2:18:3c:
                    68:6e:39:ff:c8:0c:1a:c1:e3:47:30:d9:3c:d5:f7:
                    83:01:a1:2c:90:b6:d6:a2:dc:8a:c0:ea:ce:9e:1b:
                    04:ef:b2:3d:58:af:8f:63:7e:54:44:eb:fb:49:c7:
                    cc:18:dc:a9:64:6d:75:ca:be:63:9f:b8:6f:3a:4b:
                    ef:48:21:79:ac:e4:49:61:58:41:0d:c6:2c:ef:79:
                    2c:07:2b:e1:d8:de:dc:b2:16:eb:79:ab:9f:a6:6a:
                    59:8e:5d:33:29:5f:83:ca:96:11:2e:ff:b0:1b:cc:
                    b7:e3:c7:45:71:73:dc:fc:19:83:7c:54:2c:46:35:
                    6a:b9:6b:6e:76:9c:e4:c6:5c:3c:c3:05:b7:80:43:
                    02:11:c4:8d:b9:de:03:67:9b:cd:ef:a9:94:f7:a7:
                    c7:ee:15:7e:b7:7c:65:8f:d2:37:7a:68:66:2b:4f:
                    10:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:98:B2:E2:AD:50:39:36:20:DB:B3:50:85:A1:1F:CE:0F:09:1D:43
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/5b92a41e-1980-4234-9bc5-a9e6cebdc03e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.34.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         71:cc:3d:c1:b1:4f:43:a8:41:bf:75:23:e8:30:54:f6:8b:91:
         20:75:97:47:e0:6d:0c:49:62:26:d1:de:02:a0:c3:7d:dc:14:
         5e:f0:70:6e:60:3d:bd:7a:87:9e:ff:d8:85:d7:32:e6:2f:33:
         e4:12:c7:99:7d:d1:26:0f:72:e4:32:ef:bd:ac:87:30:c5:81:
         be:0a:4d:0c:b3:95:b2:32:79:5a:07:b9:85:8a:67:91:40:dd:
         25:e7:0d:d0:4c:0d:f2:e0:8c:6f:5a:51:a2:61:e0:fd:46:84:
         30:28:7c:14:8f:30:66:30:d0:b9:b3:4c:98:ba:0e:40:df:06:
         48:e4:0e:c0:40:1e:5b:26:6c:dc:73:1c:b0:a7:8e:c7:6f:d3:
         7c:41:0b:63:7c:c7:5b:b0:a0:59:2f:d7:5e:15:6f:72:fe:2c:
         3f:d6:69:86:d3:ff:e2:30:85:27:22:58:ab:a0:37:6c:4f:de:
         62:be:ea:75:29:9e:14:63:6d:12:21:5f:37:7d:94:2b:bb:5d:
         d7:c1:ab:9b:80:19:49:57:06:48:2d:41:de:50:13:bc:7b:b7:
         87:61:c3:c8:8c:85:f6:b9:4f:16:c7:b9:80:d5:22:1d:37:6d:
         58:2e:bf:3e:8a:5e:d2:6d:f7:22:3a:53:cd:b4:f0:8d:08:1f:
         39:87:17:e3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMqXwz+3VWQ0ZHDuwJeghTHBbkfEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZGY5ZTMxMTAyNGJmMDc3ZmUxNWM0NGY2N2M4NzQ3YjM4
N2Q4ZTk3OWQ1ZDc4ZmZkOThjM2Y3ODIzMDk0OGNhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6tLGuOFbjuoLYWl/CogU1nAqtiYsriE0y2/5dgloD4QEX
YVYUSE6cqJwsrikg6c7svmD87UdrJDKH893v3N1YCRhYjlyHVIWZoApyomIQDIeG
ak6b0LIYPGhuOf/IDBrB40cw2TzV94MBoSyQttai3IrA6s6eGwTvsj1Yr49jflRE
6/tJx8wY3KlkbXXKvmOfuG86S+9IIXms5ElhWEENxizveSwHK+HY3tyyFut5q5+m
almOXTMpX4PKlhEu/7AbzLfjx0Vxc9z8GYN8VCxGNWq5a252nOTGXDzDBbeAQwIR
xI253gNnm83vqZT3p8fuFX63fGWP0jd6aGYrTxC1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiJiy4q1QOTYg27NQhaEfzg8JHUMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzViOTJhNDFlLTE5ODAtNDIzNC05YmM1LWE5ZTZjZWJkYzAzZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcjIoAwDQYJKoZIhvcNAQELBQADggEBAHHMPcGxT0OoQb91I+gwVPaLkSB1
l0fgbQxJYibR3gKgw33cFF7wcG5gPb16h57/2IXXMuYvM+QSx5l90SYPcuQy772s
hzDFgb4KTQyzlbIyeVoHuYWKZ5FA3SXnDdBMDfLgjG9aUaJh4P1GhDAofBSPMGYw
0LmzTJi6DkDfBkjkDsBAHlsmbNxzHLCnjsdv03xBC2N8x1uwoFkv114Vb3L+LD/W
aYbT/+IwhSciWKugN2xP3mK+6nUpnhRjbRIhXzd9lCu7XdfBq5uAGUlXBkgtQd5Q
E7x7t4dhw8iMhfa5TxbHuYDVIh03bVguvz6KXtJt9yI6U8208I0IHzmHF+M=
-----END CERTIFICATE-----