Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ba621db-d295-4f28-9765-ac207449dddc.roa
File:                     6ba621db-d295-4f28-9765-ac207449dddc.roa (raw, json)
Hash identifier:          cVUp5JzU9k0TuGM0N1nhjnQSmjDDyNEcRnZ/EuaL1fc=
Subject key identifier:   6C:45:B3:DB:4D:A2:1F:0E:27:B2:30:C8:2B:AA:EF:4C:A4:80:5F:E8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3064CA222ED9F4580D18A2F912D3DFA3E528155C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ba621db-d295-4f28-9765-ac207449dddc.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.128.128.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:64:ca:22:2e:d9:f4:58:0d:18:a2:f9:12:d3:df:a3:e5:28:15:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=ce3f6465a67d298f4b4be7a3bf9b258c26943568baa4ba96e0b27c4885885306, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:2d:75:b1:32:23:0c:87:27:88:55:88:bd:14:
                    2e:62:a5:17:ed:f5:12:4a:8f:c9:0a:b0:d7:5e:78:
                    75:75:1c:6c:bb:b9:d1:43:1a:14:ee:c6:11:86:e5:
                    de:7e:9c:ad:f6:2d:08:fa:1d:7b:c1:78:35:b0:2b:
                    dc:aa:3c:ae:b2:3a:eb:ee:08:bf:f9:58:b1:0e:98:
                    41:d4:87:c5:36:ff:7c:e5:37:a7:85:ec:14:4a:a7:
                    17:e5:cf:a7:10:63:28:bb:96:5d:c2:83:a8:af:fe:
                    06:84:ae:3b:08:e0:75:07:71:f9:45:45:e4:7a:83:
                    17:08:6c:41:34:4e:5a:01:7a:8c:29:77:3c:92:03:
                    b1:c2:d2:39:71:99:2d:86:53:56:a2:18:3d:71:eb:
                    d8:ad:40:9f:2d:14:79:b4:47:aa:ba:44:47:35:8f:
                    bc:85:63:6e:8e:2d:bf:8d:b0:15:b5:1f:88:c8:e2:
                    bc:a6:1f:d8:43:cd:39:c3:a3:e5:fa:2d:36:b3:51:
                    f7:b6:99:c0:3b:90:3b:9b:8e:71:5b:ad:18:4b:ca:
                    a6:62:9d:1d:2a:8c:d0:63:20:10:69:fb:e3:3d:ea:
                    dc:29:eb:d4:91:c7:27:c0:ca:71:48:25:8d:20:97:
                    5b:89:de:d0:30:ed:57:90:73:b2:30:4a:31:f3:99:
                    08:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:45:B3:DB:4D:A2:1F:0E:27:B2:30:C8:2B:AA:EF:4C:A4:80:5F:E8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/6ba621db-d295-4f28-9765-ac207449dddc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.128.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         4e:8e:ec:9c:3b:6a:1f:23:35:a6:41:58:a5:8d:04:3c:39:79:
         c7:da:f6:91:12:da:27:40:d6:be:45:5a:f0:0a:fb:00:7d:7b:
         d0:25:fc:e3:a8:8b:c8:d9:0e:42:6b:42:0a:ae:b6:15:ab:07:
         18:1c:8b:d4:3d:4a:4f:38:d9:49:65:50:ae:29:c9:2e:ed:b8:
         a8:9f:06:e3:c4:da:3d:ab:9b:78:3f:86:4e:59:ba:cb:9d:4e:
         cc:33:30:66:56:3c:b7:70:98:87:ec:50:59:84:6f:cc:7b:4f:
         bd:3d:38:76:fd:a8:a8:8d:2c:18:00:f4:c8:9e:80:d4:da:0e:
         8c:be:20:a2:6b:a6:bd:2d:a3:e1:94:45:07:43:2a:c2:f9:04:
         95:84:9e:15:f0:62:79:7c:db:04:7b:2f:99:47:ee:f9:83:75:
         37:6e:e2:05:b1:7d:24:1b:72:a5:00:28:c6:26:88:e2:3e:b0:
         57:ed:54:f2:5b:4f:28:37:1c:6e:8a:96:b0:5f:2a:f1:11:9a:
         3a:d6:02:d0:1f:d4:7e:9f:45:f6:b2:6e:f1:2b:a9:c8:4f:7b:
         e9:cf:9e:fe:7c:09:8b:e1:d7:2e:8f:18:82:88:f0:38:83:e8:
         3d:7a:bf:89:78:ac:58:8b:29:63:01:5d:fb:9c:73:3a:c4:2a:
         0a:be:5f:ea
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMGTKIi7Z9FgNGKL5EtPfo+UoFVwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZTNmNjQ2NWE2N2QyOThmNGI0YmU3YTNiZjliMjU4YzI2
OTQzNTY4YmFhNGJhOTZlMGIyN2M0ODg1ODg1MzA2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD8LXWxMiMMhyeIVYi9FC5ipRft9RJKj8kKsNdeeHV1HGy7
udFDGhTuxhGG5d5+nK32LQj6HXvBeDWwK9yqPK6yOuvuCL/5WLEOmEHUh8U2/3zl
N6eF7BRKpxflz6cQYyi7ll3Cg6iv/gaErjsI4HUHcflFReR6gxcIbEE0TloBeowp
dzySA7HC0jlxmS2GU1aiGD1x69itQJ8tFHm0R6q6REc1j7yFY26OLb+NsBW1H4jI
4rymH9hDzTnDo+X6LTazUfe2mcA7kDubjnFbrRhLyqZinR0qjNBjIBBp++M96twp
69SRxyfAynFIJY0gl1uJ3tAw7VeQc7IwSjHzmQi3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbEWz202iHw4nsjDIK6rvTKSAX+gwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzZiYTYyMWRiLWQyOTUtNGYyOC05NzY1LWFjMjA3NDQ5ZGRkYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYjgIAwDQYJKoZIhvcNAQELBQADggEBAE6O7Jw7ah8jNaZBWKWNBDw5ecfa
9pES2idA1r5FWvAK+wB9e9Al/OOoi8jZDkJrQgquthWrBxgci9Q9Sk842UllUK4p
yS7tuKifBuPE2j2rm3g/hk5ZusudTswzMGZWPLdwmIfsUFmEb8x7T709OHb9qKiN
LBgA9MiegNTaDoy+IKJrpr0to+GURQdDKsL5BJWEnhXwYnl82wR7L5lH7vmDdTdu
4gWxfSQbcqUAKMYmiOI+sFftVPJbTyg3HG6KlrBfKvERmjrWAtAf1H6fRfaybvEr
qchPe+nPnv58CYvh1y6PGIKI8DiD6D16v4l4rFiLKWMBXfucczrEKgq+X+o=
-----END CERTIFICATE-----