Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/749fc126-a0b5-4964-9a0a-0dc5319ce477.roa
File:                     749fc126-a0b5-4964-9a0a-0dc5319ce477.roa (raw, json)
Hash identifier:          p7g2rL36YnEgvTzy8i83IBK8RZKrqXeE4LvPARM68UM=
Subject key identifier:   EA:A8:2D:C8:A0:22:7F:BF:6A:F0:E5:21:C4:D4:A4:8F:15:8E:7D:97
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7DF8721A9125D1CEC86DF2FA30513755114E4051
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/749fc126-a0b5-4964-9a0a-0dc5319ce477.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.52.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:f8:72:1a:91:25:d1:ce:c8:6d:f2:fa:30:51:37:55:11:4e:40:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:da:48:e9:d7:c0:fd:c6:6c:28:66:3c:76:0d:
                    e3:a2:da:4a:4d:2b:db:92:b9:7f:fc:a1:a3:ee:36:
                    c8:0b:31:2f:c3:12:d3:cc:b9:22:06:08:b7:1a:43:
                    9b:d3:c8:4e:95:e9:73:ce:a6:2a:88:93:a0:9f:31:
                    a5:a3:dc:98:98:9e:0e:9e:67:5b:5c:27:15:17:b0:
                    e5:31:c4:14:d2:38:0d:4e:37:c3:71:3f:44:ab:e8:
                    e7:25:17:db:0c:c6:33:1d:5e:a5:95:52:45:27:b7:
                    51:cd:5a:32:be:c4:38:fa:46:bc:92:f0:03:9c:17:
                    c1:2a:97:45:71:25:4d:f5:6f:d7:3d:6d:c5:ca:46:
                    9e:29:a3:42:48:23:cb:ec:fe:d1:ed:06:05:cb:de:
                    0c:e7:7f:ac:2f:ea:07:9b:83:55:10:52:cc:c2:73:
                    b5:ef:84:57:9a:12:8f:dc:92:46:35:4c:b2:10:dd:
                    e5:a1:da:f5:ff:4e:8c:da:9c:a4:24:29:81:b6:e8:
                    c4:48:4d:7c:e5:a9:55:3f:d4:2a:e6:56:95:cf:a1:
                    79:55:0e:c5:c2:e9:80:b1:f8:83:f5:5a:55:6a:d9:
                    01:ac:e1:f1:95:0e:e5:82:df:af:9b:ef:96:ba:b4:
                    f6:1c:91:c8:be:b8:65:9b:a3:8a:d5:ac:c2:f2:76:
                    43:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:A8:2D:C8:A0:22:7F:BF:6A:F0:E5:21:C4:D4:A4:8F:15:8E:7D:97
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/749fc126-a0b5-4964-9a0a-0dc5319ce477.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.52.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         08:a2:c3:cb:26:ea:53:95:31:d2:3b:5e:24:16:02:e8:a2:74:
         54:bd:48:6f:82:7b:cd:25:c9:78:02:5e:a5:71:b0:c4:c1:d6:
         a5:25:9b:46:b8:4c:37:b3:8f:6c:92:dc:9e:58:26:49:d3:99:
         61:43:23:39:4a:61:02:24:4d:8a:70:93:74:44:47:03:16:2d:
         d3:d3:d0:a7:b4:b2:89:33:d5:a8:4e:72:e3:3f:1d:25:a9:1b:
         4b:93:2d:1e:95:80:3d:a7:93:bf:03:d6:0d:00:a2:6e:38:60:
         3f:fc:ca:4e:1a:fc:87:cd:43:7e:78:08:d8:f4:f1:b0:f4:99:
         1f:e4:8f:d8:34:88:00:08:b0:97:7e:24:4e:19:56:dc:0a:cd:
         65:a8:5f:d3:48:32:92:ec:39:98:a8:36:22:7c:8c:44:92:ed:
         a3:92:e5:92:72:04:60:4f:46:10:0c:72:46:e8:af:09:06:05:
         ba:6c:b7:9f:e2:68:5f:8f:94:7d:88:c0:d3:9c:6e:12:7a:3a:
         94:54:a1:c1:82:80:a2:07:ad:e3:90:4a:48:1a:f5:7c:39:35:
         f9:78:e7:68:03:da:b0:e1:f5:b1:60:ca:d3:c6:4f:8e:1b:d0:
         c3:2d:e5:ce:71:c6:8d:fb:8a:25:b0:9f:b3:95:4d:e1:e6:3f:
         dc:d8:5b:b8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUffhyGpEl0c7IbfL6MFE3VRFOQFEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMTFlMWFmN2U1NWMwODgwZTg2MDhlZjQwMDk3NWM1Y2U4
ZjhmYmY1MDQ2ZDFmZGI0YzhmNWE0YTRmNTFjZDhkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCa2kjp18D9xmwoZjx2DeOi2kpNK9uSuX/8oaPuNsgLMS/D
EtPMuSIGCLcaQ5vTyE6V6XPOpiqIk6CfMaWj3JiYng6eZ1tcJxUXsOUxxBTSOA1O
N8NxP0Sr6OclF9sMxjMdXqWVUkUnt1HNWjK+xDj6RryS8AOcF8Eql0VxJU31b9c9
bcXKRp4po0JII8vs/tHtBgXL3gznf6wv6gebg1UQUszCc7XvhFeaEo/ckkY1TLIQ
3eWh2vX/TozanKQkKYG26MRITXzlqVU/1CrmVpXPoXlVDsXC6YCx+IP1WlVq2QGs
4fGVDuWC36+b75a6tPYckci+uGWbo4rVrMLydkO7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU6qgtyKAif79q8OUhxNSkjxWOfZcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc0OWZjMTI2LWEwYjUtNDk2NC05YTBhLTBkYzUzMTljZTQ3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjNDANBgkqhkiG9w0BAQsFAAOCAQEACKLDyybqU5Ux0jteJBYC6KJ0VL1I
b4J7zSXJeAJepXGwxMHWpSWbRrhMN7OPbJLcnlgmSdOZYUMjOUphAiRNinCTdERH
AxYt09PQp7SyiTPVqE5y4z8dJakbS5MtHpWAPaeTvwPWDQCibjhgP/zKThr8h81D
fngI2PTxsPSZH+SP2DSIAAiwl34kThlW3ArNZahf00gykuw5mKg2InyMRJLto5Ll
knIEYE9GEAxyRuivCQYFumy3n+JoX4+UfYjA05xuEno6lFShwYKAoget45BKSBr1
fDk1+XjnaAPasOH1sWDK08ZPjhvQwy3lznHGjfuKJbCfs5VN4eY/3NhbuA==
-----END CERTIFICATE-----