Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8169e6a4-2f55-4226-a4df-50ce90e699d2.roa
File:                     8169e6a4-2f55-4226-a4df-50ce90e699d2.roa (raw, json)
Hash identifier:          9dau9Xf3HDL8spmEvueyEtj63+VDNrCW5UMl5Qylhvg=
Subject key identifier:   C1:CF:6C:E3:BC:E4:4E:EB:68:F4:61:44:2D:9E:F2:BD:EF:DD:43:34
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6CA40203E658D96A754270BC2326471E0BFAA4B3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8169e6a4-2f55-4226-a4df-50ce90e699d2.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.128.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:a4:02:03:e6:58:d9:6a:75:42:70:bc:23:26:47:1e:0b:fa:a4:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=a9d9f0d8ea2de75fb23306fdd558f3dcb5c1c66f9580e44c8c1a030534bb407a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:aa:86:e9:03:1c:a1:5b:b6:86:85:d3:0d:05:
                    bc:35:11:c0:68:b1:5e:8f:22:ed:2a:17:fb:66:af:
                    cb:e3:6d:f4:22:3c:49:65:91:f1:66:08:0b:99:96:
                    d3:74:7f:0b:87:a1:0a:70:5d:84:f9:6f:6c:36:c5:
                    5c:d9:bf:8a:7b:3e:cd:f7:e0:90:b3:3d:cd:b5:8a:
                    6f:1f:d1:d1:25:e5:2e:89:80:d3:88:9d:c3:c2:20:
                    68:08:a2:51:2b:a6:6e:ee:04:e5:8a:1f:f5:f5:1a:
                    f8:71:35:82:e2:44:10:65:02:f6:07:b1:1b:a1:5f:
                    44:46:9b:da:08:e2:89:e2:23:f8:e7:78:f0:88:11:
                    9f:5a:6b:90:11:6b:17:b7:8f:1f:bd:3d:6a:2e:f0:
                    43:15:ee:8d:ba:44:55:96:eb:d5:b2:1d:d4:35:2b:
                    66:20:16:03:03:b9:30:3d:39:62:0c:cb:b9:a7:47:
                    8f:56:03:61:4b:26:0e:ef:5a:ca:54:17:1d:e2:f2:
                    53:16:e6:72:c3:45:b3:33:79:d9:88:31:dd:8a:99:
                    a7:9d:45:c8:2f:fc:83:be:68:85:75:77:16:34:d5:
                    57:86:87:c5:d4:0b:d6:df:b2:0e:ba:09:00:f6:fb:
                    2f:fb:a3:ce:a0:48:86:89:73:cb:ed:57:fd:9c:21:
                    df:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:CF:6C:E3:BC:E4:4E:EB:68:F4:61:44:2D:9E:F2:BD:EF:DD:43:34
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8169e6a4-2f55-4226-a4df-50ce90e699d2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.128.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         13:5a:f1:7f:96:c3:07:e1:27:c4:29:d9:1c:ab:74:f1:2c:b6:
         b8:5b:69:c1:fb:f1:30:e5:e0:37:16:cd:af:a8:21:a2:51:be:
         db:63:8c:10:84:4a:d5:19:56:74:27:1a:bf:0d:24:be:d0:74:
         68:ec:78:0e:4e:fb:9c:43:01:81:35:74:fe:87:83:c9:d9:ec:
         26:09:6b:b4:b0:02:5c:9e:3c:d0:8f:2d:f6:08:45:ce:42:44:
         35:35:2b:a1:da:47:f0:00:10:57:21:97:aa:ec:8f:3a:f4:44:
         e1:0f:27:f0:b5:9d:fd:3d:40:b7:56:57:d0:00:a9:91:a6:7d:
         05:ad:96:e0:69:04:6c:2a:12:4b:e4:6e:b4:57:ac:0a:0f:6c:
         3d:ad:ce:22:07:98:39:d8:be:98:27:f1:c7:e5:17:20:5a:31:
         b1:51:53:d9:39:7f:60:7e:e4:8f:f0:01:06:9b:d2:64:f5:a3:
         cc:ed:ff:c8:b3:42:2e:2d:c4:2c:c2:6f:02:4d:a5:f4:30:b7:
         e7:ed:a9:b3:a3:bc:73:3f:05:19:e7:95:61:ca:69:2f:7f:42:
         76:01:97:f4:e1:d4:0c:9c:4c:91:69:9d:80:eb:64:f8:02:e0:
         89:14:67:f5:5c:4e:21:a1:32:49:ac:41:c7:f6:ed:fe:84:48:
         ff:51:15:94
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbKQCA+ZY2Wp1QnC8IyZHHgv6pLMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhOWQ5ZjBkOGVhMmRlNzVmYjIzMzA2ZmRkNTU4ZjNkY2I1
YzFjNjZmOTU4MGU0NGM4YzFhMDMwNTM0YmI0MDdhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCgqobpAxyhW7aGhdMNBbw1EcBosV6PIu0qF/tmr8vjbfQi
PEllkfFmCAuZltN0fwuHoQpwXYT5b2w2xVzZv4p7Ps334JCzPc21im8f0dEl5S6J
gNOIncPCIGgIolErpm7uBOWKH/X1GvhxNYLiRBBlAvYHsRuhX0RGm9oI4oniI/jn
ePCIEZ9aa5ARaxe3jx+9PWou8EMV7o26RFWW69WyHdQ1K2YgFgMDuTA9OWIMy7mn
R49WA2FLJg7vWspUFx3i8lMW5nLDRbMzedmIMd2KmaedRcgv/IO+aIV1dxY01VeG
h8XUC9bfsg66CQD2+y/7o86gSIaJc8vtV/2cId83AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwc9s47zkTuto9GFELZ7yve/dQzQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxNjllNmE0LTJmNTUtNDIyNi1hNGRmLTUwY2U5MGU2OTlkMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYjgEAwDQYJKoZIhvcNAQELBQADggEBABNa8X+WwwfhJ8Qp2RyrdPEstrhb
acH78TDl4DcWza+oIaJRvttjjBCEStUZVnQnGr8NJL7QdGjseA5O+5xDAYE1dP6H
g8nZ7CYJa7SwAlyePNCPLfYIRc5CRDU1K6HaR/AAEFchl6rsjzr0ROEPJ/C1nf09
QLdWV9AAqZGmfQWtluBpBGwqEkvkbrRXrAoPbD2tziIHmDnYvpgn8cflFyBaMbFR
U9k5f2B+5I/wAQab0mT1o8zt/8izQi4txCzCbwJNpfQwt+ftqbOjvHM/BRnnlWHK
aS9/QnYBl/Th1AycTJFpnYDrZPgC4IkUZ/VcTiGhMkmsQcf27f6ESP9RFZQ=
-----END CERTIFICATE-----