Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99096d7b-5511-4390-9995-b6573fc0e0b8.roa
File:                     99096d7b-5511-4390-9995-b6573fc0e0b8.roa (raw, json)
Hash identifier:          P484LP4OVTA49UJNCrm23tBk0TmLWfQsJ9jO5JGUjEs=
Subject key identifier:   52:C0:6A:97:45:BF:24:B5:11:8D:F0:40:DA:B5:9A:32:1E:20:59:D1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B40A40079FFC3FCBB809F4F26721CE44173832E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99096d7b-5511-4390-9995-b6573fc0e0b8.roa
Signing time:             Sat 04 Jan 2025 00:00:00 +0000
ROA not before:           Sat 04 Jan 2025 00:00:00 +0000
ROA not after:            Sat 08 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.50.196.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:40:a4:00:79:ff:c3:fc:bb:80:9f:4f:26:72:1c:e4:41:73:83:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  4 00:00:00 2025 GMT
            Not After : Feb  8 23:59:59 2025 GMT
        Subject: serialNumber=ab36cebd1cd64fcd85388214322909e9a37daf2b98315e087189d404693c976e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:8e:f7:f6:03:f3:3f:36:9f:e7:ae:97:d9:
                    d6:fa:b7:01:2c:ea:8d:59:d7:09:e2:f4:ca:13:11:
                    a8:a2:f3:4f:8a:f9:e7:e3:47:e3:83:d2:5a:82:40:
                    3f:49:0a:c2:90:70:0e:ad:69:d1:62:02:06:66:e7:
                    e3:57:cc:c5:6d:76:e6:f7:98:7a:37:df:dc:a5:a6:
                    d5:f9:7c:9e:83:d1:11:df:03:b8:8d:17:c7:2a:07:
                    ac:bf:4b:24:00:dd:4a:3a:8e:c3:ce:ee:ac:85:4b:
                    97:3a:e8:58:ff:0d:34:44:3c:39:0f:d1:88:99:a0:
                    7a:e1:a6:19:9d:66:3f:e1:7c:1b:85:a7:c9:ff:d5:
                    9d:ce:52:37:e4:0d:49:83:28:df:42:05:73:71:0d:
                    fb:63:45:e5:04:cd:9a:a7:d3:e2:cb:e9:13:24:6d:
                    d6:d8:b9:32:a8:3c:ec:a9:5a:8c:80:91:d6:3f:02:
                    3c:5b:7d:c4:21:63:61:a0:a1:0f:b6:df:4e:21:18:
                    55:77:e6:00:b3:91:2a:ae:13:fb:63:7e:c7:01:38:
                    32:16:12:b0:ff:ff:30:57:73:af:77:38:4e:15:63:
                    0d:be:d7:f6:4d:0e:1d:03:0f:b2:ad:bf:56:da:f5:
                    d9:d7:56:3d:6c:9c:ca:21:b2:45:56:3e:98:a3:1d:
                    b3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C0:6A:97:45:BF:24:B5:11:8D:F0:40:DA:B5:9A:32:1E:20:59:D1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/99096d7b-5511-4390-9995-b6573fc0e0b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.50.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:46:cc:04:c0:18:aa:22:58:3e:29:ae:08:f5:cd:f8:fb:5a:
         2f:b7:ba:93:70:84:2b:90:e6:fe:02:d2:6e:7f:98:08:5e:30:
         fa:86:2c:fe:db:29:a0:a8:c2:7c:55:a7:2f:b7:ba:61:50:fd:
         0a:3c:0d:b4:a8:bd:f7:4e:b2:af:a1:ed:bf:ee:c2:93:b5:58:
         fd:05:5a:07:de:20:f6:a9:b8:ab:af:b7:2f:12:94:0f:47:83:
         16:0a:37:1e:9b:50:0b:1b:72:4a:15:c0:37:c1:5d:61:e8:dd:
         c5:ae:56:ea:e5:80:56:98:63:83:31:06:ed:ac:d0:45:d3:02:
         96:82:4c:5a:a8:c0:9d:66:5f:13:f8:68:78:92:6b:d2:a7:c3:
         a0:40:89:13:65:2d:7d:72:72:b4:56:92:fa:92:57:c0:d9:0c:
         b9:df:bd:86:5e:55:8b:ff:96:d8:eb:5d:a2:6f:48:f1:68:9f:
         68:dd:3b:b7:79:84:8b:88:72:49:06:dc:3a:bc:61:a1:48:41:
         11:6d:a2:18:c0:80:ae:a3:90:1c:58:ed:33:27:c1:1e:3a:4b:
         b6:bc:2f:f0:e9:40:6c:3e:87:ff:0a:e0:94:f4:f7:c6:68:23:
         1d:b1:cd:2c:ba:f7:df:7e:3d:76:3f:c2:69:f6:13:c1:c0:91:
         70:ae:2f:65
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUK0CkAHn/w/y7gJ9PJnIc5EFzgy4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA0MDAwMDAwWhcNMjUwMjA4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYjM2Y2ViZDFjZDY0ZmNkODUzODgyMTQzMjI5MDllOWEz
N2RhZjJiOTgzMTVlMDg3MTg5ZDQwNDY5M2M5NzZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIfo739gPzPzaf566X2db6twEs6o1Z1wni9MoTEaii80+K
+efjR+OD0lqCQD9JCsKQcA6tadFiAgZm5+NXzMVtdub3mHo339ylptX5fJ6D0RHf
A7iNF8cqB6y/SyQA3Uo6jsPO7qyFS5c66Fj/DTREPDkP0YiZoHrhphmdZj/hfBuF
p8n/1Z3OUjfkDUmDKN9CBXNxDftjReUEzZqn0+LL6RMkbdbYuTKoPOypWoyAkdY/
AjxbfcQhY2GgoQ+2304hGFV35gCzkSquE/tjfscBODIWErD//zBXc693OE4VYw2+
1/ZNDh0DD7Ktv1ba9dnXVj1snMohskVWPpijHbPpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUsBql0W/JLURjfBA2rWaMh4gWdEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzk5MDk2ZDdiLTU1MTEtNDM5MC05OTk1LWI2NTczZmMwZTBiOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjMsQwDQYJKoZIhvcNAQELBQADggEBAAlGzATAGKoiWD4prgj1zfj7Wi+3
upNwhCuQ5v4C0m5/mAheMPqGLP7bKaCownxVpy+3umFQ/Qo8DbSovfdOsq+h7b/u
wpO1WP0FWgfeIPapuKuvty8SlA9HgxYKNx6bUAsbckoVwDfBXWHo3cWuVurlgFaY
Y4MxBu2s0EXTApaCTFqowJ1mXxP4aHiSa9Knw6BAiRNlLX1ycrRWkvqSV8DZDLnf
vYZeVYv/ltjrXaJvSPFon2jdO7d5hIuIckkG3Dq8YaFIQRFtohjAgK6jkBxY7TMn
wR46S7a8L/DpQGw+h/8K4JT098ZoIx2xzSy6999+PXY/wmn2E8HAkXCuL2U=
-----END CERTIFICATE-----