Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a746a641-fa6d-4451-8e68-7384fe406ddb.roa
File:                     a746a641-fa6d-4451-8e68-7384fe406ddb.roa (raw, json)
Hash identifier:          WPVkMWUv8FwUI7guAp5tUYEyRKSoU5daPmacU8KZSOs=
Subject key identifier:   2D:10:0C:75:07:A9:1E:BA:4D:5C:11:F3:B0:AA:D5:57:22:65:78:F4
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1C5305ECB621F2E2E41A92948B8C5562085C46F4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a746a641-fa6d-4451-8e68-7384fe406ddb.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.26.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:53:05:ec:b6:21:f2:e2:e4:1a:92:94:8b:8c:55:62:08:5c:46:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e1:77:8c:58:23:1f:7f:f1:ef:c0:84:b3:16:
                    c7:4f:3c:d5:91:ab:a1:54:95:92:94:d8:01:3f:ba:
                    17:32:72:1b:9a:b7:b3:a9:30:1a:11:dd:27:d8:e4:
                    64:0d:cd:29:74:2d:bb:85:06:6a:7d:79:ba:ab:3b:
                    20:03:04:0d:a4:ce:24:25:09:e1:01:c1:f5:aa:e9:
                    23:2b:a6:5b:7a:1f:85:03:41:45:b8:29:4e:eb:89:
                    ff:96:59:06:bc:71:0e:8b:ce:fb:95:1c:44:eb:bc:
                    c9:83:7e:b3:bc:cd:82:d8:bd:16:10:c6:6b:8d:b6:
                    8c:02:af:c0:66:39:25:af:96:15:b7:06:86:20:6d:
                    ac:1c:66:49:d0:cf:b5:25:9f:5c:9e:99:08:87:88:
                    68:c1:c6:bc:b5:1f:d5:46:22:7d:8f:42:74:8a:a4:
                    6f:26:9d:99:d3:36:b2:32:49:c8:ee:50:c9:28:1a:
                    9c:16:25:40:b3:94:81:e8:7e:a7:01:66:30:cf:e8:
                    5a:91:c2:14:bc:56:36:3d:c8:7a:27:1a:c6:82:7c:
                    1b:a4:fa:87:0c:3b:ea:90:ec:f0:aa:ef:1f:0e:94:
                    89:d0:1d:c9:ec:20:d8:25:b1:1c:a1:a9:9a:ff:ff:
                    a8:67:d1:9e:c4:f2:d4:be:4a:cb:f0:48:fc:13:c6:
                    e7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:10:0C:75:07:A9:1E:BA:4D:5C:11:F3:B0:AA:D5:57:22:65:78:F4
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a746a641-fa6d-4451-8e68-7384fe406ddb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.26.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         38:b1:06:e2:98:2f:2a:ff:56:a3:55:54:d8:af:fb:e0:46:63:
         29:01:93:51:33:a4:c6:fb:0b:bd:a1:1e:12:dc:3b:67:13:d8:
         1e:62:80:0c:68:55:f0:5c:56:f1:85:83:b5:40:28:34:9a:cd:
         47:75:14:95:36:39:f2:f6:c4:b1:d5:cf:35:68:4c:13:5a:17:
         88:58:94:3d:28:46:d3:41:fe:10:06:63:9d:d9:5d:f4:78:1d:
         2a:af:07:cb:d7:aa:b0:68:5d:f5:90:86:b7:a5:d8:f1:26:fe:
         3c:8f:88:0b:6f:b0:48:fe:94:41:d6:a6:58:12:c8:45:bd:88:
         23:19:23:df:19:9e:e7:f4:75:fe:55:2b:c8:37:b4:b4:41:d4:
         00:01:e2:63:03:f2:a4:ca:ea:6c:c9:4a:59:54:bd:5f:6e:72:
         20:52:d7:36:7c:97:52:0b:b8:90:a6:bc:6a:89:17:fc:6d:bd:
         6f:1f:b8:1e:28:e2:6e:9b:62:88:85:47:f5:0a:e6:32:27:e6:
         88:f4:8e:6c:c7:79:05:22:57:8a:61:a3:0a:e3:e9:b5:4b:07:
         10:59:c0:26:74:fe:7e:20:e5:d3:c2:a7:fa:87:0a:9e:70:35:
         e3:1b:1d:56:1b:54:d2:0a:46:3c:34:9c:d2:5c:82:ad:6e:d0:
         60:5e:14:2d
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHFMF7LYh8uLkGpKUi4xVYghcRvQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkODE2ZDJlNGIzZTU1OWYzMDQ0ODJkYTY1YjkzZWIyZThi
NmFhMGZlNTBlM2M2MDgyNGQ0MjNkODVlYzQyOGJkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCd4XeMWCMff/HvwISzFsdPPNWRq6FUlZKU2AE/uhcychua
t7OpMBoR3SfY5GQNzSl0LbuFBmp9ebqrOyADBA2kziQlCeEBwfWq6SMrplt6H4UD
QUW4KU7rif+WWQa8cQ6LzvuVHETrvMmDfrO8zYLYvRYQxmuNtowCr8BmOSWvlhW3
BoYgbawcZknQz7Uln1yemQiHiGjBxry1H9VGIn2PQnSKpG8mnZnTNrIyScjuUMko
GpwWJUCzlIHofqcBZjDP6FqRwhS8VjY9yHonGsaCfBuk+ocMO+qQ7PCq7x8OlInQ
HcnsINglsRyhqZr//6hn0Z7E8tS+SsvwSPwTxufRAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULRAMdQepHrpNXBHzsKrVVyJlePQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E3NDZhNjQxLWZhNmQtNDQ1MS04ZTY4LTczODRmZTQwNmRkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjGjANBgkqhkiG9w0BAQsFAAOCAQEAOLEG4pgvKv9Wo1VU2K/74EZjKQGT
UTOkxvsLvaEeEtw7ZxPYHmKADGhV8FxW8YWDtUAoNJrNR3UUlTY58vbEsdXPNWhM
E1oXiFiUPShG00H+EAZjndld9HgdKq8Hy9eqsGhd9ZCGt6XY8Sb+PI+IC2+wSP6U
QdamWBLIRb2IIxkj3xme5/R1/lUryDe0tEHUAAHiYwPypMrqbMlKWVS9X25yIFLX
NnyXUgu4kKa8aokX/G29bx+4HijibptiiIVH9QrmMifmiPSObMd5BSJXimGjCuPp
tUsHEFnAJnT+fiDl08Kn+ocKnnA14xsdVhtU0gpGPDSc0lyCrW7QYF4ULQ==
-----END CERTIFICATE-----