Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c743dda0-a20b-4b9b-b483-894350d70630.roa
File:                     c743dda0-a20b-4b9b-b483-894350d70630.roa (raw, json)
Hash identifier:          McHGEF/N5kW38KpxZ07/S+HuTYQ4hNOoKu8tHYgFORo=
Subject key identifier:   2F:0F:FB:2F:DD:36:39:EC:DF:64:AC:CE:AF:F7:EA:F2:8B:C2:17:C6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       41E511AE83B339B8F69EC60B530F1CF4CB9E1F79
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c743dda0-a20b-4b9b-b483-894350d70630.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.17.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:e5:11:ae:83:b3:39:b8:f6:9e:c6:0b:53:0f:1c:f4:cb:9e:1f:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=f2ac93f33ad9a32cca82dd985505dcfd4c11b2995cad90084aa2e5796f414f46, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a3:8d:7f:0e:0c:01:1d:68:5d:ef:9a:49:5c:
                    c2:a3:dc:5c:4b:70:1d:64:24:e9:e4:43:63:49:9a:
                    d7:98:4f:f7:ae:b2:0b:65:ef:69:74:c2:50:9b:3b:
                    7a:f3:94:24:f8:0c:87:5e:89:70:f2:4a:e2:b2:6a:
                    2a:e3:22:28:8a:95:47:cb:d4:b5:d6:b3:fd:33:9d:
                    37:1c:8f:2b:c6:4f:3c:f6:fb:0a:69:b3:bb:33:6b:
                    35:fc:60:bc:5b:a0:ec:ba:bb:ff:1e:d2:b0:5b:b8:
                    20:d4:e2:56:49:ac:00:e5:cb:da:f9:dc:cc:d9:60:
                    25:15:2f:a0:c8:5a:db:76:13:0b:1b:08:4e:12:50:
                    6e:c2:26:4d:05:c4:3b:d2:f8:13:5d:2c:82:8d:69:
                    55:7a:60:53:3b:55:dd:84:56:36:6b:52:5a:36:7e:
                    07:f6:3a:46:0f:f5:6d:dc:c5:b7:99:0d:26:3e:e1:
                    48:cc:0a:fb:f7:9e:8b:03:f3:5e:4d:62:ce:61:0c:
                    21:fc:8b:be:a8:f5:25:2b:9a:a7:14:92:f3:c9:7d:
                    fe:e1:85:e5:4d:39:fe:e6:be:58:b7:03:a3:47:e7:
                    9d:6a:87:9a:7c:32:08:bc:51:51:e0:a7:47:18:ad:
                    a3:cf:bd:43:59:40:c2:eb:e6:57:e3:35:c2:c7:ae:
                    a4:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0F:FB:2F:DD:36:39:EC:DF:64:AC:CE:AF:F7:EA:F2:8B:C2:17:C6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c743dda0-a20b-4b9b-b483-894350d70630.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.17.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         39:04:89:65:dc:56:d1:a7:3b:83:2f:ce:d3:93:d5:d2:36:e6:
         aa:c6:c4:89:7c:d9:15:c8:4a:e2:a7:19:71:5d:0c:5c:21:22:
         68:5a:4d:5d:54:18:01:53:00:c3:50:f6:f9:fe:f6:24:2c:65:
         31:31:02:8a:52:c7:92:5b:ce:06:14:48:76:d2:18:18:84:04:
         40:a6:81:30:ba:f8:2b:ef:c9:b6:ac:41:0d:4c:f5:a0:d4:3d:
         07:13:3e:4c:51:4d:df:c5:dc:13:60:7a:49:55:41:0e:70:da:
         75:fa:48:91:97:2d:fe:03:0d:a5:33:17:ca:6d:5b:89:65:a3:
         84:46:41:2b:08:c3:00:ea:92:4d:ed:85:05:a5:63:14:b8:8c:
         1e:08:d9:78:63:97:a4:d9:09:44:f3:7f:0c:cd:29:c4:4f:31:
         5c:4d:bc:70:35:42:42:4a:47:af:8b:d0:d0:91:a3:84:08:81:
         9a:a0:02:0a:c5:c2:98:3b:c7:5c:19:da:94:20:81:a8:68:9c:
         1f:d5:1c:55:44:bd:ea:bd:de:4b:01:ec:98:f4:ca:65:6a:42:
         f2:7a:84:76:bc:1a:b8:77:a7:f0:c9:b1:6d:9d:52:e1:e3:dc:
         e0:ca:59:df:c5:f8:78:64:8a:7e:ff:a1:d6:55:0a:f0:51:65:
         02:a7:46:40
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQeURroOzObj2nsYLUw8c9MueH3kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmFjOTNmMzNhZDlhMzJjY2E4MmRkOTg1NTA1ZGNmZDRj
MTFiMjk5NWNhZDkwMDg0YWEyZTU3OTZmNDE0ZjQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHo41/DgwBHWhd75pJXMKj3FxLcB1kJOnkQ2NJmteYT/eu
sgtl72l0wlCbO3rzlCT4DIdeiXDySuKyairjIiiKlUfL1LXWs/0znTccjyvGTzz2
+wpps7szazX8YLxboOy6u/8e0rBbuCDU4lZJrADly9r53MzZYCUVL6DIWtt2Ewsb
CE4SUG7CJk0FxDvS+BNdLIKNaVV6YFM7Vd2EVjZrUlo2fgf2OkYP9W3cxbeZDSY+
4UjMCvv3nosD815NYs5hDCH8i76o9SUrmqcUkvPJff7hheVNOf7mvli3A6NH551q
h5p8Mgi8UVHgp0cYraPPvUNZQMLr5lfjNcLHrqQ5AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQULw/7L902OezfZKzOr/fq8ovCF8YwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2M3NDNkZGEwLWEyMGItNGI5Yi1iNDgzLTg5NDM1MGQ3MDYzMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjETANBgkqhkiG9w0BAQsFAAOCAQEAOQSJZdxW0ac7gy/O05PV0jbmqsbE
iXzZFchK4qcZcV0MXCEiaFpNXVQYAVMAw1D2+f72JCxlMTECilLHklvOBhRIdtIY
GIQEQKaBMLr4K+/JtqxBDUz1oNQ9BxM+TFFN38XcE2B6SVVBDnDadfpIkZct/gMN
pTMXym1biWWjhEZBKwjDAOqSTe2FBaVjFLiMHgjZeGOXpNkJRPN/DM0pxE8xXE28
cDVCQkpHr4vQ0JGjhAiBmqACCsXCmDvHXBnalCCBqGicH9UcVUS96r3eSwHsmPTK
ZWpC8nqEdrwauHen8MmxbZ1S4ePc4MpZ38X4eGSKfv+h1lUK8FFlAqdGQA==
-----END CERTIFICATE-----