Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4d1dec6-18ac-46d2-a5b0-eaafb2244e12.roa
File:                     d4d1dec6-18ac-46d2-a5b0-eaafb2244e12.roa (raw, json)
Hash identifier:          NVUi05FoIc1NoCt/JoHsvKsfE6a4hFf2UOR9GdmHDqU=
Subject key identifier:   FD:FD:8C:DB:A3:B2:0E:AE:EB:F4:9F:83:B2:0B:BC:BF:1C:48:45:F1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       377E7E71B190849E9B6D4CCB1797B49D487D4A06
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4d1dec6-18ac-46d2-a5b0-eaafb2244e12.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.50.134.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:7e:7e:71:b1:90:84:9e:9b:6d:4c:cb:17:97:b4:9d:48:7d:4a:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0b:25:05:bd:a4:38:58:66:0e:59:80:0f:af:
                    d9:be:00:d3:bb:71:0b:6d:fc:35:fa:8a:7a:ef:32:
                    b0:ba:42:22:94:01:92:53:1b:ec:6e:27:85:c0:06:
                    0e:83:20:01:b5:96:ac:c7:49:af:a7:d3:0d:7b:d0:
                    3a:d2:3d:fb:ce:ca:d1:72:4b:21:8a:39:9c:1c:8f:
                    85:10:b6:78:e6:22:8b:70:c0:ff:dd:a2:83:87:d6:
                    a4:9c:3a:0e:ca:68:90:fa:48:79:84:8d:2b:63:72:
                    44:03:56:db:2b:05:21:28:6d:28:67:82:6d:ec:bc:
                    96:64:70:90:48:c3:2c:f4:16:26:c7:31:e1:b9:28:
                    a7:c9:06:c8:f1:da:39:e3:0d:b9:db:5a:55:15:13:
                    8a:84:db:9a:8c:8d:50:f6:2f:87:9f:6b:05:d2:37:
                    3d:f8:47:05:9c:40:80:a0:33:36:bb:a4:3e:12:45:
                    99:97:22:95:86:cb:35:67:c8:63:bc:2b:94:11:2e:
                    68:1b:71:93:cb:71:d0:2c:5f:91:36:74:fd:6a:20:
                    50:4d:e0:26:0a:4b:93:cc:cc:6a:9e:44:22:f1:94:
                    7e:0a:18:1c:89:d2:06:fe:13:c5:d4:ae:ed:b2:89:
                    07:25:a5:ba:bc:99:31:72:9c:4a:2b:e4:01:89:c2:
                    f4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:FD:8C:DB:A3:B2:0E:AE:EB:F4:9F:83:B2:0B:BC:BF:1C:48:45:F1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/d4d1dec6-18ac-46d2-a5b0-eaafb2244e12.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.50.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:2e:be:31:9d:01:f8:ad:2f:88:ae:4d:6e:e3:e2:55:60:ee:
         e6:8d:12:29:d2:13:de:0f:38:e1:40:31:71:01:f4:10:de:1f:
         1e:db:94:a7:b7:0a:5b:50:ab:59:48:14:ff:29:d8:67:0e:f9:
         b2:23:ce:ac:0e:bb:6c:3c:f4:f8:8f:10:c9:bc:f0:84:0e:d0:
         e6:03:fe:70:c0:b4:24:86:5f:8f:26:46:60:de:b3:89:5e:23:
         ef:4c:ac:9a:a0:95:c1:e9:92:b6:f9:a0:24:77:ec:e4:4d:6e:
         09:c8:94:df:d5:e6:95:8d:ee:58:f9:69:72:e9:54:33:21:1f:
         73:b3:43:71:69:83:1d:91:81:76:ce:85:b3:7f:05:b6:05:88:
         24:81:43:8e:90:b4:4f:19:b5:8d:78:30:03:3e:cd:b6:f0:df:
         fa:9d:a4:4a:0a:8e:8b:be:c5:e1:37:44:8d:f9:4d:78:83:ad:
         39:5e:5a:02:9d:d9:f5:ca:21:1d:07:da:59:c8:d4:a8:1f:72:
         9a:22:cc:09:68:15:5f:0f:56:1a:b8:7f:5d:50:16:2b:44:94:
         9c:ac:2e:89:41:aa:3f:6e:ed:af:3c:82:b4:41:c5:30:ec:39:
         3e:97:59:49:a8:70:76:9b:f9:d7:b4:80:87:70:28:04:89:ac:
         c4:7b:b2:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN35+cbGQhJ6bbUzLF5e0nUh9SgYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMWY2NWIzMGNiNTcwMmJmMTYwZDlhNDkyZDhkZWM4YWJm
NDVmMTZkNmI4ZDk2ZmViNGZkN2MwYjI2ZGJkZWZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+CyUFvaQ4WGYOWYAPr9m+ANO7cQtt/DX6inrvMrC6QiKU
AZJTG+xuJ4XABg6DIAG1lqzHSa+n0w170DrSPfvOytFySyGKOZwcj4UQtnjmIotw
wP/dooOH1qScOg7KaJD6SHmEjStjckQDVtsrBSEobShngm3svJZkcJBIwyz0FibH
MeG5KKfJBsjx2jnjDbnbWlUVE4qE25qMjVD2L4efawXSNz34RwWcQICgMza7pD4S
RZmXIpWGyzVnyGO8K5QRLmgbcZPLcdAsX5E2dP1qIFBN4CYKS5PMzGqeRCLxlH4K
GByJ0gb+E8XUru2yiQclpbq8mTFynEor5AGJwvSVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/f2M26OyDq7r9J+Dsgu8vxxIRfEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2Q0ZDFkZWM2LTE4YWMtNDZkMi1hNWIwLWVhYWZiMjI0NGUxMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjMoYwDQYJKoZIhvcNAQELBQADggEBAB8uvjGdAfitL4iuTW7j4lVg7uaN
EinSE94POOFAMXEB9BDeHx7blKe3CltQq1lIFP8p2GcO+bIjzqwOu2w89PiPEMm8
8IQO0OYD/nDAtCSGX48mRmDes4leI+9MrJqglcHpkrb5oCR37ORNbgnIlN/V5pWN
7lj5aXLpVDMhH3OzQ3Fpgx2RgXbOhbN/BbYFiCSBQ46QtE8ZtY14MAM+zbbw3/qd
pEoKjou+xeE3RI35TXiDrTleWgKd2fXKIR0H2lnI1KgfcpoizAloFV8PVhq4f11Q
FitElJysLolBqj9u7a88grRBxTDsOT6XWUmocHab+de0gIdwKASJrMR7svw=
-----END CERTIFICATE-----