Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de5dd6d4-c289-407a-b099-6e04ecbae72c.roa
File:                     de5dd6d4-c289-407a-b099-6e04ecbae72c.roa (raw, json)
Hash identifier:          HJ33Q9RHA26RhfNv2vlMyxWMtW5/LKlNwxeoiRgp3+I=
Subject key identifier:   F7:CC:45:CF:1C:FD:56:E4:F8:7A:8B:54:BC:1C:B5:6D:E7:01:89:3E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       055E9E0D6F1CF3F940CD75A7FB97F9CB9FD488F2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de5dd6d4-c289-407a-b099-6e04ecbae72c.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        40.35.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:5e:9e:0d:6f:1c:f3:f9:40:cd:75:a7:fb:97:f9:cb:9f:d4:88:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=05bbf35a1d5aef88000776ccf2e0f6421b8dedf671f06daa4e68273df5cf6dcd, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:df:15:90:28:dd:c8:c0:a5:88:c0:bc:64:36:
                    97:32:1f:cc:34:05:00:cd:d8:b9:39:90:07:e1:27:
                    08:5a:10:27:ee:46:25:ed:29:52:bc:47:d8:0e:32:
                    bf:ed:80:f9:b3:c2:b4:40:5d:5a:ad:71:55:6c:bd:
                    d1:5f:5f:19:79:a7:58:c0:e7:6f:bb:67:9c:fa:31:
                    46:5a:df:c6:4b:8d:33:22:ba:d2:6d:25:c8:15:84:
                    75:cc:1a:44:aa:e9:6a:f9:d8:90:49:2d:47:f9:8a:
                    7b:94:37:db:46:b3:99:36:10:f4:eb:cf:a5:c8:b4:
                    7a:1c:36:e5:64:ea:b5:51:1f:f9:00:b9:bf:88:58:
                    ce:a0:6f:1c:d2:ca:c0:e7:e2:dd:2c:a1:31:2a:91:
                    f8:d1:88:93:78:12:42:71:fa:60:de:65:b8:43:b5:
                    6f:fc:1f:a0:53:3d:3b:c7:21:8d:1b:c9:de:00:b6:
                    6a:a6:0f:49:ae:bb:10:e9:fc:1b:28:39:a7:d3:e1:
                    d2:73:58:6a:87:32:20:42:42:aa:be:1d:7b:67:14:
                    d2:f8:6a:92:9b:2a:e4:53:de:94:aa:59:ba:38:ba:
                    61:70:4d:e5:4c:8a:99:33:9e:45:ee:c3:3d:81:17:
                    6b:19:f1:03:9a:a8:f0:b9:e3:45:ee:bb:22:14:f0:
                    18:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:CC:45:CF:1C:FD:56:E4:F8:7A:8B:54:BC:1C:B5:6D:E7:01:89:3E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/de5dd6d4-c289-407a-b099-6e04ecbae72c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         ba:d8:04:c0:6a:51:35:3a:b8:b0:a9:d3:3f:2d:34:56:d5:2e:
         5a:b2:6c:81:eb:9d:b1:15:39:8c:54:ba:86:a7:78:b1:98:0b:
         d5:e6:e2:00:33:1c:46:63:ec:13:91:d2:75:80:b8:4c:1a:9a:
         93:fe:c9:1a:db:a8:f5:13:b7:f1:5f:dc:2d:f5:88:05:24:a5:
         4d:07:e4:af:cc:72:62:30:20:30:40:cf:a6:30:52:99:63:97:
         ba:42:6b:90:61:db:45:91:65:95:2f:2c:e7:46:6e:7f:a2:46:
         69:11:da:c6:05:23:a4:80:14:a7:26:66:e7:03:ea:47:1a:5b:
         e8:14:86:33:40:f5:8f:53:d5:bd:79:35:39:d9:1a:8a:5c:7d:
         57:e3:dd:f8:a3:1c:27:ad:1c:49:7a:c4:a7:33:e3:04:30:a2:
         21:a4:98:ac:76:ae:93:b6:11:43:2a:03:ce:7b:c5:74:dd:c2:
         32:c2:ca:4a:53:80:69:37:95:bc:d7:9e:6b:e4:e5:bd:3e:6e:
         41:0c:6b:55:61:59:fc:ee:6a:ae:a2:87:c0:a4:a1:4b:05:ac:
         77:d6:6b:ae:8f:04:0a:94:b2:00:53:57:55:04:4e:3f:d9:ff:
         4d:a6:d1:78:02:9c:6e:89:08:e9:ed:a0:af:85:32:42:af:11:
         f7:a8:d8:9c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBV6eDW8c8/lAzXWn+5f5y5/UiPIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWJiZjM1YTFkNWFlZjg4MDAwNzc2Y2NmMmUwZjY0MjFi
OGRlZGY2NzFmMDZkYWE0ZTY4MjczZGY1Y2Y2ZGNkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCh3xWQKN3IwKWIwLxkNpcyH8w0BQDN2Lk5kAfhJwhaECfu
RiXtKVK8R9gOMr/tgPmzwrRAXVqtcVVsvdFfXxl5p1jA52+7Z5z6MUZa38ZLjTMi
utJtJcgVhHXMGkSq6Wr52JBJLUf5inuUN9tGs5k2EPTrz6XItHocNuVk6rVRH/kA
ub+IWM6gbxzSysDn4t0soTEqkfjRiJN4EkJx+mDeZbhDtW/8H6BTPTvHIY0byd4A
tmqmD0muuxDp/BsoOafT4dJzWGqHMiBCQqq+HXtnFNL4apKbKuRT3pSqWbo4umFw
TeVMipkznkXuwz2BF2sZ8QOaqPC540XuuyIU8BiFAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU98xFzxz9VuT4eotUvBy1becBiT4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RlNWRkNmQ0LWMyODktNDA3YS1iMDk5LTZlMDRlY2JhZTcyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoIzANBgkqhkiG9w0BAQsFAAOCAQEAutgEwGpRNTq4sKnTPy00VtUuWrJs
geudsRU5jFS6hqd4sZgL1ebiADMcRmPsE5HSdYC4TBqak/7JGtuo9RO38V/cLfWI
BSSlTQfkr8xyYjAgMEDPpjBSmWOXukJrkGHbRZFllS8s50Zuf6JGaRHaxgUjpIAU
pyZm5wPqRxpb6BSGM0D1j1PVvXk1Odkailx9V+Pd+KMcJ60cSXrEpzPjBDCiIaSY
rHauk7YRQyoDznvFdN3CMsLKSlOAaTeVvNeea+TlvT5uQQxrVWFZ/O5qrqKHwKSh
SwWsd9Zrro8ECpSyAFNXVQROP9n/TabReAKcbokI6e2gr4UyQq8R96jYnA==
-----END CERTIFICATE-----