Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f15c63ff-e71d-4619-bf60-70d656a3d2ef.roa
File:                     f15c63ff-e71d-4619-bf60-70d656a3d2ef.roa (raw, json)
Hash identifier:          O3lYvVc7O8cs9FxXOy5N2Udoz2RO3NpKNX4cJ82BAPo=
Subject key identifier:   9E:CC:4D:C7:C0:F0:8E:12:60:C9:44:F3:99:0B:4D:72:52:91:5C:99
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4EF5C23080DEC2F70571636303BF4FDC53442BEA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f15c63ff-e71d-4619-bf60-70d656a3d2ef.roa
Signing time:             Mon 23 Dec 2024 00:00:00 +0000
ROA not before:           Mon 23 Dec 2024 00:00:00 +0000
ROA not after:            Mon 27 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.54.64.0/18 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:f5:c2:30:80:de:c2:f7:05:71:63:63:03:bf:4f:dc:53:44:2b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 23 00:00:00 2024 GMT
            Not After : Jan 27 23:59:59 2025 GMT
        Subject: serialNumber=c780c7efbdb9b097e3666ad2664e1a05e38955705a987c0e647fa76828de82e8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:25:d2:30:53:83:fc:e5:42:f0:0e:50:fd:b5:
                    99:7d:43:86:eb:a0:bf:73:46:92:85:e9:d0:96:04:
                    fd:cc:49:f9:f6:37:7a:7f:12:55:a4:cd:15:d7:dd:
                    2f:3b:ab:ad:77:d8:02:bc:86:b6:14:f7:b0:32:9d:
                    55:ca:a7:31:3a:26:bf:56:01:81:e9:18:ab:8a:27:
                    21:d8:66:9c:e1:7b:8d:89:51:0c:bd:73:b3:bc:c3:
                    d3:6d:6c:0c:1b:72:a2:56:89:78:e1:00:3a:66:d3:
                    30:07:f4:65:d9:02:36:01:01:e1:d8:3a:49:76:f4:
                    16:09:56:d8:a4:2b:d3:75:d3:4d:3e:cd:91:94:48:
                    0b:75:95:e3:4b:62:33:25:51:de:5b:3b:b8:c0:c3:
                    c8:77:95:3a:1c:b2:4e:e5:fb:35:7d:11:ca:de:b2:
                    11:97:d8:a2:a8:6f:86:7b:3b:b8:b1:52:1e:64:0e:
                    a6:d1:47:61:1b:fe:d1:78:16:f4:59:37:14:f1:1f:
                    6e:b4:52:bf:71:13:15:dd:2e:5d:64:b9:c7:51:5c:
                    f7:f7:50:d8:e2:e9:af:60:80:05:46:96:e6:79:6c:
                    b7:da:3b:27:90:38:9a:fc:d4:4a:66:21:95:85:3e:
                    c5:73:da:d2:6c:93:bb:43:82:ce:90:bc:54:f1:98:
                    e1:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:CC:4D:C7:C0:F0:8E:12:60:C9:44:F3:99:0B:4D:72:52:91:5C:99
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/f15c63ff-e71d-4619-bf60-70d656a3d2ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.54.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ca:d8:b8:33:cb:dd:c6:85:45:e9:0e:a1:39:85:92:74:b9:32:
         43:7b:85:af:a6:14:3a:84:83:50:70:50:f5:b7:49:22:80:62:
         f7:96:70:28:1a:86:a3:57:c4:97:fc:97:55:87:85:a3:70:dc:
         eb:97:ca:3d:cf:96:ad:fb:74:fb:af:61:7a:ff:de:3d:98:e1:
         66:b7:49:5e:70:06:c1:ca:f4:d6:dd:bf:bd:47:5d:fb:f0:51:
         2a:13:2a:e4:92:18:19:d8:7e:52:38:26:74:fb:80:6c:97:2c:
         5b:50:5a:f1:7b:95:6d:c3:6f:5b:63:96:76:46:f4:78:1d:5e:
         aa:8d:d3:ca:14:7d:22:40:9b:ca:07:eb:66:c5:d9:46:13:c7:
         ca:c2:3c:12:89:c3:e9:9b:49:13:71:1f:ea:9e:d1:ae:75:af:
         86:8a:ec:46:21:e2:64:6f:cb:3c:11:2f:e3:5f:b3:85:79:62:
         c5:83:7f:b0:65:f9:be:b6:aa:86:de:87:34:01:4d:99:45:52:
         4a:07:6b:79:28:bf:f1:42:42:64:a3:b4:10:78:7d:22:c0:05:
         6d:18:93:a4:d1:e9:49:8c:1e:3e:44:14:d2:bf:3d:53:23:76:
         3c:65:11:73:67:8a:31:f8:7e:0b:50:35:98:70:88:37:4c:f6:
         d7:aa:6a:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTvXCMIDewvcFcWNjA79P3FNEK+owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjIzMDAwMDAwWhcNMjUwMTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjNzgwYzdlZmJkYjliMDk3ZTM2NjZhZDI2NjRlMWEwNWUz
ODk1NTcwNWE5ODdjMGU2NDdmYTc2ODI4ZGU4MmU4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZJdIwU4P85ULwDlD9tZl9Q4broL9zRpKF6dCWBP3MSfn2
N3p/ElWkzRXX3S87q6132AK8hrYU97AynVXKpzE6Jr9WAYHpGKuKJyHYZpzhe42J
UQy9c7O8w9NtbAwbcqJWiXjhADpm0zAH9GXZAjYBAeHYOkl29BYJVtikK9N1000+
zZGUSAt1leNLYjMlUd5bO7jAw8h3lTocsk7l+zV9EcreshGX2KKob4Z7O7ixUh5k
DqbRR2Eb/tF4FvRZNxTxH260Ur9xExXdLl1kucdRXPf3UNji6a9ggAVGluZ5bLfa
OyeQOJr81EpmIZWFPsVz2tJsk7tDgs6QvFTxmOHtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUnsxNx8DwjhJgyUTzmQtNclKRXJkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2YxNWM2M2ZmLWU3MWQtNDYxOS1iZjYwLTcwZDY1NmEzZDJlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAYjNkAwDQYJKoZIhvcNAQELBQADggEBAMrYuDPL3caFRekOoTmFknS5MkN7
ha+mFDqEg1BwUPW3SSKAYveWcCgahqNXxJf8l1WHhaNw3OuXyj3Plq37dPuvYXr/
3j2Y4Wa3SV5wBsHK9Nbdv71HXfvwUSoTKuSSGBnYflI4JnT7gGyXLFtQWvF7lW3D
b1tjlnZG9HgdXqqN08oUfSJAm8oH62bF2UYTx8rCPBKJw+mbSRNxH+qe0a51r4aK
7EYh4mRvyzwRL+Nfs4V5YsWDf7Bl+b62qobehzQBTZlFUkoHa3kov/FCQmSjtBB4
fSLABW0Yk6TR6UmMHj5EFNK/PVMjdjxlEXNnijH4fgtQNZhwiDdM9teqavM=
-----END CERTIFICATE-----