Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/3514181a-b2cc-4f6a-910d-0d6560bd08b0.roa
File:                     3514181a-b2cc-4f6a-910d-0d6560bd08b0.roa (raw, json)
Hash identifier:          QckaUKKhtOow8jvR50Va63im1w7WyehASeMSgXgfL+s=
Subject key identifier:   AA:EF:B1:B3:9F:04:4C:8E:AE:CA:F7:0A:68:9C:01:5E:B3:30:76:A4
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       045FA835906EA3EA66C964EC1880C6BC534B758F
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/3514181a-b2cc-4f6a-910d-0d6560bd08b0.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.0.0/12 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:5f:a8:35:90:6e:a3:ea:66:c9:64:ec:18:80:c6:bc:53:4b:75:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8d:e7:a6:19:c6:b6:5e:fc:7c:e7:46:5a:7c:
                    e4:18:c6:fb:e2:37:ae:4c:78:cb:2f:32:64:98:3d:
                    21:e5:f4:78:85:d0:ac:ce:5f:e8:a7:07:6e:96:3e:
                    41:fb:15:c0:57:57:06:bc:be:b7:7a:63:41:16:e6:
                    ed:2d:fe:56:aa:1a:27:98:ef:45:ae:7c:87:6f:72:
                    6a:e2:67:6c:ca:89:87:9b:26:c8:1e:01:d0:35:e3:
                    33:ff:9c:53:38:87:78:85:8f:1f:a1:7e:a7:fa:90:
                    ff:6b:56:bb:9c:c3:eb:e4:09:ec:45:55:27:29:17:
                    64:17:89:78:e7:e3:e0:6f:eb:0b:67:a2:1e:de:43:
                    05:4c:e2:37:0b:60:d7:76:26:ec:6a:91:e7:af:9b:
                    01:40:a4:40:da:be:68:b6:11:e5:67:b9:19:7b:c5:
                    72:12:80:35:76:88:66:f8:f1:38:da:51:c0:1f:0f:
                    c4:11:0a:81:05:46:a5:06:f4:33:db:87:98:c0:96:
                    79:f7:cf:51:e0:72:67:d0:e4:90:cc:b3:d4:60:98:
                    95:d5:25:19:c1:d9:c1:eb:95:b3:b1:ae:ce:6c:30:
                    6e:42:ba:7d:1c:a0:6f:3e:5c:4d:35:7a:1e:62:1e:
                    4f:8e:4c:5c:ea:e9:a4:aa:b8:8f:36:bd:8b:cf:3a:
                    23:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:EF:B1:B3:9F:04:4C:8E:AE:CA:F7:0A:68:9C:01:5E:B3:30:76:A4
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/3514181a-b2cc-4f6a-910d-0d6560bd08b0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         9f:51:fd:81:b1:01:33:d1:f7:da:fb:3e:66:64:03:2c:7e:68:
         c5:90:d4:56:cf:3e:f4:82:90:31:2c:58:5b:42:b4:95:39:83:
         c5:61:1d:87:11:8e:76:a2:a1:0a:74:79:a3:a9:6d:04:57:a7:
         0d:ad:26:f6:74:12:9a:b9:67:fb:bc:5b:cb:39:cc:15:c3:81:
         19:f0:ca:8f:07:7d:ab:60:66:fc:1e:59:e9:a4:b7:b1:d4:fa:
         af:58:ea:1e:e3:da:8b:15:e6:7b:ba:f9:7a:85:53:c6:c7:31:
         df:ad:50:cb:ce:2c:30:09:45:e2:a2:54:22:f6:18:98:77:58:
         ea:17:c6:9d:c1:de:6c:e3:48:75:60:87:2c:4a:a9:b8:2e:50:
         f5:99:50:cf:c9:c0:da:e1:27:6c:51:7b:34:91:7b:51:58:18:
         c1:2d:65:35:d6:d3:99:4d:47:b1:cb:af:88:5e:c8:1c:dd:82:
         29:87:f7:fa:3e:9e:36:b4:e1:5e:24:c4:03:55:7e:be:fc:0e:
         6a:01:4e:0c:d9:03:fa:c9:d8:64:5f:8d:46:7a:ac:12:17:1a:
         1c:f7:fb:46:38:e1:be:ef:73:6b:ff:89:5e:60:35:9e:46:f3:
         00:a7:64:f4:b9:4f:fc:3d:03:04:96:14:33:8f:00:c6:b0:10:
         ec:4d:87:7f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBF+oNZBuo+pmyWTsGIDGvFNLdY8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzg3NTg1NGIzOWY4ODQ1NDNkYTFlZWNiYzBkNGZkZTEy
MGQ0N2ZlNzQ3ZTQ0ODc5YzVhMWJlOTRlZjVmNmE3MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDUjeemGca2Xvx850ZafOQYxvviN65MeMsvMmSYPSHl9HiF
0KzOX+inB26WPkH7FcBXVwa8vrd6Y0EW5u0t/laqGieY70WufIdvcmriZ2zKiYeb
JsgeAdA14zP/nFM4h3iFjx+hfqf6kP9rVrucw+vkCexFVScpF2QXiXjn4+Bv6wtn
oh7eQwVM4jcLYNd2JuxqkeevmwFApEDavmi2EeVnuRl7xXISgDV2iGb48TjaUcAf
D8QRCoEFRqUG9DPbh5jAlnn3z1HgcmfQ5JDMs9RgmJXVJRnB2cHrlbOxrs5sMG5C
un0coG8+XE01eh5iHk+OTFzq6aSquI82vYvPOiM3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUqu+xs58ETI6uyvcKaJwBXrMwdqQwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzM1MTQxODFhLWIyY2MtNGY2YS05MTBkLTBkNjU2MGJkMDhiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjYDANBgkqhkiG9w0BAQsFAAOCAQEAn1H9gbEBM9H32vs+ZmQDLH5oxZDU
Vs8+9IKQMSxYW0K0lTmDxWEdhxGOdqKhCnR5o6ltBFenDa0m9nQSmrln+7xbyznM
FcOBGfDKjwd9q2Bm/B5Z6aS3sdT6r1jqHuPaixXme7r5eoVTxscx361Qy84sMAlF
4qJUIvYYmHdY6hfGncHebONIdWCHLEqpuC5Q9ZlQz8nA2uEnbFF7NJF7UVgYwS1l
NdbTmU1HscuviF7IHN2CKYf3+j6eNrThXiTEA1V+vvwOagFODNkD+snYZF+NRnqs
EhcaHPf7Rjjhvu9za/+JXmA1nkbzAKdk9LlP/D0DBJYUM48AxrAQ7E2Hfw==
-----END CERTIFICATE-----