Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c68dfd72-b00b-4af0-8b2f-6baf62910f28.roa
File:                     c68dfd72-b00b-4af0-8b2f-6baf62910f28.roa (raw, json)
Hash identifier:          uUviP11qHkrzf5wiLFl4qkGd/gZghaXpQlzZuAW8eFo=
Subject key identifier:   E3:56:40:35:16:DF:4C:5C:E7:E5:B3:DD:9F:69:1A:69:2E:AF:AC:8D
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       0AFDC756E03434C1D5A4DD7CD9070AA05465A73A
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c68dfd72-b00b-4af0-8b2f-6baf62910f28.roa
Signing time:             Mon 28 Apr 2025 15:30:32 +0000
ROA not before:           Mon 28 Apr 2025 15:30:32 +0000
ROA not after:            Mon 02 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.16.0/22 maxlen: 22
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:fd:c7:56:e0:34:34:c1:d5:a4:dd:7c:d9:07:0a:a0:54:65:a7:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Apr 28 15:30:32 2025 GMT
            Not After : Jun  2 23:59:59 2025 GMT
        Subject: serialNumber=13749cb3550b98594e94eb50c84a86e953fb5fb5021568e99ea8dc99a04553a7, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:c9:82:ae:97:3a:e7:21:4c:84:1a:d8:3c:df:
                    6d:78:48:c3:b5:c1:13:87:f4:13:29:e7:02:06:d1:
                    2f:93:55:e7:44:f2:40:1a:5b:73:e6:a8:eb:3b:73:
                    a0:f8:ea:ab:f5:e3:c8:17:2e:5c:2d:a7:9f:76:e1:
                    a0:f8:1d:77:47:50:fc:c5:bc:8e:81:de:36:dd:cb:
                    bc:e9:89:09:71:ba:4f:61:eb:28:ff:24:cf:be:8f:
                    71:c7:8b:b0:15:e8:96:0d:25:de:a2:9b:1f:1d:1d:
                    6c:15:92:21:d2:97:45:c3:ab:95:0c:3a:f0:b5:c7:
                    8c:f8:de:2c:2d:43:0d:07:a2:87:28:1f:aa:71:f0:
                    6c:b2:5b:44:1b:46:28:4e:6d:c2:ac:2d:b9:e3:94:
                    44:9d:c9:b2:7f:8d:0d:7b:af:16:75:a4:c3:39:1c:
                    05:fa:46:b2:7f:b0:50:64:67:b1:7d:77:4b:9e:20:
                    4b:2a:08:41:17:b8:a3:2c:cf:62:28:e6:77:6b:00:
                    55:32:dd:82:2d:2d:5b:4f:12:a2:95:eb:31:d4:a6:
                    36:d9:ae:b2:c6:11:c0:ff:95:79:94:45:4a:13:18:
                    2b:84:38:4e:67:9b:f7:03:9a:0c:f0:43:8b:6d:a3:
                    f8:80:c7:2c:64:d0:06:46:81:2c:ae:9c:7b:d7:ce:
                    38:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:56:40:35:16:DF:4C:5C:E7:E5:B3:DD:9F:69:1A:69:2E:AF:AC:8D
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/c68dfd72-b00b-4af0-8b2f-6baf62910f28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:4b:ed:7c:2f:82:4b:f3:50:4e:9b:66:a6:bd:0b:b9:70:16:
         f1:23:d2:17:cd:d7:48:53:36:43:2e:91:6b:04:c5:19:3c:11:
         c8:ff:fb:66:0e:0d:b0:bc:2f:20:9e:83:fd:91:f4:fa:83:bf:
         5a:a0:cc:32:32:b0:f0:2c:96:2b:a2:c2:8f:29:78:60:77:37:
         3a:d8:5d:a4:70:31:d4:e8:0c:6e:ba:b5:90:c3:cd:3a:2f:40:
         ba:3a:30:fb:c9:fd:b7:12:70:5e:ae:51:74:23:b7:dd:6b:39:
         38:46:77:7c:a3:d7:2e:23:03:01:83:f0:4c:50:af:29:23:18:
         16:30:6f:3a:ae:48:05:c0:11:75:da:aa:b7:df:39:6e:2d:d5:
         e3:6e:93:1f:52:a4:54:5e:6d:fb:2d:63:9b:4b:8a:80:b8:cb:
         01:4b:4a:9e:b8:15:26:8f:fe:ff:49:e1:92:a2:4a:53:d7:75:
         76:6c:27:35:13:32:0f:f9:b7:27:1f:bc:d0:63:cb:18:f5:17:
         11:2b:28:76:87:4d:97:74:21:54:9d:be:ae:d9:99:7d:d5:97:
         6d:58:48:78:83:c9:02:7b:d2:60:7d:71:d3:a3:a2:9e:f5:3c:
         39:17:de:3a:96:cb:de:67:ad:64:ce:b9:25:4c:bb:0d:56:f7:
         3a:f9:dd:ab
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCv3HVuA0NMHVpN182QcKoFRlpzowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNDI4MTUzMDMyWhcNMjUwNjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzc0OWNiMzU1MGI5ODU5NGU5NGViNTBjODRhODZlOTUz
ZmI1ZmI1MDIxNTY4ZTk5ZWE4ZGM5OWEwNDU1M2E3MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDuyYKulzrnIUyEGtg83214SMO1wROH9BMp5wIG0S+TVedE
8kAaW3PmqOs7c6D46qv148gXLlwtp5924aD4HXdHUPzFvI6B3jbdy7zpiQlxuk9h
6yj/JM++j3HHi7AV6JYNJd6imx8dHWwVkiHSl0XDq5UMOvC1x4z43iwtQw0Hooco
H6px8GyyW0QbRihObcKsLbnjlESdybJ/jQ17rxZ1pMM5HAX6RrJ/sFBkZ7F9d0ue
IEsqCEEXuKMsz2Io5ndrAFUy3YItLVtPEqKV6zHUpjbZrrLGEcD/lXmURUoTGCuE
OE5nm/cDmgzwQ4tto/iAxyxk0AZGgSyunHvXzjj/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU41ZANRbfTFzn5bPdn2kaaS6vrI0wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2M2OGRmZDcyLWIwMGItNGFmMC04YjJmLTZiYWY2MjkxMGYyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIjYBAwDQYJKoZIhvcNAQELBQADggEBAF1L7XwvgkvzUE6bZqa9C7lwFvEj
0hfN10hTNkMukWsExRk8Ecj/+2YODbC8LyCeg/2R9PqDv1qgzDIysPAsliuiwo8p
eGB3NzrYXaRwMdToDG66tZDDzTovQLo6MPvJ/bcScF6uUXQjt91rOThGd3yj1y4j
AwGD8ExQrykjGBYwbzquSAXAEXXaqrffOW4t1eNukx9SpFRebfstY5tLioC4ywFL
Sp64FSaP/v9J4ZKiSlPXdXZsJzUTMg/5tycfvNBjyxj1FxErKHaHTZd0IVSdvq7Z
mX3Vl21YSHiDyQJ70mB9cdOjop71PDkX3jqWy95nrWTOuSVMuw1W9zr53as=
-----END CERTIFICATE-----