Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/e9138670-341a-4bc8-ae48-88bf97f61f5e.roa
File:                     e9138670-341a-4bc8-ae48-88bf97f61f5e.roa (raw, json)
Hash identifier:          tEFg7HE4Z+t0y+5C12oRLs2bq0eQhN7rQCilE/Fi2lU=
Subject key identifier:   6E:68:94:5C:62:2A:36:AD:C3:56:21:83:66:2C:51:D5:9A:80:0A:92
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       6078F783335897BDC9BB0715607EB4C89040B8A9
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/e9138670-341a-4bc8-ae48-88bf97f61f5e.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.96.0.0/12 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:78:f7:83:33:58:97:bd:c9:bb:07:15:60:7e:b4:c8:90:40:b8:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a6:a7:c5:6a:c2:74:32:a9:83:1e:b0:54:1b:
                    6f:2c:c1:70:6a:c7:5a:fc:70:8c:00:17:23:08:b6:
                    d8:0d:0b:77:7a:22:2f:9a:63:85:d8:01:42:41:5e:
                    19:ae:3e:10:d7:b4:e5:61:20:80:24:43:8e:5d:c0:
                    07:d1:a1:f2:85:a3:72:74:d7:58:b9:07:e1:3c:7b:
                    17:fe:8b:7f:01:17:e5:a1:85:31:38:20:51:73:e4:
                    4b:a3:27:9b:78:ed:6d:72:17:bb:80:b0:88:52:6a:
                    53:63:83:4a:66:3b:97:55:1a:26:60:33:5d:36:cd:
                    53:c3:99:52:be:f0:3b:94:12:3d:c1:24:0b:7a:a0:
                    7f:3a:65:5b:9c:46:2b:9e:5a:7c:f3:29:aa:1e:33:
                    da:bf:50:1f:c7:65:c9:58:fc:f3:48:eb:53:48:ba:
                    f8:ff:24:e8:97:b9:e1:30:8b:81:3c:4e:c5:03:dc:
                    c5:3c:0d:f2:ed:44:c2:16:6a:af:44:9a:8d:69:c0:
                    d8:b1:04:15:b7:94:67:ca:2c:08:1c:7e:78:58:66:
                    2e:a6:6e:8e:e4:f4:12:e6:67:d5:b5:19:09:5a:9f:
                    03:f4:02:29:9c:c5:6e:8a:db:60:0b:70:df:a5:67:
                    b3:f2:8e:1a:b7:7d:7f:32:77:89:bd:79:b5:ee:b6:
                    f7:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:68:94:5C:62:2A:36:AD:C3:56:21:83:66:2C:51:D5:9A:80:0A:92
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/e9138670-341a-4bc8-ae48-88bf97f61f5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         48:bd:c9:73:00:92:7b:92:f3:4a:cf:93:92:f1:3f:6b:64:cf:
         bd:20:bf:bb:04:6d:12:08:55:e1:2e:ef:29:80:e4:fb:d3:76:
         71:88:15:8a:31:21:11:dd:a4:60:bc:a3:4d:ff:7f:0b:14:72:
         6c:89:04:2a:e4:84:9f:63:fa:df:a7:15:93:45:63:a2:ad:2c:
         48:b3:ec:47:69:bb:f8:10:ce:7a:02:6e:e9:9e:03:4c:3a:c0:
         2a:3a:db:a2:c0:b3:92:8d:93:1e:ef:7c:75:fe:17:f5:ef:78:
         24:4a:db:27:4b:15:12:f8:d9:2e:91:55:55:80:96:12:9e:f9:
         d0:24:51:1e:7c:37:66:cd:9e:a1:4b:93:06:28:fc:ab:6e:a1:
         1e:01:aa:c1:89:97:e7:7a:2c:1a:9d:2a:d5:3b:04:a8:3c:1a:
         0f:44:97:79:72:17:15:aa:1b:1e:c5:ec:09:50:26:82:d3:29:
         88:bd:b8:28:1d:62:82:b2:fe:b1:19:7a:20:77:f7:5c:40:72:
         1e:41:68:47:9b:c9:ed:41:a3:40:87:6a:47:11:80:bd:7a:a8:
         73:42:59:ba:3b:7f:f7:05:c0:1e:0d:3a:42:87:a3:d3:21:ad:
         91:fc:6f:dd:54:c0:5c:45:37:3e:55:de:e5:21:26:0f:c4:34:
         8f:f3:b9:2b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUYHj3gzNYl73JuwcVYH60yJBAuKkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTFmNmU0ZTg2ZjIwZGZmMzA4MGYzYmU2MTk0MDgyY2Ji
YTM1NjcwNTQxZWVjYTFhZWU4NzhhNjYwMGQwMmM2MS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDLpqfFasJ0MqmDHrBUG28swXBqx1r8cIwAFyMIttgNC3d6
Ii+aY4XYAUJBXhmuPhDXtOVhIIAkQ45dwAfRofKFo3J011i5B+E8exf+i38BF+Wh
hTE4IFFz5EujJ5t47W1yF7uAsIhSalNjg0pmO5dVGiZgM102zVPDmVK+8DuUEj3B
JAt6oH86ZVucRiueWnzzKaoeM9q/UB/HZclY/PNI61NIuvj/JOiXueEwi4E8TsUD
3MU8DfLtRMIWaq9Emo1pwNixBBW3lGfKLAgcfnhYZi6mbo7k9BLmZ9W1GQlanwP0
AimcxW6K22ALcN+lZ7Pyjhq3fX8yd4m9ebXutvdZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUbmiUXGIqNq3DViGDZixR1ZqACpIwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2U5MTM4NjcwLTM0MWEtNGJjOC1hZTQ4LTg4YmY5N2Y2MWY1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjYDANBgkqhkiG9w0BAQsFAAOCAQEASL3JcwCSe5LzSs+TkvE/a2TPvSC/
uwRtEghV4S7vKYDk+9N2cYgVijEhEd2kYLyjTf9/CxRybIkEKuSEn2P636cVk0Vj
oq0sSLPsR2m7+BDOegJu6Z4DTDrAKjrbosCzko2THu98df4X9e94JErbJ0sVEvjZ
LpFVVYCWEp750CRRHnw3Zs2eoUuTBij8q26hHgGqwYmX53osGp0q1TsEqDwaD0SX
eXIXFaobHsXsCVAmgtMpiL24KB1igrL+sRl6IHf3XEByHkFoR5vJ7UGjQIdqRxGA
vXqoc0JZujt/9wXAHg06Qoej0yGtkfxv3VTAXEU3PlXe5SEmD8Q0j/O5Kw==
-----END CERTIFICATE-----