Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/482d636e-86b4-4d7d-872d-7b6996c17e6b.roa
File:                     482d636e-86b4-4d7d-872d-7b6996c17e6b.roa (raw, json)
Hash identifier:          yjd9nh77E0V7OomcX10KN+e2KDNFOy9Q7m1T43099Vk=
Subject key identifier:   FA:90:ED:AC:AF:DD:61:28:96:82:E6:0B:2F:D8:DA:AB:7B:C3:51:53
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       53CD903EF962AD7701E55C1AAF5D36B698BBAFE7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/482d636e-86b4-4d7d-872d-7b6996c17e6b.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        40.35.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:cd:90:3e:f9:62:ad:77:01:e5:5c:1a:af:5d:36:b6:98:bb:af:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=7944e60566b9fe5766cf88bab6c9f232d507714cc2489a502698800d12136013, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:95:ed:0d:99:6e:ca:39:98:a6:9a:26:93:33:
                    34:23:4c:25:c4:34:9e:81:f0:51:93:ae:df:b9:83:
                    fd:a2:4b:10:13:91:26:3e:58:1a:96:e2:f2:ce:55:
                    16:7c:3a:56:54:f4:77:1f:ff:41:62:12:d1:33:b1:
                    ea:ac:16:01:43:e7:ef:76:bf:58:a9:70:c0:38:02:
                    5e:f5:c8:d2:6b:16:ca:b4:50:d5:d2:01:92:34:6f:
                    6a:ab:b8:79:b6:af:9f:f7:8b:eb:b5:3b:ee:0a:08:
                    b4:25:f8:04:43:51:30:f1:c1:1e:b5:8f:21:89:9e:
                    48:c5:88:e8:05:04:ca:4d:d8:05:47:1a:5b:b5:77:
                    e6:6c:5c:a7:21:2d:87:ce:b5:3e:82:a1:a0:43:b8:
                    f4:58:38:b9:00:c9:e1:ae:c7:56:52:49:09:b0:5f:
                    a8:00:4a:76:45:40:ed:7a:40:d9:99:27:45:53:9c:
                    2d:57:ab:a5:3c:55:5c:2d:c0:c5:04:70:8d:e0:b0:
                    be:dd:f0:89:6d:d2:eb:7d:b3:5a:ce:aa:9d:03:4b:
                    93:2f:d2:3a:42:8e:89:d1:81:dd:f9:99:68:6b:4d:
                    6a:92:8f:48:a8:d1:88:d8:74:15:5e:09:9b:4f:7d:
                    ac:c8:28:c9:39:f7:bf:45:b9:0d:97:d7:6d:49:e6:
                    bf:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:90:ED:AC:AF:DD:61:28:96:82:E6:0B:2F:D8:DA:AB:7B:C3:51:53
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/482d636e-86b4-4d7d-872d-7b6996c17e6b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  40.35.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         85:5d:75:f0:f3:dc:82:61:25:40:70:6f:9d:17:f7:2d:c5:36:
         e6:fc:03:f4:9a:a7:69:a7:f8:45:43:3b:38:a2:3a:45:32:6c:
         ce:1a:74:32:4a:0b:88:df:8b:ac:1c:32:8a:a3:31:25:23:a2:
         a4:e6:2b:e9:76:1f:32:9f:1c:72:cb:75:43:63:5a:ff:a3:29:
         ea:41:2d:14:a2:e1:d1:98:28:f7:71:45:29:d1:b7:10:32:40:
         de:51:67:a6:9f:5f:ea:fa:27:b8:60:af:fa:72:18:f2:4a:f2:
         1a:35:18:19:71:91:e1:da:2f:89:31:6f:e4:ba:21:cf:32:c4:
         58:21:64:b2:8f:8c:23:be:34:e6:91:00:7a:6c:0c:42:1e:62:
         9c:cc:56:5f:0c:86:ca:0b:5a:5d:87:ed:8c:7f:a7:cd:8e:dc:
         0f:b5:10:06:14:c4:c3:83:39:19:29:2d:e2:d7:bf:8c:e7:fc:
         d2:b3:2e:3d:bc:9a:90:07:78:e0:f6:14:f2:35:0b:93:1f:b0:
         8d:1a:d8:18:0f:11:9a:fd:36:40:c3:3d:fb:57:27:04:1e:d5:
         43:a6:fe:2b:38:5f:e6:0c:cf:7a:8f:c1:4d:f0:30:6c:8e:69:
         46:51:4d:44:de:af:6a:a4:05:5e:bb:19:34:fa:bc:2a:d8:cc:
         9f:75:6d:72
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUU82QPvlirXcB5Vwar102tpi7r+cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3OTQ0ZTYwNTY2YjlmZTU3NjZjZjg4YmFiNmM5ZjIzMmQ1
MDc3MTRjYzI0ODlhNTAyNjk4ODAwZDEyMTM2MDEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVle0NmW7KOZimmiaTMzQjTCXENJ6B8FGTrt+5g/2iSxAT
kSY+WBqW4vLOVRZ8OlZU9Hcf/0FiEtEzseqsFgFD5+92v1ipcMA4Al71yNJrFsq0
UNXSAZI0b2qruHm2r5/3i+u1O+4KCLQl+ARDUTDxwR61jyGJnkjFiOgFBMpN2AVH
Glu1d+ZsXKchLYfOtT6CoaBDuPRYOLkAyeGux1ZSSQmwX6gASnZFQO16QNmZJ0VT
nC1Xq6U8VVwtwMUEcI3gsL7d8Ilt0ut9s1rOqp0DS5Mv0jpCjonRgd35mWhrTWqS
j0io0YjYdBVeCZtPfazIKMk5979FuQ2X121J5r+FAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+pDtrK/dYSiWguYLL9jaq3vDUVMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQ4MmQ2MzZlLTg2YjQtNGQ3ZC04NzJkLTdiNjk5NmMxN2U2Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAoIzANBgkqhkiG9w0BAQsFAAOCAQEAhV118PPcgmElQHBvnRf3LcU25vwD
9Jqnaaf4RUM7OKI6RTJszhp0MkoLiN+LrBwyiqMxJSOipOYr6XYfMp8ccst1Q2Na
/6Mp6kEtFKLh0Zgo93FFKdG3EDJA3lFnpp9f6vonuGCv+nIY8kryGjUYGXGR4dov
iTFv5LohzzLEWCFkso+MI7405pEAemwMQh5inMxWXwyGygtaXYftjH+nzY7cD7UQ
BhTEw4M5GSkt4te/jOf80rMuPbyakAd44PYU8jULkx+wjRrYGA8Rmv02QMM9+1cn
BB7VQ6b+Kzhf5gzPeo/BTfAwbI5pRlFNRN6vaqQFXrsZNPq8KtjMn3Vtcg==
-----END CERTIFICATE-----