Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a65d7099-0914-499d-9137-bf42fd9891b6.roa
File:                     a65d7099-0914-499d-9137-bf42fd9891b6.roa (raw, json)
Hash identifier:          EzQUADBmQa9Znvi6Haa+OVr4edtRW8L/wFWQ/vNvw7c=
Subject key identifier:   26:26:72:6A:14:8E:2F:7C:99:80:10:21:2E:17:BF:E0:10:FC:D6:CB
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0DCD3633F0BD91CD8C65E9A2825DC2990DC88337
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a65d7099-0914-499d-9137-bf42fd9891b6.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.52.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:cd:36:33:f0:bd:91:cd:8c:65:e9:a2:82:5d:c2:99:0d:c8:83:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=5eadcf4a3251f08525142ee3d2bde892cae539db50a7beac1528b95e2fc7e2d8, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:9f:ed:16:07:6f:e1:e2:e6:42:3c:bb:2d:e2:
                    49:75:64:62:7f:4b:45:5c:8e:a6:81:2d:8c:93:68:
                    85:20:d0:68:f0:86:04:57:75:1d:6a:8c:45:d2:6f:
                    37:1f:b6:78:a4:3b:20:2b:d4:b3:e6:d2:fc:47:a1:
                    8d:3f:18:03:be:b8:09:d5:63:8e:6f:33:29:31:a1:
                    28:a7:8b:4e:ee:ae:ee:66:b6:c8:64:b4:80:4b:df:
                    e3:0b:07:f9:56:d5:30:d3:da:70:a7:66:69:7d:74:
                    2e:84:b3:58:6d:49:9d:81:fa:63:97:81:43:78:68:
                    28:ac:86:da:12:83:b1:6b:70:7b:03:1e:54:24:29:
                    1f:cc:8b:79:53:0b:29:7b:f0:f6:0b:68:83:44:92:
                    d9:d9:65:85:6a:b4:8e:38:5c:ca:d4:16:18:66:cf:
                    98:8e:74:fe:5a:92:6c:f0:4f:2e:10:68:13:ca:00:
                    15:90:e3:9f:64:87:8e:32:2d:49:13:75:ac:7b:94:
                    44:89:5c:9d:01:e4:5b:fa:40:ad:0a:cb:f8:8c:cb:
                    7c:f9:36:9f:ef:ce:f0:6d:5d:37:da:a5:57:e5:40:
                    1a:50:cb:96:fa:49:ff:1d:0b:ec:e1:9c:db:22:8c:
                    45:53:33:db:24:03:37:dc:9c:27:b9:f2:4e:c5:70:
                    be:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:26:72:6A:14:8E:2F:7C:99:80:10:21:2E:17:BF:E0:10:FC:D6:CB
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a65d7099-0914-499d-9137-bf42fd9891b6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.52.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         5b:a3:c5:05:89:9d:08:b1:4c:18:6a:d2:94:e1:28:b1:fe:23:
         9f:9d:76:da:8b:0d:da:b6:e6:a3:38:84:14:06:54:83:58:5f:
         51:8a:53:4e:2c:dc:13:d8:96:6d:0c:e2:f8:70:1a:de:e0:43:
         ae:34:bd:cf:c0:91:5c:c5:ef:ba:b4:28:43:5c:30:6d:f9:68:
         76:7f:b0:76:ed:8c:80:4f:11:10:3f:f7:fc:fb:a7:92:5e:ae:
         52:21:02:9c:83:78:24:b7:6b:12:1d:73:68:49:dc:1d:6d:85:
         38:d8:04:49:c2:58:cd:52:3c:eb:ab:8d:f0:c8:02:db:e9:23:
         69:05:93:d2:20:b7:35:47:96:46:40:c2:4a:5c:34:d3:4a:14:
         22:4f:ae:d8:4d:6b:57:24:d2:a8:16:8f:6d:0b:6a:59:90:fb:
         a6:f0:71:58:f6:39:2c:ce:13:e6:38:fb:5a:72:ba:b5:b8:19:
         ee:7f:1f:96:ad:0d:75:26:3c:83:17:fa:9a:19:5a:08:63:34:
         7d:20:94:a9:77:9d:f1:59:55:f5:2a:08:c5:7c:d5:54:37:2d:
         52:1a:66:89:fc:3a:6d:59:42:89:23:ca:2c:8d:83:05:91:20:
         e8:22:55:65:ba:de:1b:21:92:5e:be:08:bc:0a:89:b9:ac:48:
         38:23:1f:68
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDc02M/C9kc2MZemigl3CmQ3IgzcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZWFkY2Y0YTMyNTFmMDg1MjUxNDJlZTNkMmJkZTg5MmNh
ZTUzOWRiNTBhN2JlYWMxNTI4Yjk1ZTJmYzdlMmQ4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFn+0WB2/h4uZCPLst4kl1ZGJ/S0VcjqaBLYyTaIUg0Gjw
hgRXdR1qjEXSbzcftnikOyAr1LPm0vxHoY0/GAO+uAnVY45vMykxoSini07uru5m
tshktIBL3+MLB/lW1TDT2nCnZml9dC6Es1htSZ2B+mOXgUN4aCishtoSg7FrcHsD
HlQkKR/Mi3lTCyl78PYLaINEktnZZYVqtI44XMrUFhhmz5iOdP5akmzwTy4QaBPK
ABWQ459kh44yLUkTdax7lESJXJ0B5Fv6QK0Ky/iMy3z5Np/vzvBtXTfapVflQBpQ
y5b6Sf8dC+zhnNsijEVTM9skAzfcnCe58k7FcL7HAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJiZyahSOL3yZgBAhLhe/4BD81sswHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E2NWQ3MDk5LTA5MTQtNDk5ZC05MTM3LWJmNDJmZDk4OTFiNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwEjNDANBgkqhkiG9w0BAQsFAAOCAQEAW6PFBYmdCLFMGGrSlOEosf4jn512
2osN2rbmoziEFAZUg1hfUYpTTizcE9iWbQzi+HAa3uBDrjS9z8CRXMXvurQoQ1ww
bflodn+wdu2MgE8RED/3/Punkl6uUiECnIN4JLdrEh1zaEncHW2FONgEScJYzVI8
66uN8MgC2+kjaQWT0iC3NUeWRkDCSlw000oUIk+u2E1rVyTSqBaPbQtqWZD7pvBx
WPY5LM4T5jj7WnK6tbgZ7n8flq0NdSY8gxf6mhlaCGM0fSCUqXed8VlV9SoIxXzV
VDctUhpmifw6bVlCiSPKLI2DBZEg6CJVZbreGyGSXr4IvAqJuaxIOCMfaA==
-----END CERTIFICATE-----