Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27257c18-14da-4c82-aed1-9f13431d1f7c.roa
File:                     27257c18-14da-4c82-aed1-9f13431d1f7c.roa (raw, json)
Hash identifier:          iqbGy01CuZ5nM7WyBJAOBU7whSOm4OOor429lp0YZA8=
Subject key identifier:   88:5A:A4:8A:26:8A:26:BD:1E:08:79:8F:FF:91:CF:47:B9:44:97:E5
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6E52BCE0B9F3EA45EF7616462A05BE1C01C7845C
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27257c18-14da-4c82-aed1-9f13431d1f7c.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        35.47.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:52:bc:e0:b9:f3:ea:45:ef:76:16:46:2a:05:be:1c:01:c7:84:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: serialNumber=7ae0191a3f06e412f732384d3cd6df116666e75c4cc29e86fb263fdce72dc866, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:52:cf:84:43:60:c3:db:91:22:3b:d3:2a:15:
                    19:ce:3e:c7:b2:61:a3:c1:9f:ba:e4:43:dd:72:2c:
                    97:90:f5:5c:23:75:4f:cf:b1:74:63:68:0a:f9:17:
                    18:c3:ea:0a:23:df:46:b7:65:32:54:50:69:04:4d:
                    38:97:72:d9:55:28:56:38:06:77:ea:99:d2:55:31:
                    37:11:a3:ae:55:6e:e6:16:d2:ba:7a:00:c4:81:10:
                    cc:82:fa:22:54:d7:1f:fb:0e:c8:19:e5:90:50:1f:
                    07:f8:d3:ab:58:0c:a9:23:2a:27:22:72:a3:04:c4:
                    f0:f1:aa:82:a9:ad:1c:c1:f7:85:91:8b:90:ad:2b:
                    2f:61:a2:44:d5:46:33:f4:34:63:ef:21:68:6b:93:
                    1a:c2:a4:74:08:f6:5a:c4:e9:00:04:fb:3b:30:08:
                    80:fa:d8:f3:c1:e3:cb:00:8d:61:b9:62:cf:58:7b:
                    0d:28:9f:21:3c:01:6c:ae:21:67:67:19:a6:0e:8e:
                    59:d1:55:05:d5:32:c1:5d:42:ac:fb:9c:50:14:18:
                    7e:3a:35:89:12:01:26:8b:b5:51:f2:dd:fd:20:14:
                    9c:35:84:d2:53:75:20:9c:de:82:6f:38:a8:1e:2c:
                    6c:7c:67:6b:b6:7a:9d:77:f6:6c:67:fe:ac:e0:b0:
                    cb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:5A:A4:8A:26:8A:26:BD:1E:08:79:8F:FF:91:CF:47:B9:44:97:E5
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/27257c18-14da-4c82-aed1-9f13431d1f7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.47.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         22:74:fd:f1:99:9b:8e:6f:7b:0d:fc:64:76:23:51:32:a9:51:
         df:30:49:48:0d:48:f1:5c:9c:b8:93:fd:31:68:c1:21:5e:2b:
         71:de:38:e4:30:06:51:93:e5:87:1c:72:0c:5a:ee:e9:d4:93:
         6b:2e:45:87:05:17:b8:7d:8c:19:2d:3b:fa:d8:70:39:17:bc:
         d8:82:f3:ca:04:5b:f6:cd:8a:ff:b8:52:59:52:1f:a0:c5:4c:
         ef:12:26:54:fa:d0:3e:0d:f2:95:d0:2b:62:49:a4:02:6f:57:
         5e:bd:bf:88:0f:2d:23:74:8c:4a:dd:fc:05:16:8c:ea:27:f9:
         b6:4d:40:d5:4d:82:30:01:dd:85:8c:1b:6b:1c:99:85:19:4a:
         03:b0:74:45:d2:c0:1f:25:34:1d:b3:82:7e:09:4a:05:64:04:
         6b:a2:5d:45:db:07:a6:36:f3:2e:fb:9b:5e:eb:dd:fa:77:ad:
         05:f8:93:94:e0:4d:1a:a2:07:0c:89:21:bb:d8:c8:6b:81:71:
         0c:1f:87:70:2c:34:bc:98:0d:d0:2a:4c:d2:0c:eb:8c:8b:02:
         53:2c:35:ff:ee:4a:37:91:05:dd:f6:21:0a:13:2d:5a:78:42:
         ce:03:ca:89:3a:87:93:5b:72:8d:7a:00:74:2a:72:ab:8e:a4:
         1d:a9:76:0c
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUblK84Lnz6kXvdhZGKgW+HAHHhFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YWUwMTkxYTNmMDZlNDEyZjczMjM4NGQzY2Q2ZGYxMTY2
NjZlNzVjNGNjMjllODZmYjI2M2ZkY2U3MmRjODY2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDEUs+EQ2DD25EiO9MqFRnOPseyYaPBn7rkQ91yLJeQ9Vwj
dU/PsXRjaAr5FxjD6goj30a3ZTJUUGkETTiXctlVKFY4BnfqmdJVMTcRo65VbuYW
0rp6AMSBEMyC+iJU1x/7DsgZ5ZBQHwf406tYDKkjKicicqMExPDxqoKprRzB94WR
i5CtKy9hokTVRjP0NGPvIWhrkxrCpHQI9lrE6QAE+zswCID62PPB48sAjWG5Ys9Y
ew0onyE8AWyuIWdnGaYOjlnRVQXVMsFdQqz7nFAUGH46NYkSASaLtVHy3f0gFJw1
hNJTdSCc3oJvOKgeLGx8Z2u2ep139mxn/qzgsMszAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUiFqkiiaKJr0eCHmP/5HPR7lEl+UwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI3MjU3YzE4LTE0ZGEtNGM4Mi1hZWQxLTlmMTM0MzFkMWY3Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjLzANBgkqhkiG9w0BAQsFAAOCAQEAInT98Zmbjm97DfxkdiNRMqlR3zBJ
SA1I8VycuJP9MWjBIV4rcd445DAGUZPlhxxyDFru6dSTay5FhwUXuH2MGS07+thw
ORe82ILzygRb9s2K/7hSWVIfoMVM7xImVPrQPg3yldArYkmkAm9XXr2/iA8tI3SM
St38BRaM6if5tk1A1U2CMAHdhYwbaxyZhRlKA7B0RdLAHyU0HbOCfglKBWQEa6Jd
RdsHpjbzLvubXuvd+netBfiTlOBNGqIHDIkhu9jIa4FxDB+HcCw0vJgN0CpM0gzr
jIsCUyw1/+5KN5EF3fYhChMtWnhCzgPKiTqHk1tyjXoAdCpyq46kHal2DA==
-----END CERTIFICATE-----