Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ad79271-4826-4dbc-9129-f394f11c8499.roa
File:                     0ad79271-4826-4dbc-9129-f394f11c8499.roa (raw, json)
Hash identifier:          LCxN6SfbbvRh1WCjwPDcs3DQiBRVIFFfgpo+p6drWRk=
Subject key identifier:   DC:C8:CB:1F:23:F2:71:3C:61:16:29:6D:30:0E:0F:0F:03:53:B0:04
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       127C518992538C4BCE140AC9B7A6AEDC8C901AE3
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ad79271-4826-4dbc-9129-f394f11c8499.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.88.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:7c:51:89:92:53:8c:4b:ce:14:0a:c9:b7:a6:ae:dc:8c:90:1a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c1:7a:f6:a2:09:12:69:4b:02:c0:c3:e8:b0:
                    9a:72:62:ef:e4:0a:36:b0:cc:a3:03:6c:a4:6d:1a:
                    01:91:b4:8e:48:ad:bc:ea:19:71:32:aa:78:0a:01:
                    b2:b2:89:eb:3a:1a:65:3e:69:dd:a6:81:4c:63:aa:
                    83:f9:86:48:f6:53:9e:20:8a:fa:da:06:2f:a8:c7:
                    b7:0d:ae:f9:a2:0b:7e:94:03:1e:79:58:a4:82:a3:
                    93:07:55:70:96:e0:2c:67:45:e6:6b:1f:86:d2:b9:
                    46:c0:bd:38:43:7d:dc:81:79:b0:31:4b:af:ed:f5:
                    9d:e3:ff:59:3f:1a:a8:3d:b2:5c:09:5f:5d:1d:d0:
                    c1:98:d8:f4:33:ab:d3:30:1c:7d:6d:fd:2a:1a:08:
                    3e:5f:c4:44:69:71:93:af:7b:c2:94:b6:0c:74:2e:
                    d3:21:06:07:af:5e:d4:bd:d3:2c:61:40:d5:12:08:
                    aa:20:3a:c3:99:68:89:33:64:18:b9:aa:36:1f:2f:
                    c2:7c:92:96:8a:81:59:c8:46:8f:89:68:8a:16:a1:
                    04:f5:51:45:b6:69:60:81:91:80:37:60:92:cd:f4:
                    04:d7:e3:64:2c:a8:56:a5:a9:b1:7e:78:ae:fc:22:
                    5d:0c:95:0d:16:91:76:18:3f:04:b2:62:37:92:9a:
                    0f:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C8:CB:1F:23:F2:71:3C:61:16:29:6D:30:0E:0F:0F:03:53:B0:04
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ad79271-4826-4dbc-9129-f394f11c8499.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.88.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0e:d5:d9:ce:77:f7:84:ff:fe:65:9c:c1:ca:75:50:e0:f0:ca:
         ea:df:3d:ab:90:e1:10:59:99:7b:a9:a3:e8:9c:48:a1:4f:ea:
         d7:55:c3:0f:7a:aa:57:4e:09:76:a5:1c:08:35:6a:79:36:be:
         46:53:5f:89:0e:bb:ea:0f:82:d9:5d:27:e8:c3:c7:47:52:92:
         89:f0:10:d3:de:37:38:93:d0:9c:b4:65:92:f2:81:e3:b4:f5:
         37:11:dc:20:e6:52:ff:23:06:af:65:57:c2:d7:5d:4d:ad:74:
         91:6c:25:64:0c:9a:41:77:1b:47:d0:db:28:84:57:52:de:72:
         5a:73:79:ba:61:54:d9:3d:5b:81:a8:83:22:bf:53:d8:ba:d4:
         9d:50:18:5d:ea:9c:d7:34:f3:93:da:36:ed:56:dc:06:35:6d:
         1c:74:d4:e1:98:13:23:39:fa:17:54:c2:53:f2:2d:97:72:22:
         c5:d9:2d:19:a7:bc:29:69:da:30:12:dc:d2:c0:c5:99:e3:c9:
         c0:5c:5b:dc:df:33:ba:c1:9c:0e:6a:14:c5:55:d9:ac:4a:78:
         c3:f7:a9:c5:a1:02:a1:33:ee:30:87:e2:8a:2d:f6:19:0b:20:
         d3:7e:fc:7d:08:ab:3c:1c:25:6a:9c:56:41:69:e7:f4:60:78:
         e4:6e:0c:2f
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUEnxRiZJTjEvOFArJt6au3IyQGuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMmM1YjI1ZjM5MGJjMzdkMGExYThmNDQ4NDVjOTdhNmRj
NGM0Yzk0ZmZiNGI5OGJiYTQ2YjM4MDlkOTMyMmU0MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtwXr2ogkSaUsCwMPosJpyYu/kCjawzKMDbKRtGgGRtI5I
rbzqGXEyqngKAbKyies6GmU+ad2mgUxjqoP5hkj2U54givraBi+ox7cNrvmiC36U
Ax55WKSCo5MHVXCW4CxnReZrH4bSuUbAvThDfdyBebAxS6/t9Z3j/1k/Gqg9slwJ
X10d0MGY2PQzq9MwHH1t/SoaCD5fxERpcZOve8KUtgx0LtMhBgevXtS90yxhQNUS
CKogOsOZaIkzZBi5qjYfL8J8kpaKgVnIRo+JaIoWoQT1UUW2aWCBkYA3YJLN9ATX
42QsqFalqbF+eK78Il0MlQ0WkXYYPwSyYjeSmg85AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU3MjLHyPycTxhFiltMA4PDwNTsAQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBhZDc5MjcxLTQ4MjYtNGRiYy05MTI5LWYzOTRmMTFjODQ5OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE0WDANBgkqhkiG9w0BAQsFAAOCAQEADtXZznf3hP/+ZZzBynVQ4PDK6t89
q5DhEFmZe6mj6JxIoU/q11XDD3qqV04JdqUcCDVqeTa+RlNfiQ676g+C2V0n6MPH
R1KSifAQ0943OJPQnLRlkvKB47T1NxHcIOZS/yMGr2VXwtddTa10kWwlZAyaQXcb
R9DbKIRXUt5yWnN5umFU2T1bgaiDIr9T2LrUnVAYXeqc1zTzk9o27VbcBjVtHHTU
4ZgTIzn6F1TCU/Itl3IixdktGae8KWnaMBLc0sDFmePJwFxb3N8zusGcDmoUxVXZ
rEp4w/epxaECoTPuMIfiii32GQsg0378fQirPBwlapxWQWnn9GB45G4MLw==
-----END CERTIFICATE-----