Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25935517-4f27-4eff-8eff-7b2563d3cc2f.roa
File:                     25935517-4f27-4eff-8eff-7b2563d3cc2f.roa (raw, json)
Hash identifier:          4AabG04akVGAeg+J1hS4KBDlLAze51aXaul7FhZjRZM=
Subject key identifier:   E2:7F:29:BB:E1:18:84:4C:0F:5B:D3:C6:7C:95:69:97:E5:68:DC:B2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0DEC289E6A6CA61CD97739A295CF1CF3F489FF2C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25935517-4f27-4eff-8eff-7b2563d3cc2f.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.219.164.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:ec:28:9e:6a:6c:a6:1c:d9:77:39:a2:95:cf:1c:f3:f4:89:ff:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:48:97:f2:e9:83:70:35:3e:7a:0d:fc:53:7a:
                    1e:bf:18:2d:4b:10:22:ae:5f:17:fd:8d:4f:07:6d:
                    83:42:fa:04:aa:e7:6d:2f:fc:92:01:94:14:3b:13:
                    c9:7a:4b:c0:24:69:26:8f:d4:bb:fd:91:6a:ef:3e:
                    c4:3c:f6:c8:83:ac:61:7b:b5:1f:e5:61:89:7b:a6:
                    cb:ea:55:17:17:a1:60:13:64:c9:91:f1:a1:aa:e3:
                    2d:22:56:fc:b8:41:e7:81:10:ea:50:ac:6e:89:6f:
                    63:88:6f:47:7e:96:ca:29:81:23:d9:cb:06:2e:5c:
                    71:6b:56:d1:67:1d:fa:0b:64:13:a2:87:55:ae:d4:
                    15:6a:3a:5d:dd:08:bc:21:98:eb:57:49:50:2e:d8:
                    46:e3:e3:49:12:4e:a1:d9:5d:a5:ea:c9:f7:49:7c:
                    c0:59:4d:fa:86:01:2f:01:52:b4:16:86:8a:17:dd:
                    28:30:ec:67:b1:e5:00:2d:1a:89:ba:2e:67:1e:f6:
                    e4:a3:71:66:c2:a0:70:9c:37:ea:81:14:22:f4:6f:
                    8d:29:b3:3a:cb:45:e1:56:ef:b2:9d:81:1e:24:e9:
                    27:ac:84:62:f5:5f:53:55:16:cb:a5:b8:95:68:05:
                    7e:12:ba:0e:7d:4e:49:da:6d:b4:84:9a:76:a3:71:
                    68:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:7F:29:BB:E1:18:84:4C:0F:5B:D3:C6:7C:95:69:97:E5:68:DC:B2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25935517-4f27-4eff-8eff-7b2563d3cc2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.219.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:a2:2d:be:12:53:2e:44:3a:0f:27:f0:18:a0:90:83:4b:f1:
         d5:df:f2:63:36:a7:23:41:4c:d9:2d:9e:9c:bc:2e:94:78:85:
         21:12:1a:af:8b:d0:f0:1b:5e:d4:6a:f0:82:86:69:78:3e:a7:
         df:ba:73:11:1f:93:95:35:89:11:1c:7b:19:1d:c8:02:02:55:
         ca:9b:60:5c:72:96:87:15:7c:3c:c7:8e:0f:b2:bf:72:2f:05:
         85:32:39:6b:ef:3f:09:cf:99:69:54:6c:de:3a:3d:a3:1f:69:
         09:15:d4:3c:a0:0d:bf:2c:35:84:97:a8:49:2f:e9:6b:00:5c:
         f1:d2:c6:0c:73:fb:69:05:75:5b:83:51:58:a6:8a:0a:6c:c5:
         bb:ce:10:9d:2a:fe:84:60:09:0f:4c:3f:d4:ba:e7:d5:cf:bd:
         ae:a7:28:ea:14:6f:34:81:e3:5a:43:0b:4c:fd:4d:75:3a:8c:
         9b:fe:dd:87:a1:d3:f0:41:80:38:61:d8:0c:6e:d9:ce:97:51:
         9f:b8:e9:86:7f:41:98:fd:fe:3d:9a:3f:09:4e:9e:46:85:89:
         08:28:db:f8:2d:da:4a:94:93:b6:9c:db:05:69:54:d3:6d:49:
         e2:4f:72:23:0b:56:96:16:ea:59:f4:e6:18:f5:ef:31:17:ee:
         ff:12:c1:fd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDewonmpsphzZdzmilc8c8/SJ/ywwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjRlYzAwYWJmYmY5MjgzYmI1ZDZiOWEyMjA2OTk0NWJj
OTRlODYxNTYxNzdhZGVkZmUzODA1NzA5NDI1Y2VmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSSJfy6YNwNT56DfxTeh6/GC1LECKuXxf9jU8HbYNC+gSq
520v/JIBlBQ7E8l6S8AkaSaP1Lv9kWrvPsQ89siDrGF7tR/lYYl7psvqVRcXoWAT
ZMmR8aGq4y0iVvy4QeeBEOpQrG6Jb2OIb0d+lsopgSPZywYuXHFrVtFnHfoLZBOi
h1Wu1BVqOl3dCLwhmOtXSVAu2Ebj40kSTqHZXaXqyfdJfMBZTfqGAS8BUrQWhooX
3Sgw7Gex5QAtGom6Lmce9uSjcWbCoHCcN+qBFCL0b40pszrLReFW77KdgR4k6Ses
hGL1X1NVFsuluJVoBX4Sug59TknabbSEmnajcWgtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4n8pu+EYhEwPW9PGfJVpl+Vo3LIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI1OTM1NTE3LTRmMjctNGVmZi04ZWZmLTdiMjU2M2QzY2MyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI026QwDQYJKoZIhvcNAQELBQADggEBAAWiLb4SUy5EOg8n8BigkINL8dXf
8mM2pyNBTNktnpy8LpR4hSESGq+L0PAbXtRq8IKGaXg+p9+6cxEfk5U1iREcexkd
yAICVcqbYFxylocVfDzHjg+yv3IvBYUyOWvvPwnPmWlUbN46PaMfaQkV1DygDb8s
NYSXqEkv6WsAXPHSxgxz+2kFdVuDUVimigpsxbvOEJ0q/oRgCQ9MP9S659XPva6n
KOoUbzSB41pDC0z9TXU6jJv+3Yeh0/BBgDhh2Axu2c6XUZ+46YZ/QZj9/j2aPwlO
nkaFiQgo2/gt2kqUk7ac2wVpVNNtSeJPciMLVpYW6ln05hj17zEX7v8Swf0=
-----END CERTIFICATE-----