Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66fabb25-6530-46a8-b7de-d16ec4b34a71.roa
File:                     66fabb25-6530-46a8-b7de-d16ec4b34a71.roa (raw, json)
Hash identifier:          BgOft/LbJC/DnLLHycQv+LRuy8eb0eE4t9H8G3a0h1Y=
Subject key identifier:   84:CC:A6:23:1D:AE:72:D6:14:01:55:0F:99:8B:0C:56:2E:FD:9C:02
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5ACE0890D020AE984EC790245A52432CB8F3A6DF
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66fabb25-6530-46a8-b7de-d16ec4b34a71.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.219.224.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:ce:08:90:d0:20:ae:98:4e:c7:90:24:5a:52:43:2c:b8:f3:a6:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bc:dc:14:95:1a:d8:5f:0c:85:86:53:24:e0:
                    9c:cf:86:bc:a7:4d:a1:b6:49:95:60:98:cb:f2:2c:
                    ad:7d:64:a1:b8:e8:ed:92:14:8f:ea:d7:92:b5:74:
                    f5:cf:93:37:0f:ae:56:37:87:95:a2:a6:a5:b8:18:
                    01:fc:b6:d5:7e:ff:9d:43:43:e8:af:ac:b8:96:99:
                    a2:31:e2:85:5b:e7:1f:75:42:52:85:9b:1d:aa:3a:
                    8d:9d:f5:40:03:5d:e0:cf:1a:6f:0e:25:48:c1:30:
                    94:90:94:02:56:73:a9:26:e0:c1:53:5d:ed:7d:95:
                    a2:1e:8d:af:06:3e:af:ea:a9:19:6a:78:72:ce:46:
                    d4:f6:6d:44:8c:d4:84:ea:6b:63:60:71:2b:9c:9f:
                    2a:e9:4e:0d:35:35:f9:ef:87:d4:21:46:09:6a:91:
                    f6:00:16:a0:f4:5b:a7:80:6a:2e:82:70:bf:a3:c1:
                    eb:12:6b:ca:25:6d:a0:2e:24:5e:e9:ce:17:c9:33:
                    fc:e0:c4:fe:55:14:7d:1a:04:a5:ce:da:17:89:47:
                    02:61:c3:42:ed:7b:e0:b7:ce:d0:93:80:85:e9:09:
                    26:0e:65:17:1f:36:20:c9:a2:ad:51:27:43:03:40:
                    7c:92:ba:03:e8:47:b7:09:0c:dd:bd:13:f6:16:f6:
                    94:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:CC:A6:23:1D:AE:72:D6:14:01:55:0F:99:8B:0C:56:2E:FD:9C:02
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/66fabb25-6530-46a8-b7de-d16ec4b34a71.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.219.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:0b:b1:8d:97:28:1f:21:f0:55:60:e8:d4:1e:8c:e0:30:01:
         a3:79:74:7b:d4:56:ea:97:d2:53:d9:38:67:a9:43:d6:01:06:
         3c:d8:77:7d:6a:2c:b1:53:93:e4:44:1e:96:cf:fa:a2:4b:8f:
         5a:fc:a0:56:bc:19:e4:cd:ec:1f:0b:89:bb:50:ae:30:d9:7e:
         89:0d:cd:a0:0b:81:67:55:a8:ae:b8:61:33:36:8e:36:75:1f:
         76:5c:38:3a:6f:1d:a3:cd:f3:15:94:27:22:a4:b4:26:20:e7:
         4c:19:c8:c4:1b:cf:68:0b:4f:8b:a4:4b:18:1b:61:e3:18:ec:
         cf:76:bb:7a:dc:20:c9:ac:61:ee:d1:d4:36:aa:c0:4c:29:a7:
         fd:f5:da:e2:99:16:51:a4:7e:37:09:e8:fe:19:d4:c4:e9:1a:
         2f:00:da:6f:a0:72:f0:90:3f:f5:4e:99:12:ac:18:bb:2d:bd:
         7d:85:05:e9:8c:a3:9e:45:e4:45:2a:9b:f2:51:e2:e1:66:a9:
         5f:17:d2:71:9b:ae:76:17:34:2c:9d:ab:1b:32:51:42:02:83:
         37:e8:1a:9c:8c:c4:20:4f:c4:f5:14:86:fa:16:68:6a:05:23:
         1c:48:5e:35:ce:61:3d:35:9e:57:ad:79:b5:c8:92:94:67:29:
         cb:b7:c6:dc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWs4IkNAgrphOx5AkWlJDLLjzpt8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NDJlOGVhYTEzMDEwYmU0MDRhODA3ZTM1ZTljZDY1MTYw
NGU3OWE1ZTRmN2I3MDhlNzNlNzMwY2Y5ZjIyYTkwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDDvNwUlRrYXwyFhlMk4JzPhrynTaG2SZVgmMvyLK19ZKG4
6O2SFI/q15K1dPXPkzcPrlY3h5WipqW4GAH8ttV+/51DQ+ivrLiWmaIx4oVb5x91
QlKFmx2qOo2d9UADXeDPGm8OJUjBMJSQlAJWc6km4MFTXe19laIeja8GPq/qqRlq
eHLORtT2bUSM1ITqa2NgcSucnyrpTg01Nfnvh9QhRglqkfYAFqD0W6eAai6CcL+j
wesSa8olbaAuJF7pzhfJM/zgxP5VFH0aBKXO2heJRwJhw0Lte+C3ztCTgIXpCSYO
ZRcfNiDJoq1RJ0MDQHySugPoR7cJDN29E/YW9pRzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhMymIx2uctYUAVUPmYsMVi79nAIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY2ZmFiYjI1LTY1MzAtNDZhOC1iN2RlLWQxNmVjNGIzNGE3MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI02+AwDQYJKoZIhvcNAQELBQADggEBAAELsY2XKB8h8FVg6NQejOAwAaN5
dHvUVuqX0lPZOGepQ9YBBjzYd31qLLFTk+REHpbP+qJLj1r8oFa8GeTN7B8LibtQ
rjDZfokNzaALgWdVqK64YTM2jjZ1H3ZcODpvHaPN8xWUJyKktCYg50wZyMQbz2gL
T4ukSxgbYeMY7M92u3rcIMmsYe7R1DaqwEwpp/312uKZFlGkfjcJ6P4Z1MTpGi8A
2m+gcvCQP/VOmRKsGLstvX2FBemMo55F5EUqm/JR4uFmqV8X0nGbrnYXNCydqxsy
UUICgzfoGpyMxCBPxPUUhvoWaGoFIxxIXjXOYT01nletebXIkpRnKcu3xtw=
-----END CERTIFICATE-----