Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85c26916-35ba-4428-b44c-6938dc9acf42.roa
File:                     85c26916-35ba-4428-b44c-6938dc9acf42.roa (raw, json)
Hash identifier:          /Lg8OqFYxIQrkcYhVavuqiYRkK/r7Zyw+jqGYd/aaNw=
Subject key identifier:   B0:94:D3:FE:D2:39:CB:BF:8C:21:B1:DE:E6:1B:87:89:AD:39:CF:A5
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       21E05F7E65FBC5ABECD25FA07791B00B4ED4F728
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85c26916-35ba-4428-b44c-6938dc9acf42.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.255.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:e0:5f:7e:65:fb:c5:ab:ec:d2:5f:a0:77:91:b0:0b:4e:d4:f7:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:28:ee:23:8d:1d:f8:5e:07:ff:4f:b7:68:bf:
                    6d:fd:c4:0c:96:07:d3:0c:0e:c8:b7:b4:33:3e:f0:
                    91:af:46:bb:f5:95:92:6b:6c:3e:92:ba:83:86:96:
                    04:e9:1a:4d:4c:4c:e3:7e:07:df:9c:10:54:80:7c:
                    e6:1e:1c:58:30:70:fa:dd:ad:bd:59:fa:58:71:35:
                    e4:de:a9:2c:8a:a3:e4:f0:be:0c:71:15:9c:bc:51:
                    37:eb:eb:cf:ab:de:1a:20:df:eb:b9:12:96:07:88:
                    ed:f2:d1:cd:af:41:18:30:13:3a:cf:bd:64:8a:df:
                    01:d3:c0:cb:bc:64:c9:61:b7:8b:b6:74:80:2f:fc:
                    c1:af:21:f5:15:21:42:5c:8c:2c:ae:83:50:82:e8:
                    4e:bc:d5:7e:01:1f:96:0e:1f:e3:d7:3e:19:89:61:
                    87:33:0a:d1:4d:c1:3c:c4:bb:00:6e:6f:7c:31:e6:
                    3c:98:a3:69:eb:dd:51:16:68:60:df:16:40:46:6c:
                    6c:56:59:c9:c5:58:59:10:16:0b:39:e0:d1:40:14:
                    85:7f:ac:e0:bb:95:2f:a5:21:9c:7d:6e:2c:b2:6e:
                    23:27:6f:cd:35:e4:a4:3f:61:3a:16:bd:43:75:7e:
                    de:de:2f:94:10:ad:01:66:6d:ec:62:a1:59:5d:96:
                    23:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:94:D3:FE:D2:39:CB:BF:8C:21:B1:DE:E6:1B:87:89:AD:39:CF:A5
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/85c26916-35ba-4428-b44c-6938dc9acf42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.255.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a0:df:a7:9d:ef:1b:88:ea:f0:94:f3:9a:9f:fd:b4:42:57:3b:
         58:df:f0:ba:cf:22:df:c8:98:d4:da:66:ae:27:c5:11:45:f7:
         ab:46:92:c7:bb:ca:95:d3:66:72:cc:15:77:87:15:36:ec:88:
         4a:4c:5f:48:cd:5e:15:0a:74:42:2c:53:b0:de:57:41:1d:36:
         74:f4:c4:54:1d:a4:5c:19:5c:a1:de:2f:a0:48:e1:fc:5f:cf:
         c2:05:57:d4:7b:73:1d:62:e3:cc:6b:db:51:e2:d9:d6:27:a3:
         50:4e:54:ff:c2:76:8c:15:9c:2a:3f:b8:80:ed:b6:b0:ee:1c:
         45:76:73:40:51:4f:fc:8f:79:57:05:2c:fb:55:4f:e1:7e:4b:
         e8:57:11:d4:1a:49:14:1e:1b:e4:ee:45:88:59:9c:f2:e6:19:
         d0:84:1d:41:e2:2d:32:87:25:3c:85:32:53:ef:8b:23:88:52:
         b7:2d:74:40:2a:88:26:0a:5c:6d:5f:86:a6:82:e7:98:82:5f:
         2f:cf:65:56:e8:f5:14:e3:e3:96:66:6e:50:ea:d7:f8:0c:a9:
         70:ba:73:06:f1:3f:06:4f:dc:32:0a:db:36:1d:66:00:05:c0:
         40:44:68:00:f6:d7:ef:fa:e8:30:57:61:d1:d7:7d:f9:c3:69:
         85:a7:66:c2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUIeBffmX7xavs0l+gd5GwC07U9ygwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNjc4Zjg0ZTEzNTYyYjUzYTk0ZGE2YTZiYmU1ZjVlYWEy
YTMyNWZlMmFhYmU2MTQ0ZTU3NmVmMTY2MDY5YTVmMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4KO4jjR34Xgf/T7dov239xAyWB9MMDsi3tDM+8JGvRrv1
lZJrbD6SuoOGlgTpGk1MTON+B9+cEFSAfOYeHFgwcPrdrb1Z+lhxNeTeqSyKo+Tw
vgxxFZy8UTfr68+r3hog3+u5EpYHiO3y0c2vQRgwEzrPvWSK3wHTwMu8ZMlht4u2
dIAv/MGvIfUVIUJcjCyug1CC6E681X4BH5YOH+PXPhmJYYczCtFNwTzEuwBub3wx
5jyYo2nr3VEWaGDfFkBGbGxWWcnFWFkQFgs54NFAFIV/rOC7lS+lIZx9biyybiMn
b8015KQ/YToWvUN1ft7eL5QQrQFmbexioVldliNhAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsJTT/tI5y7+MIbHe5huHia05z6UwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzg1YzI2OTE2LTM1YmEtNDQyOC1iNDRjLTY5MzhkYzlhY2Y0Mi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2/zANBgkqhkiG9w0BAQsFAAOCAQEAoN+nne8biOrwlPOan/20Qlc7WN/w
us8i38iY1NpmrifFEUX3q0aSx7vKldNmcswVd4cVNuyISkxfSM1eFQp0QixTsN5X
QR02dPTEVB2kXBlcod4voEjh/F/PwgVX1HtzHWLjzGvbUeLZ1iejUE5U/8J2jBWc
Kj+4gO22sO4cRXZzQFFP/I95VwUs+1VP4X5L6FcR1BpJFB4b5O5FiFmc8uYZ0IQd
QeItMoclPIUyU++LI4hSty10QCqIJgpcbV+GpoLnmIJfL89lVuj1FOPjlmZuUOrX
+AypcLpzBvE/Bk/cMgrbNh1mAAXAQERoAPbX7/roMFdh0dd9+cNphadmwg==
-----END CERTIFICATE-----