Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/905dad79-1e4d-436f-8193-3970daf5d651.roa
File:                     905dad79-1e4d-436f-8193-3970daf5d651.roa (raw, json)
Hash identifier:          La92APk41FuWHJdWhRbqdiDWfDdI6Ja9HmdLHJ2z37c=
Subject key identifier:   45:9D:9D:07:90:14:58:3A:97:85:AE:BD:B4:4A:C2:BF:EF:25:23:DE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3194B490EA27C5D419B2838C8314FD67616474F0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/905dad79-1e4d-436f-8193-3970daf5d651.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        54.224.0.0/12 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:94:b4:90:ea:27:c5:d4:19:b2:83:8c:83:14:fd:67:61:64:74:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bd:84:52:cf:3b:a1:23:d9:bf:b3:ed:cc:78:
                    ac:6d:85:ad:8c:39:75:d4:91:c4:5d:a2:5f:0a:48:
                    d7:50:c3:eb:ad:7a:f3:36:45:e4:22:24:9b:e3:6e:
                    d8:d6:60:27:0f:09:ab:53:a6:c3:5f:30:46:f8:a7:
                    92:c8:c1:62:9e:a4:35:47:ab:13:8f:eb:b8:16:07:
                    59:77:49:b0:2c:d5:1a:a3:c1:3b:00:2f:66:76:18:
                    8e:0a:76:52:f7:c7:bd:32:12:a6:8f:39:87:8d:59:
                    43:37:77:24:dd:c5:9b:ce:a4:16:6f:9b:f5:36:74:
                    c2:d4:0e:4a:69:6a:64:d0:b8:82:f0:61:18:e8:89:
                    3d:07:ae:f3:e2:9a:33:4b:bc:3f:ed:4b:61:ed:e0:
                    d4:b1:d8:0a:c8:e1:55:3c:c7:5d:b6:bd:1b:86:48:
                    bc:41:dd:7b:bb:ef:94:c2:d6:52:c7:dc:d4:0c:49:
                    d0:21:11:98:ef:36:16:39:c4:7e:c6:aa:ed:c4:24:
                    8b:72:d7:b7:9e:1b:1c:54:42:ec:1e:2e:38:21:13:
                    73:03:d4:de:c7:ba:da:08:03:43:ce:95:a5:b9:eb:
                    31:1e:83:76:1f:a6:81:12:83:cf:95:5c:cb:15:31:
                    25:9c:57:d5:3f:e3:4f:8c:b8:a9:25:53:e9:70:8f:
                    1d:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:9D:9D:07:90:14:58:3A:97:85:AE:BD:B4:4A:C2:BF:EF:25:23:DE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/905dad79-1e4d-436f-8193-3970daf5d651.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.224.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         a7:93:fc:45:76:54:6b:d4:e3:39:85:fa:c3:a9:15:70:16:a3:
         eb:cd:c2:d1:46:3c:54:a2:86:4d:b3:66:06:ee:20:4e:07:47:
         5a:50:32:f3:1d:47:a5:fd:32:3a:77:37:77:7f:4c:ae:92:2d:
         54:fd:7d:18:c1:5b:42:85:69:4b:f2:be:44:a8:69:40:2f:a2:
         01:70:13:b6:53:88:fe:1f:08:fc:16:58:4d:8a:d1:d9:d6:e7:
         fb:2c:e1:b9:79:cf:30:2a:b7:4c:82:45:0d:0d:13:71:ef:a7:
         2a:13:b0:d8:a9:5a:17:5c:1e:e2:a0:eb:94:a8:fd:21:50:c9:
         bb:47:d3:3e:10:32:42:8e:72:94:18:fd:7e:e7:14:98:8d:94:
         06:c2:47:f1:e9:95:65:aa:b0:db:72:47:97:31:91:83:d8:51:
         70:30:5c:e5:2e:2b:cb:cf:ca:e9:59:6c:02:42:c9:f4:cf:aa:
         65:ef:85:23:c6:3d:24:b8:49:eb:89:21:3a:a8:14:88:cc:19:
         cb:b9:07:99:1e:0d:d7:6f:76:ba:dd:6d:73:98:aa:cb:06:4e:
         cc:26:8c:b9:9c:a7:c9:13:b9:0c:e2:af:58:44:d5:ba:a8:21:
         2c:02:7b:82:e0:ea:52:44:7e:9a:58:f1:0f:2e:42:6f:34:d6:
         88:da:96:af
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUMZS0kOonxdQZsoOMgxT9Z2FkdPAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNjZiNjllMjk5NDA0ZTczYzg1YWUyZWYyYWNjZjM1NTE5
NWFlYjUzNDdlMjU4YTM5MjcyYmE3MGUzNzgxYTZkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClvYRSzzuhI9m/s+3MeKxtha2MOXXUkcRdol8KSNdQw+ut
evM2ReQiJJvjbtjWYCcPCatTpsNfMEb4p5LIwWKepDVHqxOP67gWB1l3SbAs1Rqj
wTsAL2Z2GI4KdlL3x70yEqaPOYeNWUM3dyTdxZvOpBZvm/U2dMLUDkppamTQuILw
YRjoiT0HrvPimjNLvD/tS2Ht4NSx2ArI4VU8x122vRuGSLxB3Xu775TC1lLH3NQM
SdAhEZjvNhY5xH7Gqu3EJIty17eeGxxUQuweLjghE3MD1N7HutoIA0POlaW56zEe
g3YfpoESg8+VXMsVMSWcV9U/40+MuKklU+lwjx1zAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQURZ2dB5AUWDqXha69tErCv+8lI94wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzkwNWRhZDc5LTFlNGQtNDM2Zi04MTkzLTM5NzBkYWY1ZDY1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQ24DANBgkqhkiG9w0BAQsFAAOCAQEAp5P8RXZUa9TjOYX6w6kVcBaj683C
0UY8VKKGTbNmBu4gTgdHWlAy8x1Hpf0yOnc3d39MrpItVP19GMFbQoVpS/K+RKhp
QC+iAXATtlOI/h8I/BZYTYrR2dbn+yzhuXnPMCq3TIJFDQ0Tce+nKhOw2KlaF1we
4qDrlKj9IVDJu0fTPhAyQo5ylBj9fucUmI2UBsJH8emVZaqw23JHlzGRg9hRcDBc
5S4ry8/K6VlsAkLJ9M+qZe+FI8Y9JLhJ64khOqgUiMwZy7kHmR4N1292ut1tc5iq
ywZOzCaMuZynyRO5DOKvWETVuqghLAJ7guDqUkR+mljxDy5CbzTWiNqWrw==
-----END CERTIFICATE-----