Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99863a4d-f4e7-4850-9e04-0d750f4f6177.roa
File:                     99863a4d-f4e7-4850-9e04-0d750f4f6177.roa (raw, json)
Hash identifier:          Gr38SCa97NSax/erPraO7rorw2FUfL2JhLg6jW3gRY4=
Subject key identifier:   1B:AC:93:46:E9:6B:51:38:C8:54:32:E1:69:4C:3A:67:E4:D2:03:76
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       74D7C27E00079490094156858F261B10B5946D4E
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99863a4d-f4e7-4850-9e04-0d750f4f6177.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.20.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:d7:c2:7e:00:07:94:90:09:41:56:85:8f:26:1b:10:b5:94:6d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:40:bf:cd:bd:80:f1:e1:ed:bd:45:0f:37:66:
                    7f:8c:9e:be:41:5a:8c:8e:bb:b9:b2:f8:95:bb:38:
                    9d:32:d3:ec:82:64:4c:87:3e:82:0e:6b:25:c2:38:
                    56:39:3f:56:ed:33:21:3e:4a:8f:25:ac:9a:a3:c5:
                    81:ea:31:6e:78:09:06:6a:b6:0e:43:59:b4:f6:f1:
                    22:55:f1:25:70:d2:9b:30:24:9f:88:c3:18:56:a5:
                    ce:e6:23:a2:ba:5b:56:99:bd:43:03:24:97:60:f9:
                    8d:e2:2f:96:54:3b:cf:4b:5c:8f:db:c6:2b:d1:73:
                    20:64:94:03:c6:30:30:1e:02:80:f1:00:6c:9e:76:
                    aa:4e:43:81:40:fe:60:73:e2:90:fa:49:9e:8b:2e:
                    b1:c0:89:d3:a2:1e:52:71:fc:6b:bf:26:6b:01:fd:
                    b9:fd:23:54:5c:fa:fa:f0:9a:51:cc:8d:4a:e9:65:
                    12:7c:90:38:13:d1:f8:2c:a6:69:0b:e4:f2:76:10:
                    42:db:df:a7:de:89:d4:44:4d:f1:35:03:b6:82:b9:
                    37:87:b2:56:e3:4d:d2:e7:37:29:09:50:c9:8c:a7:
                    dc:c5:75:2a:6a:d0:2a:76:82:2f:dd:e0:7d:13:c4:
                    c1:0a:c9:ca:8d:c9:97:b8:36:f3:ac:b7:d9:e4:69:
                    14:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:AC:93:46:E9:6B:51:38:C8:54:32:E1:69:4C:3A:67:E4:D2:03:76
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99863a4d-f4e7-4850-9e04-0d750f4f6177.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.20.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         13:43:0b:3b:3e:41:9d:64:3b:4d:24:ea:4e:0a:d7:5a:9d:64:
         6b:80:8b:bc:03:4b:61:af:b6:4e:74:13:cf:25:89:9d:a7:5c:
         c0:54:18:f9:fa:d7:12:d4:af:54:85:31:49:00:ad:ca:5a:f0:
         4f:98:c0:af:c7:99:02:ae:01:3f:08:97:58:ca:9b:1c:6e:a6:
         c6:bc:b5:78:f1:2e:55:20:97:d3:15:1a:79:c3:b8:04:65:44:
         03:44:45:ca:09:92:82:55:07:c6:48:91:c5:fe:47:53:f2:93:
         d9:c2:d1:6b:4a:57:87:40:cf:4f:96:04:ee:23:79:90:7f:75:
         a3:b6:7a:4b:f1:00:81:d6:2e:3a:fd:fc:3c:e3:b6:f8:e5:97:
         08:c3:0a:70:a1:c4:e7:93:ad:66:ab:51:e7:ba:f1:d0:67:20:
         1a:ee:4d:80:bb:e6:42:be:ae:b1:41:94:97:de:af:84:8d:9b:
         2c:bb:c2:97:f1:67:34:05:27:9f:3b:40:67:a4:91:0e:a7:67:
         de:ee:00:25:12:15:35:ca:28:55:93:58:37:64:8c:28:24:f3:
         3c:07:35:bb:e7:e5:f8:5c:bd:6f:47:34:42:5f:60:ec:13:d8:
         98:05:f4:bb:e0:c3:23:37:4e:e2:1c:4f:ce:3e:36:cb:f2:3c:
         2a:d4:d6:92
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdNfCfgAHlJAJQVaFjyYbELWUbU4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNTdlODUxYWE0M2U0M2UzMGY5OTE0NzEzYjgwNzc5NGI0
YWRkMDlmMDhjMzg1ZWRkNDk4M2VlNTljZGY2NmI5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClQL/NvYDx4e29RQ83Zn+Mnr5BWoyOu7my+JW7OJ0y0+yC
ZEyHPoIOayXCOFY5P1btMyE+So8lrJqjxYHqMW54CQZqtg5DWbT28SJV8SVw0psw
JJ+IwxhWpc7mI6K6W1aZvUMDJJdg+Y3iL5ZUO89LXI/bxivRcyBklAPGMDAeAoDx
AGyedqpOQ4FA/mBz4pD6SZ6LLrHAidOiHlJx/Gu/JmsB/bn9I1Rc+vrwmlHMjUrp
ZRJ8kDgT0fgspmkL5PJ2EELb36feidRETfE1A7aCuTeHslbjTdLnNykJUMmMp9zF
dSpq0Cp2gi/d4H0TxMEKycqNyZe4NvOst9nkaRS1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUG6yTRulrUTjIVDLhaUw6Z+TSA3YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5ODYzYTRkLWY0ZTctNDg1MC05ZTA0LTBkNzUwZjRmNjE3Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI0FDANBgkqhkiG9w0BAQsFAAOCAQEAE0MLOz5BnWQ7TSTqTgrXWp1ka4CL
vANLYa+2TnQTzyWJnadcwFQY+frXEtSvVIUxSQCtylrwT5jAr8eZAq4BPwiXWMqb
HG6mxry1ePEuVSCX0xUaecO4BGVEA0RFygmSglUHxkiRxf5HU/KT2cLRa0pXh0DP
T5YE7iN5kH91o7Z6S/EAgdYuOv38POO2+OWXCMMKcKHE55OtZqtR57rx0GcgGu5N
gLvmQr6usUGUl96vhI2bLLvCl/FnNAUnnztAZ6SRDqdn3u4AJRIVNcooVZNYN2SM
KCTzPAc1u+fl+Fy9b0c0Ql9g7BPYmAX0u+DDIzdO4hxPzj42y/I8KtTWkg==
-----END CERTIFICATE-----