Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c245fb1c-919b-4908-af91-8b07333adeb8.roa
File:                     c245fb1c-919b-4908-af91-8b07333adeb8.roa (raw, json)
Hash identifier:          mpC4MyocPAqjsR6t1SV0HO5Er1NnvmC07kASYOHavS0=
Subject key identifier:   78:4D:5F:67:34:6D:59:4D:09:2A:3A:2C:A0:67:4E:E8:AD:CD:F1:6D
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3B1C858E942CA8DEC58962AE3E5151E6E42C847C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c245fb1c-919b-4908-af91-8b07333adeb8.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.219.62.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:1c:85:8e:94:2c:a8:de:c5:89:62:ae:3e:51:51:e6:e4:2c:84:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:e7:b3:9c:c9:ac:99:56:2b:23:6a:16:f1:37:
                    74:57:7d:5b:24:db:48:38:28:fa:34:91:44:56:dd:
                    0d:81:ae:8f:92:b2:2e:c6:f6:e2:f4:c0:93:7b:90:
                    a1:20:08:ce:49:ea:2c:1d:d1:55:df:64:6f:44:fd:
                    04:af:d6:e2:93:ac:73:a8:e0:79:0b:d7:62:29:c8:
                    da:db:46:56:c4:77:f3:87:ad:d3:e4:bf:83:28:57:
                    2d:65:99:36:f7:72:70:31:79:35:06:8e:58:ce:3a:
                    ec:52:a8:42:00:a2:82:98:2a:d7:a0:c4:c0:3b:a4:
                    52:6f:ab:60:0c:c4:cb:7a:e6:93:03:87:cd:27:3e:
                    b0:5d:2b:e4:58:43:9c:7a:c7:0b:da:e0:33:ad:7c:
                    6d:1d:ce:24:5d:6d:d9:4e:2f:6d:00:50:7c:64:99:
                    f1:a2:56:8d:fd:bb:f2:cc:f9:ca:b2:78:5d:a1:04:
                    64:95:6d:be:66:71:fe:0a:4c:56:05:77:dd:27:48:
                    6c:4e:fd:15:13:ca:ca:42:0c:be:7e:d7:00:07:db:
                    38:4f:d5:1d:b5:98:ad:c5:95:d9:b7:25:28:d3:96:
                    9b:c7:be:4b:ae:37:87:ec:14:5c:0c:57:09:56:20:
                    a3:16:c1:2c:8d:c5:b9:c3:07:b5:99:37:8d:c2:30:
                    ca:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:4D:5F:67:34:6D:59:4D:09:2A:3A:2C:A0:67:4E:E8:AD:CD:F1:6D
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c245fb1c-919b-4908-af91-8b07333adeb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.219.62.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2c:a7:d4:e2:47:4c:d5:ae:73:82:04:4d:af:90:9f:b1:4f:de:
         0e:59:e1:ac:16:a6:50:db:1b:cb:e2:d2:91:d8:2f:ba:5e:89:
         b5:c2:71:5a:b0:f2:9c:5d:9f:59:ea:52:5b:a2:cd:ea:7b:8c:
         55:8f:33:3e:ec:3e:fa:6f:f3:4d:55:db:a2:ec:0d:20:2f:e4:
         b2:33:ee:ff:26:95:75:d7:7c:97:31:0f:fb:9f:bc:ed:5a:03:
         d0:c9:71:bf:b7:02:eb:b0:7e:a4:ee:76:3f:e4:24:7b:d2:1b:
         f6:ea:6a:45:dc:0f:fa:fc:87:ac:a1:ed:e3:c1:4c:4b:12:73:
         46:3b:7d:79:fd:8b:06:e3:5a:c0:3e:a1:4e:ca:f7:d7:24:87:
         62:4c:15:73:ce:36:79:0c:4f:76:5f:62:54:a3:97:0e:2a:b8:
         a1:f0:2a:f9:66:e9:70:f1:2f:84:9c:a7:d9:11:d9:7f:31:68:
         b3:1c:23:1a:38:0b:94:fc:cc:c0:f3:c1:a4:1f:e5:b0:41:06:
         d2:a6:d4:79:0a:40:6f:0e:f7:07:0a:40:aa:f5:69:0d:df:dc:
         22:18:ca:f6:f2:0e:bc:22:cc:14:2a:43:8d:a5:04:7b:39:7f:
         8b:c7:7f:50:a3:08:4b:55:39:85:dc:2e:d9:d1:f2:49:7c:24:
         97:f1:79:24
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOxyFjpQsqN7FiWKuPlFR5uQshHwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlNWU5Y2ZjMDk3ZTQ2Mjc1M2YyNjgxZTcwOTM3MzU4ODhk
ZjZhNzFmNjllMzQ0MTc0YTc4MDBlNTcyNDA3NGZjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDh57OcyayZVisjahbxN3RXfVsk20g4KPo0kURW3Q2Bro+S
si7G9uL0wJN7kKEgCM5J6iwd0VXfZG9E/QSv1uKTrHOo4HkL12IpyNrbRlbEd/OH
rdPkv4MoVy1lmTb3cnAxeTUGjljOOuxSqEIAooKYKtegxMA7pFJvq2AMxMt65pMD
h80nPrBdK+RYQ5x6xwva4DOtfG0dziRdbdlOL20AUHxkmfGiVo39u/LM+cqyeF2h
BGSVbb5mcf4KTFYFd90nSGxO/RUTyspCDL5+1wAH2zhP1R21mK3Fldm3JSjTlpvH
vkuuN4fsFFwMVwlWIKMWwSyNxbnDB7WZN43CMMoVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUeE1fZzRtWU0JKjosoGdO6K3N8W0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2MyNDVmYjFjLTkxOWItNDkwOC1hZjkxLThiMDczMzNhZGViOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE02z4wDQYJKoZIhvcNAQELBQADggEBACyn1OJHTNWuc4IETa+Qn7FP3g5Z
4awWplDbG8vi0pHYL7peibXCcVqw8pxdn1nqUluizep7jFWPMz7sPvpv801V26Ls
DSAv5LIz7v8mlXXXfJcxD/ufvO1aA9DJcb+3AuuwfqTudj/kJHvSG/bqakXcD/r8
h6yh7ePBTEsSc0Y7fXn9iwbjWsA+oU7K99ckh2JMFXPONnkMT3ZfYlSjlw4quKHw
Kvlm6XDxL4Scp9kR2X8xaLMcIxo4C5T8zMDzwaQf5bBBBtKm1HkKQG8O9wcKQKr1
aQ3f3CIYyvbyDrwizBQqQ42lBHs5f4vHf1CjCEtVOYXcLtnR8kl8JJfxeSQ=
-----END CERTIFICATE-----