Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ccd4f57c-921a-4dd9-ad3c-0ec02479dc33.roa
File:                     ccd4f57c-921a-4dd9-ad3c-0ec02479dc33.roa (raw, json)
Hash identifier:          vp3cConK82jwiqRc26gsY/iildykEcvpGfVJedBDZ5I=
Subject key identifier:   EC:12:92:EF:88:3C:F6:E7:75:BE:36:B4:8A:1D:B7:73:A8:B5:FA:D7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       11DACE4DF080C7AF781746E925CFC64713560729
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ccd4f57c-921a-4dd9-ad3c-0ec02479dc33.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.94.7.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:da:ce:4d:f0:80:c7:af:78:17:46:e9:25:cf:c6:47:13:56:07:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:61:35:32:ac:59:99:60:6e:c6:8b:fa:42:96:
                    60:01:f0:09:2a:b7:c8:10:ba:e4:81:7c:1e:42:a4:
                    ad:84:98:ff:18:4c:33:19:b3:1e:75:0b:4d:9b:dd:
                    9e:d3:62:7f:bf:f2:4a:98:9e:08:8c:53:d9:05:05:
                    a2:64:5f:b6:48:8c:7a:b2:25:e9:a1:df:7e:88:63:
                    45:45:1d:38:ab:d4:c5:71:9a:37:a8:a3:21:4a:33:
                    91:0b:bb:75:f7:4d:6a:9c:f6:2e:b2:72:a3:b6:10:
                    9e:d4:4e:b8:d0:9a:7e:23:0a:71:30:ea:99:38:e4:
                    06:05:14:d6:ca:9f:2e:12:41:1a:51:7a:94:56:29:
                    08:46:f9:19:8d:86:0b:2c:d8:66:5d:f3:57:f3:41:
                    85:af:3d:b9:ae:06:1d:63:05:ca:3d:31:ea:cc:ab:
                    5e:1b:ea:32:d4:34:ad:39:98:af:98:7e:c7:e6:44:
                    97:6c:58:45:4b:2c:06:88:eb:9b:21:9e:be:f4:b0:
                    12:22:d3:2a:8c:19:f9:74:fa:6c:3c:40:04:06:07:
                    2c:e3:51:be:76:a3:d9:fc:d0:72:41:31:f3:24:9d:
                    4c:c5:89:d2:93:db:88:e3:33:1e:b7:f7:a0:6e:9a:
                    62:7d:e8:f8:01:10:79:52:a4:20:19:a4:4c:59:03:
                    ef:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:12:92:EF:88:3C:F6:E7:75:BE:36:B4:8A:1D:B7:73:A8:B5:FA:D7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/ccd4f57c-921a-4dd9-ad3c-0ec02479dc33.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.94.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:0b:cb:7d:98:ef:bc:53:21:74:fd:33:0e:cc:11:d6:62:ba:
         93:a2:53:e8:b0:eb:e6:fa:01:7d:ef:d4:07:0f:3f:60:89:5a:
         9e:bd:89:37:5a:13:14:45:fe:11:0a:6c:78:97:e5:cd:12:53:
         ee:5c:fb:1c:34:6d:93:92:6c:ff:a7:08:7e:33:2b:32:20:25:
         47:df:0c:15:99:5a:fc:29:b3:fd:77:3a:51:16:6d:34:51:9f:
         13:f5:8a:2e:c9:82:b7:ca:cb:c1:a9:1d:f0:dc:13:63:24:d2:
         be:e3:99:e3:36:a0:7a:77:25:ab:b1:dc:13:97:78:dc:82:25:
         35:ba:de:6a:c1:05:f1:11:4c:96:e1:71:32:12:de:eb:a6:aa:
         5a:09:82:f9:21:20:30:34:2b:09:0d:00:f1:2c:0f:6a:70:7f:
         7c:b3:7c:a9:70:9b:bb:9b:28:79:16:a1:5c:c7:80:5a:9c:da:
         b5:ba:f4:f5:c5:74:61:4a:89:de:16:c4:5c:6f:f7:d7:4c:2d:
         f9:d6:39:da:dd:12:a0:c3:d1:dd:9c:97:69:16:af:4f:c4:4d:
         89:5e:c1:9c:4f:90:98:79:43:36:d0:0f:21:d2:89:cd:73:9b:
         2e:88:cf:59:23:0b:88:6f:0f:06:d7:eb:63:e7:c7:f7:49:7b:
         df:a4:ed:3f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEdrOTfCAx694F0bpJc/GRxNWBykwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5ZDVkNjg1NGY2MGIxNjcyZmNjZGZhMjFmMTY4M2UyODA5
MWM4Nzg1YThmZDFmODUxZWE3NWEyYzVlZDlkNDkwMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8YTUyrFmZYG7Gi/pClmAB8Akqt8gQuuSBfB5CpK2EmP8Y
TDMZsx51C02b3Z7TYn+/8kqYngiMU9kFBaJkX7ZIjHqyJemh336IY0VFHTir1MVx
mjeooyFKM5ELu3X3TWqc9i6ycqO2EJ7UTrjQmn4jCnEw6pk45AYFFNbKny4SQRpR
epRWKQhG+RmNhgss2GZd81fzQYWvPbmuBh1jBco9MerMq14b6jLUNK05mK+Yfsfm
RJdsWEVLLAaI65shnr70sBIi0yqMGfl0+mw8QAQGByzjUb52o9n80HJBMfMknUzF
idKT24jjMx6396BummJ96PgBEHlSpCAZpExZA++vAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7BKS74g89ud1vja0ih23c6i1+tcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2NjZDRmNTdjLTkyMWEtNGRkOS1hZDNjLTBlYzAyNDc5ZGMzMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XgcwDQYJKoZIhvcNAQELBQADggEBAK4Ly32Y77xTIXT9Mw7MEdZiupOi
U+iw6+b6AX3v1AcPP2CJWp69iTdaExRF/hEKbHiX5c0SU+5c+xw0bZOSbP+nCH4z
KzIgJUffDBWZWvwps/13OlEWbTRRnxP1ii7JgrfKy8GpHfDcE2Mk0r7jmeM2oHp3
Jaux3BOXeNyCJTW63mrBBfERTJbhcTIS3uumqloJgvkhIDA0KwkNAPEsD2pwf3yz
fKlwm7ubKHkWoVzHgFqc2rW69PXFdGFKid4WxFxv99dMLfnWOdrdEqDD0d2cl2kW
r0/ETYlewZxPkJh5QzbQDyHSic1zmy6Iz1kjC4hvDwbX62Pnx/dJe9+k7T8=
-----END CERTIFICATE-----