Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e07e78b7-27b5-4832-b75b-d970cd307901.roa
File:                     e07e78b7-27b5-4832-b75b-d970cd307901.roa (raw, json)
Hash identifier:          RWalgjuTtmyuzeYOgb24cxTh/4aV5SOCIA5OmFzOQWM=
Subject key identifier:   03:0E:0D:84:01:9E:AC:AE:3D:42:2F:09:1E:61:5F:88:AA:F7:46:22
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       5E0CD31F7DF9AA418B2374A66159CE056C707114
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e07e78b7-27b5-4832-b75b-d970cd307901.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.64.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:0c:d3:1f:7d:f9:aa:41:8b:23:74:a6:61:59:ce:05:6c:70:71:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6f:b9:54:6e:7e:97:7b:b5:d0:3f:40:2a:b5:
                    ec:95:d1:b3:b1:8b:1e:07:90:77:35:01:8b:8c:6d:
                    bb:4d:18:e2:34:15:fb:3b:98:24:f2:b7:18:66:c2:
                    c5:08:b5:a1:6e:fa:f4:8b:a2:05:51:d8:77:24:a0:
                    79:bc:e5:4a:af:83:94:bb:ab:15:ca:04:9c:52:18:
                    40:c3:c2:b3:7a:55:e4:1b:07:2c:84:17:d8:94:6e:
                    b7:96:59:b1:cf:e7:ef:63:7f:71:c9:e2:71:6f:f6:
                    af:2a:3a:dc:32:a3:92:5d:3a:26:22:ee:ee:f3:21:
                    e6:93:0f:03:32:f6:c0:8a:77:44:f5:30:ab:65:59:
                    9f:38:65:33:1b:e1:9e:1b:f9:b1:7d:c7:6b:b0:14:
                    88:ea:58:af:06:b8:81:fc:4e:b7:b9:e6:26:1b:10:
                    65:3c:89:26:0d:2d:c0:18:dc:2c:b6:9a:7a:22:bb:
                    6f:6a:23:98:2c:f0:c6:9d:8e:ba:63:3c:ed:02:46:
                    dc:7f:49:31:e4:41:76:9c:0c:a0:df:b4:e0:b5:79:
                    66:e6:1f:b8:b7:8b:c4:3f:bd:98:5c:06:6a:14:77:
                    9c:67:08:ce:7e:80:f2:df:b3:79:65:34:2d:30:3c:
                    b7:ca:ff:09:97:b4:66:60:ce:5a:d0:f7:b6:20:b3:
                    2c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:0E:0D:84:01:9E:AC:AE:3D:42:2F:09:1E:61:5F:88:AA:F7:46:22
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/e07e78b7-27b5-4832-b75b-d970cd307901.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.64.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         89:06:63:96:5a:63:ed:e8:fb:37:5a:f2:89:28:ee:3c:09:d5:
         99:c9:3c:fd:3e:da:30:66:e2:ae:82:17:fb:67:45:14:9e:93:
         b4:b0:88:a4:3d:e5:65:a1:0d:27:99:4a:3a:5f:2a:14:3d:75:
         25:b3:40:0b:22:0e:50:d8:c0:c8:75:a4:e9:4b:4f:73:74:6a:
         42:eb:4b:1f:ac:58:c1:07:97:a2:de:24:8e:e6:a2:23:22:4b:
         84:b3:57:6d:d9:0c:79:f5:49:a4:18:eb:bb:82:97:db:8f:44:
         87:61:41:0d:79:ef:22:6b:0f:7d:93:29:2f:a9:48:b4:aa:f0:
         0e:2d:49:e2:65:2e:fb:71:97:e5:81:0c:db:de:c9:46:00:fb:
         95:1a:c6:88:24:5c:53:6e:5e:71:f9:81:20:d7:17:98:0b:1d:
         3a:d0:5e:f0:84:5c:be:36:19:f4:30:b0:af:f1:1b:ff:90:a4:
         80:a9:98:71:52:55:1b:60:26:87:51:d1:e6:f1:a2:3a:14:c2:
         b7:09:db:ad:da:a0:a5:d7:44:f2:59:d1:b6:26:7b:b5:94:43:
         8a:27:8f:21:25:7c:05:11:5a:34:06:c7:84:26:fa:53:3c:95:
         cc:a4:07:ad:8d:2a:18:07:8e:f8:d0:a2:bc:1b:4c:fd:32:6a:
         de:8c:26:f6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXgzTH335qkGLI3SmYVnOBWxwcRQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTJiMzY5NzZiMDk4Y2ViYmQ2MTkwOGQxYjFkNzRmYjkz
Y2U4MGE4NjkyOTk4NTI5MWZjNzMwYWU5MWE4MmI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFb7lUbn6Xe7XQP0AqteyV0bOxix4HkHc1AYuMbbtNGOI0
Ffs7mCTytxhmwsUItaFu+vSLogVR2HckoHm85Uqvg5S7qxXKBJxSGEDDwrN6VeQb
ByyEF9iUbreWWbHP5+9jf3HJ4nFv9q8qOtwyo5JdOiYi7u7zIeaTDwMy9sCKd0T1
MKtlWZ84ZTMb4Z4b+bF9x2uwFIjqWK8GuIH8Tre55iYbEGU8iSYNLcAY3Cy2mnoi
u29qI5gs8MadjrpjPO0CRtx/STHkQXacDKDftOC1eWbmH7i3i8Q/vZhcBmoUd5xn
CM5+gPLfs3llNC0wPLfK/wmXtGZgzlrQ97YgsyzNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAw4NhAGerK49Qi8JHmFfiKr3RiIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2UwN2U3OGI3LTI3YjUtNDgzMi1iNzViLWQ5NzBjZDMwNzkwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc0QAAwDQYJKoZIhvcNAQELBQADggEBAIkGY5ZaY+3o+zda8oko7jwJ1ZnJ
PP0+2jBm4q6CF/tnRRSek7SwiKQ95WWhDSeZSjpfKhQ9dSWzQAsiDlDYwMh1pOlL
T3N0akLrSx+sWMEHl6LeJI7moiMiS4SzV23ZDHn1SaQY67uCl9uPRIdhQQ157yJr
D32TKS+pSLSq8A4tSeJlLvtxl+WBDNveyUYA+5UaxogkXFNuXnH5gSDXF5gLHTrQ
XvCEXL42GfQwsK/xG/+QpICpmHFSVRtgJodR0ebxojoUwrcJ263aoKXXRPJZ0bYm
e7WUQ4onjyElfAURWjQGx4Qm+lM8lcykB62NKhgHjvjQorwbTP0yat6MJvY=
-----END CERTIFICATE-----