Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa
File:                     074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa (raw, json)
Hash identifier:          +e+Yw9mCOg1s/HdZnPnmiYmpcTwC7TTs1NPpQMorSUQ=
Subject key identifier:   27:FB:54:BC:4E:C1:6B:7B:CF:62:A7:67:C5:19:EE:FA:1D:17:F7:24
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       3BCE300D0BCD6579F848729050E9A4E6489A4000
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.232.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:ce:30:0d:0b:cd:65:79:f8:48:72:90:50:e9:a4:e6:48:9a:40:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:7e:71:3f:a2:85:ed:91:7e:2b:49:42:61:2d:
                    ef:f4:ba:06:d6:d0:2a:84:33:46:d5:ac:54:ce:3b:
                    84:2e:ce:0f:62:df:91:35:c7:6d:44:2d:df:02:0a:
                    81:a5:8b:aa:af:09:55:7e:f2:4e:91:fc:01:cd:98:
                    64:57:be:f8:58:fb:e3:01:fc:d0:d6:a7:a3:ca:16:
                    ec:27:cd:cb:69:75:11:8e:91:d7:4f:66:41:a8:58:
                    2a:bb:e8:31:d8:0d:6f:1b:a2:37:c1:03:77:89:12:
                    ea:e1:59:1d:b0:27:8c:aa:48:a6:00:2a:83:1d:2f:
                    31:eb:32:2a:f7:5a:5c:24:dc:0f:99:32:36:10:5f:
                    0c:2c:b3:f1:1f:6c:f5:03:3c:34:0b:01:11:88:bc:
                    ee:30:ce:8b:cf:8f:5b:22:e9:e7:00:52:20:9f:d1:
                    71:f1:b8:da:2b:22:09:83:2c:f9:00:40:31:c8:ea:
                    85:1d:94:2b:7d:9a:fa:3c:6a:b6:aa:2e:d5:1f:76:
                    f3:eb:ca:35:8e:91:17:2a:cc:1f:fe:f4:f5:62:fe:
                    da:e1:40:2e:f8:e3:f8:e5:d1:c4:af:b9:6d:9f:ff:
                    16:14:ea:22:e0:1c:e9:00:15:d1:26:cf:69:26:68:
                    30:f7:53:d6:68:d3:3d:8d:47:42:a4:bd:7a:ac:82:
                    93:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:FB:54:BC:4E:C1:6B:7B:CF:62:A7:67:C5:19:EE:FA:1D:17:F7:24
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/074a85fd-ab8a-4d6a-beec-e90fa6560ff9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.232.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a1:32:80:d7:1c:1a:52:b1:6c:81:7a:54:15:81:04:47:33:5c:
         d0:21:f4:a1:32:b4:a8:1e:f8:2d:57:23:63:19:a1:36:e1:7d:
         cd:e9:4c:24:36:55:ec:7e:10:8d:63:31:b6:ab:e7:9b:6d:d0:
         c1:ac:8f:2b:6a:86:04:21:6f:dd:81:11:ee:5b:96:a3:ad:8d:
         5c:ec:e1:20:70:24:eb:e1:d3:c4:0a:fa:89:ff:bf:ec:b0:86:
         d4:01:8f:e7:2b:97:e2:90:57:77:ad:29:f7:3c:6d:48:04:d5:
         84:4c:fe:c4:df:91:e7:c1:97:28:ac:9a:e4:66:24:f0:60:dd:
         3a:17:19:04:ee:b2:b1:c9:8c:ae:3f:5f:7c:42:5c:33:b6:35:
         43:51:4f:3f:1f:06:b2:a1:f0:d2:9f:47:12:22:8b:85:9a:3d:
         8c:2a:fb:5f:9a:ca:4a:df:81:2d:56:2e:a5:fb:90:cf:c0:0f:
         85:77:10:44:22:59:79:e7:73:8b:e5:2a:3a:41:c8:09:5a:4d:
         be:db:d3:b4:f8:1d:4d:6c:da:6e:64:9f:6f:07:53:de:98:43:
         4c:67:4a:ca:31:cc:0c:57:5f:82:01:3d:13:73:ae:1d:0d:5a:
         4c:2e:c9:ba:f7:54:0f:b5:34:28:85:ce:09:1b:26:b3:bd:fe:
         bc:cd:58:09
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUO84wDQvNZXn4SHKQUOmk5kiaQAAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiN2EyYmY3Y2JmZTYxYWY0ZmI4YzQ1NzY1NDcwMGIwNWMz
ZjczM2Y0MmJiNjE0ZTFhMzA3YTM2YzcyYTE5YTA2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvfnE/ooXtkX4rSUJhLe/0ugbW0CqEM0bVrFTOO4Quzg9i
35E1x21ELd8CCoGli6qvCVV+8k6R/AHNmGRXvvhY++MB/NDWp6PKFuwnzctpdRGO
kddPZkGoWCq76DHYDW8bojfBA3eJEurhWR2wJ4yqSKYAKoMdLzHrMir3Wlwk3A+Z
MjYQXwwss/EfbPUDPDQLARGIvO4wzovPj1si6ecAUiCf0XHxuNorIgmDLPkAQDHI
6oUdlCt9mvo8araqLtUfdvPryjWOkRcqzB/+9PVi/trhQC744/jl0cSvuW2f/xYU
6iLgHOkAFdEmz2kmaDD3U9Zo0z2NR0KkvXqsgpMBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUJ/tUvE7Ba3vPYqdnxRnu+h0X9yQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzA3NGE4NWZkLWFiOGEtNGQ2YS1iZWVjLWU5MGZhNjU2MGZmOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA26DANBgkqhkiG9w0BAQsFAAOCAQEAoTKA1xwaUrFsgXpUFYEERzNc0CH0
oTK0qB74LVcjYxmhNuF9zelMJDZV7H4QjWMxtqvnm23QwayPK2qGBCFv3YER7luW
o62NXOzhIHAk6+HTxAr6if+/7LCG1AGP5yuX4pBXd60p9zxtSATVhEz+xN+R58GX
KKya5GYk8GDdOhcZBO6yscmMrj9ffEJcM7Y1Q1FPPx8GsqHw0p9HEiKLhZo9jCr7
X5rKSt+BLVYupfuQz8APhXcQRCJZeedzi+UqOkHICVpNvtvTtPgdTWzabmSfbwdT
3phDTGdKyjHMDFdfggE9E3OuHQ1aTC7JuvdUD7U0KIXOCRsms73+vM1YCQ==
-----END CERTIFICATE-----