Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/303a5c41-224f-4313-921f-dc92cb3da8cc.roa
File:                     303a5c41-224f-4313-921f-dc92cb3da8cc.roa (raw, json)
Hash identifier:          WHeWlM6/L+En/BeyUfEXzUL5cOfVfu8XcoEcRhiuT38=
Subject key identifier:   70:47:EA:59:7D:5C:5A:60:A4:5E:D5:7F:55:4B:09:1F:38:9F:45:DD
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       16B5AD955F5413C985C11EF616C0BDC0927EA45C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/303a5c41-224f-4313-921f-dc92cb3da8cc.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.48.0.0/14 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:b5:ad:95:5f:54:13:c9:85:c1:1e:f6:16:c0:bd:c0:92:7e:a4:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a4:3d:5e:b0:9b:ce:a7:04:b7:0b:3b:80:4c:
                    71:45:d4:68:ab:f5:0b:5a:c3:b3:34:f3:42:17:4d:
                    ef:c3:99:a1:33:02:59:b0:2b:7f:42:ba:b3:be:3e:
                    df:40:87:8e:a1:04:04:48:7f:a8:79:19:41:20:aa:
                    ca:27:7d:b8:2a:cc:14:51:89:1e:2a:bc:b1:bb:f4:
                    66:31:4e:ab:da:f4:38:41:b7:cc:04:d5:0d:d6:37:
                    cf:97:36:5e:1e:65:3b:43:ba:a5:c0:e3:cf:c7:e8:
                    ce:00:22:fd:d9:bd:a2:88:0e:5f:2d:37:c4:4f:81:
                    d0:a6:9c:a2:01:3d:40:3e:e1:bc:70:ae:49:bb:40:
                    83:dd:42:aa:11:56:cd:b8:29:e4:f6:ce:cb:d4:02:
                    83:2f:5c:79:f0:85:34:2e:26:d8:0c:fd:02:d2:95:
                    d8:6c:04:87:8e:5e:3e:65:7f:29:27:44:a1:19:a0:
                    00:78:a0:7c:bc:54:66:bc:c1:5c:40:01:56:f5:10:
                    2d:12:6c:1b:09:9e:91:ce:2c:7b:30:bb:90:bd:ac:
                    78:e5:64:38:0e:bb:1d:92:be:11:f9:a3:6a:87:21:
                    38:42:6b:66:84:c9:02:e6:75:31:51:c4:be:da:cf:
                    8b:30:cf:5c:be:f8:9a:85:0b:a7:9d:90:d5:cb:96:
                    74:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:47:EA:59:7D:5C:5A:60:A4:5E:D5:7F:55:4B:09:1F:38:9F:45:DD
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/303a5c41-224f-4313-921f-dc92cb3da8cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.48.0.0/14

    Signature Algorithm: sha256WithRSAEncryption
         20:8c:9d:d3:02:0a:1f:98:98:f1:6c:30:e2:e3:2c:d6:2b:fe:
         5d:db:a6:e7:43:ee:35:d3:a8:a5:f3:84:d9:c8:1b:cd:22:35:
         38:58:5a:22:cb:7c:d9:48:64:32:39:0c:0c:ed:d0:f2:f5:95:
         74:63:51:8a:b9:c4:60:e4:e1:a4:9c:83:36:d5:ff:e1:27:1a:
         2f:4e:c0:92:c5:c3:53:47:a4:54:4a:cb:07:1a:0f:88:c7:d5:
         6d:f4:02:d8:9c:27:0a:77:fd:1a:44:2b:e2:b5:71:44:83:cf:
         4a:36:5f:6f:bf:22:b6:77:b9:a0:e6:3c:e4:ea:ba:55:94:1d:
         4e:45:7e:b5:5b:5b:63:39:ac:81:97:a4:f8:62:a5:de:d9:5a:
         f5:b0:61:3c:1f:b9:1b:a7:4f:6d:4c:a8:5d:d7:72:b1:50:a3:
         00:13:23:ad:f2:2e:62:c5:72:c4:f0:d6:cb:f9:47:05:51:ce:
         29:c2:09:c1:f1:08:3a:96:b5:15:42:e3:cd:39:a7:3a:d2:83:
         a7:f2:d3:44:33:cf:81:cd:c7:0c:a2:a3:82:d3:d8:22:91:78:
         9a:cb:6b:4b:39:5e:2c:59:9a:76:6e:2a:fc:66:f9:d2:53:4f:
         ed:6b:a5:f3:23:a6:a7:b3:4b:ec:75:63:72:dc:70:4c:29:4a:
         f1:22:dd:a8
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFrWtlV9UE8mFwR72FsC9wJJ+pFwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDhhYjJkZmUzYTRjNWVmNWQzYzhlMDg0ZGI5MzdiZWM4
NTI0NjczMWY2OTc1YzllZTQ4NjM2NjljZTAyOTExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4pD1esJvOpwS3CzuATHFF1Gir9Qtaw7M080IXTe/DmaEz
AlmwK39CurO+Pt9Ah46hBARIf6h5GUEgqsonfbgqzBRRiR4qvLG79GYxTqva9DhB
t8wE1Q3WN8+XNl4eZTtDuqXA48/H6M4AIv3ZvaKIDl8tN8RPgdCmnKIBPUA+4bxw
rkm7QIPdQqoRVs24KeT2zsvUAoMvXHnwhTQuJtgM/QLSldhsBIeOXj5lfyknRKEZ
oAB4oHy8VGa8wVxAAVb1EC0SbBsJnpHOLHswu5C9rHjlZDgOux2SvhH5o2qHIThC
a2aEyQLmdTFRxL7az4swz1y++JqFC6edkNXLlnRTAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUcEfqWX1cWmCkXtV/VUsJHzifRd0wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzMwM2E1YzQxLTIyNGYtNDMxMy05MjFmLWRjOTJjYjNkYThjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwI0MDANBgkqhkiG9w0BAQsFAAOCAQEAIIyd0wIKH5iY8Www4uMs1iv+Xdum
50PuNdOopfOE2cgbzSI1OFhaIst82UhkMjkMDO3Q8vWVdGNRirnEYOThpJyDNtX/
4ScaL07AksXDU0ekVErLBxoPiMfVbfQC2JwnCnf9GkQr4rVxRIPPSjZfb78itne5
oOY85Oq6VZQdTkV+tVtbYzmsgZek+GKl3tla9bBhPB+5G6dPbUyoXddysVCjABMj
rfIuYsVyxPDWy/lHBVHOKcIJwfEIOpa1FULjzTmnOtKDp/LTRDPPgc3HDKKjgtPY
IpF4mstrSzleLFmadm4q/Gb50lNP7Wul8yOmp7NL7HVjctxwTClK8SLdqA==
-----END CERTIFICATE-----