Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/367c0bbc-6881-48c5-b2e9-0e1e30f9fb7a.roa
File:                     367c0bbc-6881-48c5-b2e9-0e1e30f9fb7a.roa (raw, json)
Hash identifier:          yQ0w2J2clXS794hqbNBKQPVGTDz8OmPVLkfiTFOrdSA=
Subject key identifier:   0F:51:DD:01:71:08:58:0B:9B:1C:11:2C:3D:E4:F0:90:3A:5E:DC:E1
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       715557E9A0961EB910E3919E762017174E09D242
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/367c0bbc-6881-48c5-b2e9-0e1e30f9fb7a.roa
Signing time:             Fri 13 Dec 2024 00:00:00 +0000
ROA not before:           Fri 13 Dec 2024 00:00:00 +0000
ROA not after:            Fri 17 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        52.220.0.0/15 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:55:57:e9:a0:96:1e:b9:10:e3:91:9e:76:20:17:17:4e:09:d2:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 13 00:00:00 2024 GMT
            Not After : Jan 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ea:fe:e9:c3:82:de:58:51:89:dc:6f:a1:e1:
                    f0:d8:76:e6:a1:0a:37:17:02:a2:77:ad:9f:fc:d5:
                    ed:2b:58:35:82:47:58:45:73:d6:10:a6:15:61:e2:
                    b0:7c:4e:e7:5c:5c:02:72:aa:e6:f2:8b:25:4b:72:
                    46:56:f0:41:87:26:fb:36:86:cf:54:f9:34:41:1c:
                    53:3b:19:31:8a:73:c0:83:65:b7:5c:82:90:f9:c4:
                    88:fe:e6:c0:cc:a4:01:12:fb:aa:72:95:59:82:71:
                    38:5c:24:aa:43:79:31:97:a8:38:4b:b7:80:dc:19:
                    2a:02:01:46:77:09:0a:0a:fc:7c:26:40:d4:e9:5d:
                    5c:6f:ca:02:da:13:f8:65:12:da:4d:a5:c0:8e:b7:
                    d9:5b:0e:b7:77:83:d7:6c:40:c8:68:e2:62:f1:be:
                    b7:90:bf:cf:8f:46:18:1c:82:c1:5b:c5:70:c7:f5:
                    6d:7c:f2:5f:f9:bc:41:8e:e8:89:80:67:f8:c4:8d:
                    54:57:82:f6:fa:16:d6:10:8e:db:4a:d2:84:a6:b5:
                    cc:22:d0:96:79:ae:8d:61:ee:72:57:8e:ea:70:e7:
                    70:08:29:4b:8d:fc:d7:33:64:10:5c:b0:cd:56:1c:
                    c9:a5:4d:27:12:1e:a1:bc:01:0e:83:2b:07:39:be:
                    96:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:51:DD:01:71:08:58:0B:9B:1C:11:2C:3D:E4:F0:90:3A:5E:DC:E1
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/367c0bbc-6881-48c5-b2e9-0e1e30f9fb7a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.220.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         85:6c:4a:f5:69:03:16:d8:3c:48:d2:28:3f:6f:b0:1c:55:37:
         c8:f8:b3:23:8e:ec:25:aa:72:fe:5d:f2:35:29:4a:34:28:7a:
         39:99:28:72:85:eb:ee:88:59:69:4f:79:6a:ee:ce:c7:a8:30:
         2b:0e:32:5f:de:cd:0c:14:f2:8e:79:46:1d:bd:7f:8e:11:60:
         83:07:56:1f:e2:ac:d2:b4:7b:8c:45:6c:ff:8a:24:85:a8:1a:
         87:e1:d1:4c:5e:d2:12:bd:3f:bd:6a:3f:b2:66:e3:57:96:c7:
         3a:76:b0:fe:36:9e:2d:71:cf:97:92:ed:5d:66:3e:4d:16:da:
         3a:eb:35:49:b5:fb:dc:53:04:ca:6b:4b:b4:84:63:9b:c7:c5:
         9c:b3:79:1c:4d:63:d9:0d:73:d4:44:37:a8:bb:47:e1:0c:bd:
         f9:cd:04:15:95:1d:7a:3f:bb:55:7b:08:24:51:40:d4:c0:2b:
         3a:c5:3d:be:df:39:c0:9a:99:e4:43:75:ba:1f:64:60:70:6a:
         ef:21:df:55:4e:92:b7:84:9b:58:70:78:b5:fe:98:2b:c1:08:
         d4:c2:b0:62:e1:93:f0:6b:22:ad:e5:43:28:26:66:28:b8:af:
         a5:53:2a:52:c0:68:40:a6:c1:2d:d3:b0:f9:63:71:52:03:db:
         71:e3:e3:5b
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcVVX6aCWHrkQ45GediAXF04J0kIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEzMDAwMDAwWhcNMjUwMTE3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmZWRlYWQwODc2ZmU1M2ViYWY0Mjg3YjZiYjQ5MzZlNmFk
Yjg3MTJmYTMyZDk3YjI4OTE4Y2M2NDg5ODEwY2VjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDU6v7pw4LeWFGJ3G+h4fDYduahCjcXAqJ3rZ/81e0rWDWC
R1hFc9YQphVh4rB8TudcXAJyqubyiyVLckZW8EGHJvs2hs9U+TRBHFM7GTGKc8CD
ZbdcgpD5xIj+5sDMpAES+6pylVmCcThcJKpDeTGXqDhLt4DcGSoCAUZ3CQoK/Hwm
QNTpXVxvygLaE/hlEtpNpcCOt9lbDrd3g9dsQMho4mLxvreQv8+PRhgcgsFbxXDH
9W188l/5vEGO6ImAZ/jEjVRXgvb6FtYQjttK0oSmtcwi0JZ5ro1h7nJXjupw53AI
KUuN/NczZBBcsM1WHMmlTScSHqG8AQ6DKwc5vpb7AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUD1HdAXEIWAubHBEsPeTwkDpe3OEwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzM2N2MwYmJjLTY4ODEtNDhjNS1iMmU5LTBlMWUzMGY5ZmI3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE03DANBgkqhkiG9w0BAQsFAAOCAQEAhWxK9WkDFtg8SNIoP2+wHFU3yPiz
I47sJapy/l3yNSlKNCh6OZkocoXr7ohZaU95au7Ox6gwKw4yX97NDBTyjnlGHb1/
jhFggwdWH+Ks0rR7jEVs/4okhagah+HRTF7SEr0/vWo/smbjV5bHOnaw/jaeLXHP
l5LtXWY+TRbaOus1SbX73FMEymtLtIRjm8fFnLN5HE1j2Q1z1EQ3qLtH4Qy9+c0E
FZUdej+7VXsIJFFA1MArOsU9vt85wJqZ5EN1uh9kYHBq7yHfVU6St4SbWHB4tf6Y
K8EI1MKwYuGT8GsireVDKCZmKLivpVMqUsBoQKbBLdOw+WNxUgPbcePjWw==
-----END CERTIFICATE-----