Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/456215c2-dc17-4a5e-ad64-3686e912d503.roa
File:                     456215c2-dc17-4a5e-ad64-3686e912d503.roa (raw, json)
Hash identifier:          U1zwrDtJkSvhSFW9+cRmmV8xopCyAGgReps03ZrGClc=
Subject key identifier:   EF:13:7F:9C:A6:7C:13:F3:61:2E:5E:D8:51:1A:5A:9F:21:D5:4F:FC
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       032DD084E07B70A9E0E6775E45C15433761EE792
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/456215c2-dc17-4a5e-ad64-3686e912d503.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.149.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:2d:d0:84:e0:7b:70:a9:e0:e6:77:5e:45:c1:54:33:76:1e:e7:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:52:4e:43:da:24:9a:a0:3f:9c:d4:cc:19:c1:
                    9f:ba:5e:6e:19:d0:d5:5a:70:5c:57:7d:bc:7f:37:
                    2f:ce:a6:81:d1:c9:e6:a6:ad:9b:3f:f6:d1:b3:06:
                    2f:b2:a5:6c:bf:e3:36:96:60:ce:ed:5a:5a:e7:49:
                    9c:02:f7:ab:4c:0e:66:c2:9a:f6:4d:a4:15:63:f9:
                    02:f3:3b:0b:be:2f:d6:34:db:24:4e:73:86:a3:42:
                    b7:f5:7b:14:52:28:5d:50:d1:a4:cd:b4:72:5c:06:
                    c1:06:2b:1a:1e:c0:43:ee:4c:ad:93:5f:19:71:5a:
                    38:57:31:0a:cb:a6:5a:08:7c:e6:a4:ac:d0:27:65:
                    3f:62:a2:ec:b7:2c:01:ef:72:57:86:5f:d2:12:92:
                    64:c4:d2:d7:4b:b6:c4:29:bc:9a:0f:db:0f:4c:55:
                    2a:5e:b5:89:93:29:a6:0a:f1:09:b6:92:d8:ad:44:
                    75:91:c5:be:af:2c:a2:6c:39:3c:b3:b1:32:8c:22:
                    3b:44:36:68:5c:81:ab:95:44:d8:f5:d0:dd:c7:f3:
                    6a:15:3b:3c:d1:7f:ab:cf:41:8f:95:60:1f:f0:ba:
                    04:f0:ec:08:28:d7:9d:30:9e:cc:3c:a7:14:7e:16:
                    d6:8c:64:cd:7b:46:96:ff:3b:d4:39:4f:b5:cd:12:
                    21:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:13:7F:9C:A6:7C:13:F3:61:2E:5E:D8:51:1A:5A:9F:21:D5:4F:FC
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/456215c2-dc17-4a5e-ad64-3686e912d503.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:21:e0:07:28:a4:96:63:7b:1a:76:ba:3e:ac:ab:96:ea:2c:
         a0:1b:c7:d0:53:1b:8c:ce:83:24:08:66:77:78:94:b4:7e:0f:
         d0:35:02:98:0a:6c:b5:9b:72:6b:37:6d:68:fd:24:fa:8a:cc:
         c1:a1:e1:ae:21:4c:fe:b3:60:a5:24:93:06:81:3d:2b:29:d6:
         57:d8:e8:30:7f:09:7a:33:0f:70:fd:f2:da:7b:32:be:42:20:
         07:93:fe:8a:7d:cb:1f:97:15:4e:92:b2:93:4c:41:56:d9:34:
         0b:40:16:d8:cf:ea:d2:41:1b:da:6a:46:26:a3:85:04:5f:df:
         3d:38:e8:d8:c6:3b:82:bf:e7:f4:c1:39:f0:08:64:61:f5:32:
         55:19:7b:dc:f5:fd:df:71:fe:57:c2:ef:0c:bf:ef:6f:84:f4:
         b7:c3:d2:7f:61:7e:ba:1f:9a:0c:c5:d3:bb:f4:07:66:d2:d0:
         2a:59:f4:21:e8:5b:df:90:c6:3d:a7:a5:c6:5f:6b:76:14:80:
         46:88:18:f5:58:09:52:70:e2:f6:28:44:ee:4f:56:a1:b3:b4:
         a2:62:b3:0d:00:e9:b0:a9:c1:37:8a:a6:64:b7:90:d5:65:66:
         2a:7f:c8:e3:6c:f2:8c:b5:89:8b:a3:48:16:06:b8:7e:91:26:
         fc:a1:aa:b0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAy3QhOB7cKng5ndeRcFUM3Ye55IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A0YWRiYjFiMjJlOWNhMzkxNTQyMTQ1MTJiMWVmMzViOTU2
MTA1ZWM5NjI5ZmM4Njg5YjhiMzk5NTlmNWVmNGYyMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8Uk5D2iSaoD+c1MwZwZ+6Xm4Z0NVacFxXfbx/Ny/OpoHR
yeamrZs/9tGzBi+ypWy/4zaWYM7tWlrnSZwC96tMDmbCmvZNpBVj+QLzOwu+L9Y0
2yROc4ajQrf1exRSKF1Q0aTNtHJcBsEGKxoewEPuTK2TXxlxWjhXMQrLploIfOak
rNAnZT9iouy3LAHvcleGX9ISkmTE0tdLtsQpvJoP2w9MVSpetYmTKaYK8Qm2ktit
RHWRxb6vLKJsOTyzsTKMIjtENmhcgauVRNj10N3H82oVOzzRf6vPQY+VYB/wugTw
7Ago150wnsw8pxR+FtaMZM17Rpb/O9Q5T7XNEiGzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU7xN/nKZ8E/NhLl7YURpanyHVT/wwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzQ1NjIxNWMyLWRjMTctNGE1ZS1hZDY0LTM2ODZlOTEyZDUwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XZUwDQYJKoZIhvcNAQELBQADggEBACUh4AcopJZjexp2uj6sq5bqLKAb
x9BTG4zOgyQIZnd4lLR+D9A1ApgKbLWbcms3bWj9JPqKzMGh4a4hTP6zYKUkkwaB
PSsp1lfY6DB/CXozD3D98tp7Mr5CIAeT/op9yx+XFU6SspNMQVbZNAtAFtjP6tJB
G9pqRiajhQRf3z046NjGO4K/5/TBOfAIZGH1MlUZe9z1/d9x/lfC7wy/72+E9LfD
0n9hfrofmgzF07v0B2bS0CpZ9CHoW9+Qxj2npcZfa3YUgEaIGPVYCVJw4vYoRO5P
VqGztKJisw0A6bCpwTeKpmS3kNVlZip/yONs8oy1iYujSBYGuH6RJvyhqrA=
-----END CERTIFICATE-----