Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9573e417-8a8e-4504-baca-49cf9f2bf215.roa
File:                     9573e417-8a8e-4504-baca-49cf9f2bf215.roa (raw, json)
Hash identifier:          L0Ydm4Dc5woDwvWWAi6jHsIkIbenKF7zixhVQ7PydWc=
Subject key identifier:   AA:7C:AF:CC:76:2C:B0:C5:DF:41:6C:47:F4:E1:7D:71:60:36:42:12
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4C10AD92A79A812DD71FE4CEC390028A108E1405
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9573e417-8a8e-4504-baca-49cf9f2bf215.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.240.8.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:10:ad:92:a7:9a:81:2d:d7:1f:e4:ce:c3:90:02:8a:10:8e:14:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f9:c6:96:95:51:97:b3:17:70:c4:ae:ea:ad:
                    d5:ee:10:0b:46:7c:bb:7f:67:11:f6:ab:38:9e:45:
                    34:f8:f0:ff:1f:11:10:c0:c7:9e:5c:60:e8:2c:2f:
                    77:1a:a0:54:2f:c9:d0:34:66:27:fa:72:1f:b6:9b:
                    a1:7d:d5:48:96:56:0e:5a:80:e7:ce:82:fd:21:f3:
                    cb:6e:53:c5:82:c1:28:db:bc:b5:ec:a5:cc:72:d2:
                    ca:43:ba:b7:dc:93:7f:12:f3:e0:36:de:16:2b:aa:
                    6b:1c:cc:2c:f3:6a:fd:61:ac:7e:33:76:95:05:93:
                    7f:8f:05:68:08:12:70:ff:3f:a4:ea:cc:e6:19:1f:
                    c0:52:d1:c3:3e:7e:e0:76:1c:f1:1a:45:ff:5d:f8:
                    9b:ca:1b:eb:e6:b4:90:6e:2b:c7:d1:d0:eb:90:10:
                    20:06:f5:23:ab:d7:e5:89:5e:a7:6d:ad:04:0f:00:
                    ff:79:6d:77:91:c5:d3:af:fc:e2:d2:e2:b0:f6:a1:
                    22:85:fe:e3:0b:42:69:2b:d8:ae:53:10:76:f1:9c:
                    4d:dc:b0:10:5c:b1:7f:24:4c:e5:a7:f4:12:f6:a9:
                    a8:97:d7:59:74:7d:55:e0:41:b0:be:67:23:51:37:
                    e9:70:f2:7c:9d:2b:f7:3c:93:25:d0:15:96:b3:ef:
                    55:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:7C:AF:CC:76:2C:B0:C5:DF:41:6C:47:F4:E1:7D:71:60:36:42:12
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9573e417-8a8e-4504-baca-49cf9f2bf215.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.240.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5d:59:9a:31:4b:2c:3f:27:45:41:fe:5f:30:64:5b:3f:cc:19:
         7a:b6:b3:cc:10:47:c9:7b:39:ae:8b:b8:e4:e9:f6:11:b4:de:
         31:b0:fd:f9:32:80:d9:22:47:f4:72:85:8a:c2:31:d8:ec:a5:
         d8:be:c1:3f:33:2c:6e:f4:d3:6e:8c:b7:56:5d:44:a0:ff:8c:
         2b:8a:07:b8:e5:a1:fd:ef:89:c4:b1:b7:f9:1c:58:ce:8c:95:
         5a:bb:45:46:ef:76:db:dd:ab:43:c2:53:50:92:37:c6:71:ab:
         7f:77:9a:2f:92:0d:18:25:b6:39:18:23:41:d3:62:f2:d3:d0:
         24:55:01:e9:3c:6f:a3:82:3e:43:63:7a:1e:d6:1e:05:47:f3:
         c4:03:0a:48:83:bf:28:af:fd:9e:95:21:2e:7c:4e:4a:c4:c8:
         d7:78:2e:f0:ed:94:11:2d:ec:dd:62:7f:8f:4e:78:af:83:55:
         41:45:40:84:8c:99:2c:5e:f2:16:54:f2:67:3e:03:bd:a7:1b:
         0b:81:ee:81:37:db:f9:1d:69:ba:b3:7c:07:66:8d:b7:0d:62:
         0a:f0:d1:bd:2e:f3:19:2f:13:1a:e1:cd:bb:6d:17:b6:f8:a4:
         4e:c9:22:71:d2:60:df:96:39:88:a3:5d:bc:67:50:be:39:fc:
         38:44:e3:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTBCtkqeagS3XH+TOw5ACihCOFAUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlN2MzMjE0NjQzZTcyNzljZDAzNjkzZmQwY2YyMmY2MDBk
ZjAzMWQ5MTI5YWJiN2RjZTFiNzIwOWM2ZmM5ZDNiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb+caWlVGXsxdwxK7qrdXuEAtGfLt/ZxH2qzieRTT48P8f
ERDAx55cYOgsL3caoFQvydA0Zif6ch+2m6F91UiWVg5agOfOgv0h88tuU8WCwSjb
vLXspcxy0spDurfck38S8+A23hYrqmsczCzzav1hrH4zdpUFk3+PBWgIEnD/P6Tq
zOYZH8BS0cM+fuB2HPEaRf9d+JvKG+vmtJBuK8fR0OuQECAG9SOr1+WJXqdtrQQP
AP95bXeRxdOv/OLS4rD2oSKF/uMLQmkr2K5TEHbxnE3csBBcsX8kTOWn9BL2qaiX
11l0fVXgQbC+ZyNRN+lw8nydK/c8kyXQFZaz71VXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqnyvzHYssMXfQWxH9OF9cWA2QhIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk1NzNlNDE3LThhOGUtNDUwNC1iYWNhLTQ5Y2Y5ZjJiZjIxNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM28AgwDQYJKoZIhvcNAQELBQADggEBAF1ZmjFLLD8nRUH+XzBkWz/MGXq2
s8wQR8l7Oa6LuOTp9hG03jGw/fkygNkiR/RyhYrCMdjspdi+wT8zLG70026Mt1Zd
RKD/jCuKB7jlof3vicSxt/kcWM6MlVq7RUbvdtvdq0PCU1CSN8Zxq393mi+SDRgl
tjkYI0HTYvLT0CRVAek8b6OCPkNjeh7WHgVH88QDCkiDvyiv/Z6VIS58TkrEyNd4
LvDtlBEt7N1if49OeK+DVUFFQISMmSxe8hZU8mc+A72nGwuB7oE32/kdabqzfAdm
jbcNYgrw0b0u8xkvExrhzbttF7b4pE7JInHSYN+WOYijXbxnUL45/DhE474=
-----END CERTIFICATE-----