Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99997502-0b95-43c1-b542-64941f8d54e8.roa
File:                     99997502-0b95-43c1-b542-64941f8d54e8.roa (raw, json)
Hash identifier:          aig/EIDpeVH9nn4VpGIYtioQ/fU9Vl5kwhhbTw85LoQ=
Subject key identifier:   C9:D1:53:BB:DA:B4:55:C0:43:11:5A:5A:C7:26:88:F6:86:35:61:12
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       572F764A42F70161275599F02C9619D6BBE9BC56
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99997502-0b95-43c1-b542-64941f8d54e8.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.95.170.0/23 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:2f:76:4a:42:f7:01:61:27:55:99:f0:2c:96:19:d6:bb:e9:bc:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:c3:dd:1c:49:90:72:df:91:52:dd:f9:3a:fe:
                    8f:fb:21:63:fe:34:7c:7e:69:b3:ab:71:bb:97:eb:
                    09:39:e6:fb:97:5a:cd:88:a3:3b:54:71:27:3a:c5:
                    20:cb:02:17:14:1d:01:25:78:db:05:f0:ac:9c:4e:
                    7a:6d:56:a7:29:9e:5b:c5:e2:b0:e0:31:0a:0f:b5:
                    7a:c7:b2:18:70:9f:fc:25:7e:93:41:ba:ec:14:b1:
                    7a:5f:6d:fb:eb:d3:d0:e6:f6:06:7d:d8:78:df:4f:
                    a9:32:c1:02:d2:69:e5:e7:20:78:49:cd:99:e6:81:
                    67:cc:02:0d:25:55:1d:44:e5:86:ec:6e:74:a7:12:
                    e1:72:04:0f:bc:35:1c:c8:af:a7:50:77:b1:8c:4f:
                    1e:5e:8b:5c:0f:c2:14:fb:0a:43:93:38:fa:84:da:
                    8a:92:ac:02:d8:6a:7e:ae:d5:a0:1a:9d:f7:cf:51:
                    62:62:8e:99:7e:92:3e:34:a6:92:4d:cf:f9:18:cb:
                    a5:1d:08:27:04:4e:41:cb:43:30:a2:12:b1:44:04:
                    78:a9:4f:5e:92:ea:5a:f6:90:ee:ec:36:c7:ca:49:
                    33:fc:92:32:a4:3c:5a:dd:89:c5:86:52:e6:71:6b:
                    55:de:d2:8f:57:d3:db:b4:59:9b:97:bf:1a:91:30:
                    6a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D1:53:BB:DA:B4:55:C0:43:11:5A:5A:C7:26:88:F6:86:35:61:12
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/99997502-0b95-43c1-b542-64941f8d54e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.95.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:09:10:60:28:44:52:e5:39:e9:40:4f:10:e9:1f:fe:35:72:
         2a:8b:95:15:b7:88:1d:0c:79:9b:6e:99:59:2e:ec:ff:6f:55:
         c7:de:1f:41:7a:67:dc:ef:14:38:10:d1:27:77:21:fc:19:41:
         eb:7a:5b:21:b9:2b:0a:23:c0:d1:b6:34:d3:28:95:47:18:9c:
         a1:6d:99:d0:b9:ef:08:e9:1f:d7:cf:15:ec:68:73:5c:fe:4f:
         5a:53:45:01:d1:f5:d5:ee:d9:97:7d:5e:96:75:1a:e3:fc:f8:
         cf:5d:f3:ad:22:85:1d:d3:8d:c4:b2:4c:08:b1:72:63:04:36:
         ed:e6:6c:21:73:dc:e1:e3:eb:8a:b3:01:6d:99:c9:9b:74:33:
         75:c1:57:88:4f:db:08:d0:4b:62:ae:42:d5:d2:2f:d7:37:fc:
         0b:ea:5f:ad:f8:db:fc:f6:f5:cf:29:af:ff:8e:35:08:07:2c:
         42:c1:85:68:76:26:b9:fc:91:2a:75:0f:41:b6:c7:43:26:b3:
         e6:55:1e:45:08:2f:73:44:ac:62:9d:8c:da:f8:77:ed:72:9b:
         ca:90:55:0d:fa:45:ee:8d:a0:4e:e1:f2:a3:75:2b:5f:4d:ff:
         76:48:ec:a9:ef:ac:12:c1:11:ce:dd:27:03:f8:63:a4:e0:88:
         72:eb:3a:9a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVy92SkL3AWEnVZnwLJYZ1rvpvFYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AzZmVkMWJmYjY3ZDQxZmExOTU2ZGE0ODJjOGVmNzkwYzI4
Yzg0ZWFkNDVmZWFhODI5NzlkZmVkMjE5MWJhYWE5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvw90cSZBy35FS3fk6/o/7IWP+NHx+abOrcbuX6wk55vuX
Ws2IoztUcSc6xSDLAhcUHQEleNsF8KycTnptVqcpnlvF4rDgMQoPtXrHshhwn/wl
fpNBuuwUsXpfbfvr09Dm9gZ92HjfT6kywQLSaeXnIHhJzZnmgWfMAg0lVR1E5Ybs
bnSnEuFyBA+8NRzIr6dQd7GMTx5ei1wPwhT7CkOTOPqE2oqSrALYan6u1aAanffP
UWJijpl+kj40ppJNz/kYy6UdCCcETkHLQzCiErFEBHipT16S6lr2kO7sNsfKSTP8
kjKkPFrdicWGUuZxa1Xe0o9X09u0WZuXvxqRMGqfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUydFTu9q0VcBDEVpaxyaI9oY1YRIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk5OTk3NTAyLTBiOTUtNDNjMS1iNTQyLTY0OTQxZjhkNTRlOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAE0X6owDQYJKoZIhvcNAQELBQADggEBAKEJEGAoRFLlOelATxDpH/41ciqL
lRW3iB0MeZtumVku7P9vVcfeH0F6Z9zvFDgQ0Sd3IfwZQet6WyG5KwojwNG2NNMo
lUcYnKFtmdC57wjpH9fPFexoc1z+T1pTRQHR9dXu2Zd9XpZ1GuP8+M9d860ihR3T
jcSyTAixcmMENu3mbCFz3OHj64qzAW2ZyZt0M3XBV4hP2wjQS2KuQtXSL9c3/Avq
X6342/z29c8pr/+ONQgHLELBhWh2Jrn8kSp1D0G2x0Mms+ZVHkUIL3NErGKdjNr4
d+1ym8qQVQ36Re6NoE7h8qN1K19N/3ZI7KnvrBLBEc7dJwP4Y6TgiHLrOpo=
-----END CERTIFICATE-----