Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b45f103a-0170-4a83-a7bd-d45bc17fd673.roa
File:                     b45f103a-0170-4a83-a7bd-d45bc17fd673.roa (raw, json)
Hash identifier:          H9t+uIIzBGUgs5KzVC1dW8DHO7HGXLriPoWJWgqlt7s=
Subject key identifier:   4B:F0:30:2D:C0:6C:E4:E4:FB:72:1C:D0:B5:02:2A:D6:AC:91:34:E2
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       1851CD5CC25593023788F00B07404E138292BC95
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b45f103a-0170-4a83-a7bd-d45bc17fd673.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.219.184.0/21 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:51:cd:5c:c2:55:93:02:37:88:f0:0b:07:40:4e:13:82:92:bc:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6a:f3:c7:32:32:f0:e7:cd:21:89:95:05:c9:
                    0d:56:3c:8b:0f:06:2f:19:b1:6f:f5:59:e6:75:f3:
                    0d:9f:05:9c:e2:be:99:77:92:44:7c:3f:b9:57:1c:
                    00:bd:cd:6b:cc:3b:44:92:eb:47:82:7f:b4:1e:66:
                    39:95:84:7a:a1:a6:e6:70:b5:40:cc:21:8b:e4:33:
                    90:41:03:22:43:0f:af:41:92:a9:30:41:1b:50:2d:
                    32:ab:1c:d9:cc:98:fa:ea:38:2c:a1:5f:df:2c:0f:
                    48:d8:af:52:69:4e:ae:e8:5b:a0:67:52:a6:75:34:
                    ac:0f:58:34:0e:6b:f3:20:c4:87:4e:31:36:02:fb:
                    c2:8c:95:3f:56:77:ab:51:bd:2f:f9:c4:74:02:e3:
                    90:ed:1c:88:fd:26:1b:02:8f:ae:ec:1e:94:dd:2c:
                    02:50:0f:4b:b2:0d:c6:10:30:ad:07:72:c0:d6:6c:
                    f1:8d:e2:15:38:e1:eb:c6:b0:83:a0:3d:5a:f0:8f:
                    4f:59:01:c8:af:ff:2b:1d:ff:e5:b6:d1:4a:34:54:
                    e7:04:13:3d:3a:72:5d:09:cd:e9:2c:55:3b:0d:37:
                    01:98:e0:3f:8a:66:de:80:a4:90:cd:33:79:a2:49:
                    86:78:10:40:45:d5:64:69:50:42:97:e4:7c:55:0e:
                    b0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:F0:30:2D:C0:6C:E4:E4:FB:72:1C:D0:B5:02:2A:D6:AC:91:34:E2
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b45f103a-0170-4a83-a7bd-d45bc17fd673.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.219.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0c:59:bc:71:b0:de:dd:ad:0b:8b:9d:e9:cb:57:2a:5b:f1:85:
         97:6c:4a:9e:0f:c1:30:83:f6:b0:94:77:f3:6f:ae:ff:91:d3:
         2e:89:85:9d:85:7e:0d:d2:df:2f:39:b6:15:fb:72:43:fa:a9:
         12:b3:66:a9:79:66:cf:e1:8f:8a:63:5a:ae:bb:a8:28:80:69:
         32:7d:44:af:20:55:44:4f:64:cd:62:84:b8:07:7a:d5:10:ef:
         8f:a9:d2:b4:11:d7:6b:aa:ce:85:a6:f5:09:5a:43:16:38:2e:
         fe:9a:a7:23:74:7a:e2:e0:d5:8e:04:f1:ae:4f:9c:35:50:23:
         d1:51:37:e3:10:8b:77:c5:79:cc:60:3a:20:35:ca:54:ca:17:
         5c:08:43:13:31:e2:23:d4:b1:fd:2f:3f:b4:c5:79:e0:8a:aa:
         08:a4:1f:12:c3:ee:63:7a:b8:bb:ab:46:ae:1a:31:aa:97:a3:
         c0:62:14:92:fa:70:4c:c3:51:56:62:99:70:00:12:6b:1a:d1:
         78:ab:fe:71:00:ac:c8:3b:49:7c:5d:8e:63:13:91:ef:60:30:
         38:97:b5:d8:10:2d:0e:e0:c3:3b:6c:6f:b0:11:a8:7a:fe:a4:
         3d:7d:7b:e7:91:58:25:ce:b6:eb:d3:ae:17:99:b6:ed:0a:fd:
         ed:41:01:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGFHNXMJVkwI3iPALB0BOE4KSvJUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZTdhOTIyMDhjNmEzODk2MzkwNGY4MjJlYzMwNjQzMzg5
YTQyMTJhNGM4ODg3NjJjMThiNGNmMTE2ZTFlYzU5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChavPHMjLw580hiZUFyQ1WPIsPBi8ZsW/1WeZ18w2fBZzi
vpl3kkR8P7lXHAC9zWvMO0SS60eCf7QeZjmVhHqhpuZwtUDMIYvkM5BBAyJDD69B
kqkwQRtQLTKrHNnMmPrqOCyhX98sD0jYr1JpTq7oW6BnUqZ1NKwPWDQOa/MgxIdO
MTYC+8KMlT9Wd6tRvS/5xHQC45DtHIj9JhsCj67sHpTdLAJQD0uyDcYQMK0HcsDW
bPGN4hU44evGsIOgPVrwj09ZAciv/ysd/+W20Uo0VOcEEz06cl0JzeksVTsNNwGY
4D+KZt6ApJDNM3miSYZ4EEBF1WRpUEKX5HxVDrCvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUS/AwLcBs5OT7chzQtQIq1qyRNOIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I0NWYxMDNhLTAxNzAtNGE4My1hN2JkLWQ0NWJjMTdmZDY3My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAM027gwDQYJKoZIhvcNAQELBQADggEBAAxZvHGw3t2tC4ud6ctXKlvxhZds
Sp4PwTCD9rCUd/Nvrv+R0y6JhZ2Ffg3S3y85thX7ckP6qRKzZql5Zs/hj4pjWq67
qCiAaTJ9RK8gVURPZM1ihLgHetUQ74+p0rQR12uqzoWm9QlaQxY4Lv6apyN0euLg
1Y4E8a5PnDVQI9FRN+MQi3fFecxgOiA1ylTKF1wIQxMx4iPUsf0vP7TFeeCKqgik
HxLD7mN6uLurRq4aMaqXo8BiFJL6cEzDUVZimXAAEmsa0Xir/nEArMg7SXxdjmMT
ke9gMDiXtdgQLQ7gwztsb7ARqHr+pD19e+eRWCXOtuvTrheZtu0K/e1BAb4=
-----END CERTIFICATE-----