Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b931da5f-1c2a-4756-954c-15a85cffdfd6.roa
File:                     b931da5f-1c2a-4756-954c-15a85cffdfd6.roa (raw, json)
Hash identifier:          ZMhAbfH54KgYMtH5EephBTGTklm/jvtauChVwIvx9xU=
Subject key identifier:   A5:41:81:E2:4C:D7:BB:4C:CB:7A:7B:5D:5B:6F:8E:17:73:98:FF:76
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0352C4A2673E81BF47F211FB575A6447A26139DB
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b931da5f-1c2a-4756-954c-15a85cffdfd6.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.219.64.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:52:c4:a2:67:3e:81:bf:47:f2:11:fb:57:5a:64:47:a2:61:39:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:66:51:63:75:10:49:2d:a6:dc:2d:49:0e:c8:
                    b5:1c:29:d9:09:25:fb:85:9e:04:98:dd:1a:59:d3:
                    fc:b2:38:ae:d3:30:92:cc:00:65:0b:a3:8f:11:f3:
                    e0:1b:bb:3a:eb:5a:72:ad:69:8c:9c:82:dd:6f:e6:
                    f4:5d:ce:5c:cd:32:a4:6c:0f:72:ff:9e:4c:e2:9c:
                    0c:83:25:21:ce:b0:71:9a:99:52:34:b7:6b:48:3e:
                    5d:06:e0:9b:d9:bd:ab:de:25:77:55:b3:4f:5b:ee:
                    48:0b:04:43:bc:46:79:6e:c5:f0:23:72:97:a3:dd:
                    65:4f:64:27:a9:79:74:20:04:75:3e:ee:ae:2a:ba:
                    2c:6f:d6:76:52:2c:cd:53:2a:45:0a:35:e4:ac:41:
                    a8:99:fa:ba:33:e6:c7:75:63:53:03:93:6d:f9:9c:
                    10:26:5e:19:d2:c4:dd:dd:85:9d:06:5a:b6:e8:e2:
                    b6:64:37:ff:24:d6:16:66:e9:f6:35:bc:83:01:37:
                    d4:ef:ec:7b:cf:d3:f1:9d:71:8f:7d:c4:7e:9d:fc:
                    cc:bb:c0:bd:57:18:d7:76:a3:37:d9:30:85:ba:a1:
                    c2:f9:ea:ef:46:25:66:9e:4e:a2:9a:81:23:e0:23:
                    cf:a8:50:ca:31:4e:c6:85:b5:33:40:55:b9:b0:e0:
                    4d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:41:81:E2:4C:D7:BB:4C:CB:7A:7B:5D:5B:6F:8E:17:73:98:FF:76
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/b931da5f-1c2a-4756-954c-15a85cffdfd6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.219.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5f:14:b9:c3:ed:57:7e:b4:dc:94:89:fd:fd:0a:8d:cc:d2:1a:
         34:cc:11:da:91:09:9f:ff:4e:6f:a1:99:0a:31:d3:e1:86:00:
         c5:a6:bb:e4:9b:bd:55:77:8d:cd:b1:27:40:30:60:d9:24:9e:
         6e:94:d9:4b:a3:6e:68:a3:f0:82:fb:49:56:1a:fc:2b:ee:a5:
         c0:c7:27:8a:ba:9e:2c:7e:e4:d9:ae:17:66:96:c4:29:63:3a:
         88:46:d3:7f:ff:48:07:2f:d1:20:0f:79:ee:08:02:30:67:58:
         21:06:78:18:ed:b9:c3:44:8c:56:aa:78:00:f3:43:3c:f8:2c:
         99:7d:a9:d6:1f:ad:a1:9e:d2:0f:92:a0:a8:ef:fc:27:a2:59:
         6a:e3:85:12:82:a2:18:03:5b:b0:8a:b1:a2:d1:d6:c1:09:45:
         9f:50:f6:46:f3:fd:83:5b:a9:c2:f1:28:60:f9:dc:21:b5:b2:
         7f:26:95:cf:d7:13:d9:db:3a:8a:43:ae:ee:87:d7:09:16:ce:
         75:f2:78:b2:21:d4:e4:12:36:d2:ee:58:e5:2d:86:d9:49:b8:
         28:f7:2c:da:74:dc:f2:d9:90:95:a0:2f:5b:58:b5:f9:da:a8:
         19:49:12:d9:bc:35:34:30:7c:48:cc:ab:3d:20:69:17:b9:62:
         d9:16:8d:88
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUA1LEomc+gb9H8hH7V1pkR6JhOdswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MGQyZjkwNWMxMzAzZWI1MzUxZDBmMDc0NWQyMmMzYmQ4
ZjRmMzdhZGY4MWNlYjQ2M2Y3MDk2MTJiOTBkMjVkMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6ZlFjdRBJLabcLUkOyLUcKdkJJfuFngSY3RpZ0/yyOK7T
MJLMAGULo48R8+AbuzrrWnKtaYycgt1v5vRdzlzNMqRsD3L/nkzinAyDJSHOsHGa
mVI0t2tIPl0G4JvZvaveJXdVs09b7kgLBEO8RnluxfAjcpej3WVPZCepeXQgBHU+
7q4quixv1nZSLM1TKkUKNeSsQaiZ+roz5sd1Y1MDk235nBAmXhnSxN3dhZ0GWrbo
4rZkN/8k1hZm6fY1vIMBN9Tv7HvP0/GdcY99xH6d/My7wL1XGNd2ozfZMIW6ocL5
6u9GJWaeTqKagSPgI8+oUMoxTsaFtTNAVbmw4E2BAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpUGB4kzXu0zLentdW2+OF3OY/3YwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2I5MzFkYTVmLTFjMmEtNDc1Ni05NTRjLTE1YTg1Y2ZmZGZkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI020AwDQYJKoZIhvcNAQELBQADggEBAF8UucPtV3603JSJ/f0KjczSGjTM
EdqRCZ//Tm+hmQox0+GGAMWmu+SbvVV3jc2xJ0AwYNkknm6U2Uujbmij8IL7SVYa
/CvupcDHJ4q6nix+5NmuF2aWxCljOohG03//SAcv0SAPee4IAjBnWCEGeBjtucNE
jFaqeADzQzz4LJl9qdYfraGe0g+SoKjv/CeiWWrjhRKCohgDW7CKsaLR1sEJRZ9Q
9kbz/YNbqcLxKGD53CG1sn8mlc/XE9nbOopDru6H1wkWznXyeLIh1OQSNtLuWOUt
htlJuCj3LNp03PLZkJWgL1tYtfnaqBlJEtm8NTQwfEjMqz0gaRe5YtkWjYg=
-----END CERTIFICATE-----