Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb258d00-a862-481d-8718-8a1465583f90.roa
File:                     bb258d00-a862-481d-8718-8a1465583f90.roa (raw, json)
Hash identifier:          nUgoBxMNk0UODYbtCEp0/sQ6YiEjjqIGx/EB6hopEmY=
Subject key identifier:   A8:4A:1A:C8:F4:4A:49:E0:98:F6:51:D7:B1:6D:D3:06:3D:6A:DA:82
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       588B47F0EBAB38FCE133E9747538D466FEAB07BD
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb258d00-a862-481d-8718-8a1465583f90.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.255.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:8b:47:f0:eb:ab:38:fc:e1:33:e9:74:75:38:d4:66:fe:ab:07:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:a1:2b:b8:4c:5b:3e:e6:4e:07:71:20:24:42:
                    a8:e4:06:aa:66:1b:d3:49:e3:74:6d:11:be:35:66:
                    98:da:29:dd:5f:9c:2d:22:7c:99:17:84:69:df:d3:
                    6b:00:cd:9c:c0:25:a1:12:bd:ea:9f:18:32:20:1a:
                    df:1b:58:e7:fb:8f:00:5e:d6:4b:0b:1d:69:2a:bd:
                    dc:ba:03:ac:49:bf:60:81:75:d7:6e:69:35:80:f9:
                    04:93:6f:69:ea:17:67:79:cc:61:a9:45:66:db:94:
                    3d:8f:64:56:6d:fa:7e:27:65:3c:71:7b:09:3e:8a:
                    07:35:ed:c3:dd:83:90:00:2d:05:58:2d:a0:96:94:
                    f7:8b:b1:2d:cf:e6:10:21:d6:5b:bd:b3:07:62:01:
                    76:27:35:48:5b:64:0b:2d:99:00:0a:9c:6b:8b:0a:
                    fd:9d:d9:1e:28:d8:28:6a:29:21:73:3f:d8:40:a4:
                    a9:9c:8a:ec:98:99:87:e1:88:7b:c6:2d:4b:e9:86:
                    64:72:33:a1:78:5a:ae:2a:9d:f2:2b:32:76:a5:3c:
                    b5:64:b5:8a:5c:cd:9b:4e:a5:a2:19:47:56:45:fb:
                    b9:2f:3e:a7:3a:36:d4:21:fa:c4:2c:90:02:20:ed:
                    8e:bf:d6:3b:31:d9:48:0a:be:b5:7b:31:b8:9c:25:
                    d0:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:4A:1A:C8:F4:4A:49:E0:98:F6:51:D7:B1:6D:D3:06:3D:6A:DA:82
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/bb258d00-a862-481d-8718-8a1465583f90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d5:23:62:8b:42:fc:c8:78:b5:58:e3:f8:33:4d:66:8c:44:
         de:3d:6d:81:f6:25:64:f5:64:ed:6c:9f:df:bf:6c:b3:67:51:
         f4:65:f4:a6:16:da:3d:18:5f:f1:b3:6b:29:0b:92:77:b6:10:
         f0:9f:f2:26:b0:c7:2a:dd:97:97:89:fc:42:61:3d:52:47:51:
         47:84:4d:20:b0:aa:cf:c7:36:1b:61:20:70:b9:55:b4:54:c3:
         f1:99:c3:0c:ab:32:53:b9:5b:1b:18:e5:28:89:78:53:bc:23:
         65:d7:17:65:2d:f0:d7:f2:81:09:78:64:21:2a:b1:cb:46:4d:
         47:4f:ca:de:3b:f4:0a:14:fa:f8:6f:82:19:40:76:51:9a:ca:
         0d:33:13:37:1c:8c:83:53:39:dd:9d:06:76:43:68:e5:3f:46:
         50:d7:7f:76:d2:20:a0:ec:cb:bb:70:47:a8:38:55:e0:10:fa:
         1c:79:22:39:67:a9:8d:d0:e5:a0:ba:7f:f9:cf:69:ca:25:75:
         b4:4e:dc:00:72:f9:42:a4:0a:ee:35:f8:6d:f1:60:a9:18:53:
         f4:8d:4d:88:b7:35:d2:e8:14:ac:e0:59:8d:b4:d0:4c:d0:5d:
         8a:91:56:1d:0b:05:e4:11:3f:7f:f7:32:8f:31:90:80:e4:65:
         25:12:91:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWItH8OurOPzhM+l0dTjUZv6rB70wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDYyMmFkZjVkNzc3NmRkNjY3YWFhYjc5ZWU3MmI3ZDMx
ZDJjODBkN2I5NjkwYjU5ZDY1ZGYzM2NkYzhkYTY4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDWoSu4TFs+5k4HcSAkQqjkBqpmG9NJ43RtEb41ZpjaKd1f
nC0ifJkXhGnf02sAzZzAJaESveqfGDIgGt8bWOf7jwBe1ksLHWkqvdy6A6xJv2CB
ddduaTWA+QSTb2nqF2d5zGGpRWbblD2PZFZt+n4nZTxxewk+igc17cPdg5AALQVY
LaCWlPeLsS3P5hAh1lu9swdiAXYnNUhbZAstmQAKnGuLCv2d2R4o2ChqKSFzP9hA
pKmciuyYmYfhiHvGLUvphmRyM6F4Wq4qnfIrMnalPLVktYpczZtOpaIZR1ZF+7kv
Pqc6NtQh+sQskAIg7Y6/1jsx2UgKvrV7MbicJdArAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqEoayPRKSeCY9lHXsW3TBj1q2oIwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2JiMjU4ZDAwLWE4NjItNDgxZC04NzE4LThhMTQ2NTU4M2Y5MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0Xf8wDQYJKoZIhvcNAQELBQADggEBAJnVI2KLQvzIeLVY4/gzTWaMRN49
bYH2JWT1ZO1sn9+/bLNnUfRl9KYW2j0YX/GzaykLkne2EPCf8iawxyrdl5eJ/EJh
PVJHUUeETSCwqs/HNhthIHC5VbRUw/GZwwyrMlO5WxsY5SiJeFO8I2XXF2Ut8Nfy
gQl4ZCEqsctGTUdPyt479AoU+vhvghlAdlGayg0zEzccjINTOd2dBnZDaOU/RlDX
f3bSIKDsy7twR6g4VeAQ+hx5IjlnqY3Q5aC6f/nPacoldbRO3ABy+UKkCu41+G3x
YKkYU/SNTYi3NdLoFKzgWY200EzQXYqRVh0LBeQRP3/3Mo8xkIDkZSUSkd8=
-----END CERTIFICATE-----