Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c64b3ef7-d871-4161-83e9-8eabe31a74d5.roa
File:                     c64b3ef7-d871-4161-83e9-8eabe31a74d5.roa (raw, json)
Hash identifier:          YdPisxtgvFa1LiAxD9MiXYwXwDIOCxhiJUn+D7axyr8=
Subject key identifier:   74:81:50:88:72:25:04:5B:A9:1D:C5:BA:46:91:1B:9D:70:98:40:09
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       7287A68CB7DFA184F42F17F25F9D5A5EC412009C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c64b3ef7-d871-4161-83e9-8eabe31a74d5.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.222.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:87:a6:8c:b7:df:a1:84:f4:2f:17:f2:5f:9d:5a:5e:c4:12:00:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b1:0b:14:33:9b:0c:a6:b3:3a:0b:40:8d:2e:
                    2b:f7:93:8a:a2:7f:1a:64:21:f2:d3:46:48:54:57:
                    55:28:99:47:e7:7b:eb:66:12:3e:e9:76:6f:ef:21:
                    b0:c9:2f:62:47:be:6a:91:4c:28:dd:18:bf:eb:fe:
                    00:24:49:e6:eb:db:1f:da:db:a0:73:30:ec:dc:4b:
                    ad:17:6b:54:0a:a2:09:96:7b:39:93:7f:c0:c3:38:
                    a7:de:5d:e0:13:14:3c:33:76:71:d8:bf:de:aa:2e:
                    ff:dc:14:24:06:4c:9a:2d:12:cc:ca:a2:13:f2:19:
                    5f:ec:78:10:7d:10:8e:b0:3d:fc:17:37:9e:72:c4:
                    22:75:2b:3a:72:76:2f:01:68:d8:8f:c8:00:8f:e2:
                    a7:6e:36:c6:5b:73:88:82:19:b9:57:cd:26:12:da:
                    b0:70:fa:27:a6:10:11:b3:8b:0b:a8:c0:de:63:1c:
                    cc:a2:ef:86:0a:b9:80:9b:ea:27:ec:82:b5:a7:1c:
                    67:59:cc:3e:db:4f:da:ab:2f:93:1a:e9:b1:3b:df:
                    db:23:81:41:5a:36:9f:b6:23:cb:14:d6:d4:9f:ce:
                    69:28:1f:10:0d:98:51:37:ab:eb:4b:fb:7d:ef:d8:
                    de:8e:84:34:cf:fa:a4:4c:ae:5f:0a:cf:c9:c9:43:
                    3d:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:81:50:88:72:25:04:5B:A9:1D:C5:BA:46:91:1B:9D:70:98:40:09
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/c64b3ef7-d871-4161-83e9-8eabe31a74d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.222.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         91:64:7a:94:6b:d0:b8:5a:45:2c:fd:5c:f7:d2:22:51:72:e0:
         c7:f4:0e:c3:65:da:cf:53:2c:25:59:ad:2e:c7:e2:c5:ec:69:
         16:67:cd:ae:1f:9b:8b:81:ea:09:0b:66:98:f2:52:2f:ea:a6:
         74:da:1a:e7:ee:7e:6b:79:66:69:cd:db:86:29:9b:f6:82:70:
         bd:e1:44:36:1e:c6:52:af:be:ad:5c:6d:c9:98:c9:ec:fd:bf:
         2a:41:3f:a1:8d:79:62:00:6c:14:53:a4:cb:77:c3:5c:4e:60:
         27:ce:ff:48:53:ca:77:6c:42:02:48:a4:5b:5c:69:f8:1b:49:
         c7:7e:d5:f6:4e:e1:cc:aa:65:58:18:b1:80:c1:a4:12:cb:6c:
         52:e4:4d:11:f8:07:75:88:2e:98:eb:46:0f:6c:20:60:09:b0:
         8e:5a:9d:53:54:64:32:3f:d6:30:20:fa:03:9e:1d:c3:98:cc:
         c7:54:0b:88:6c:99:07:bd:08:09:0d:5a:26:e9:64:d6:81:10:
         f0:75:3b:c9:31:a0:76:3a:ef:86:f5:c3:e2:ff:fb:f4:ce:cf:
         db:8d:02:8f:fc:13:2a:bc:b6:fb:f3:65:a9:80:81:04:d4:ca:
         8b:0a:eb:78:c9:90:63:54:b3:79:e4:04:c7:90:13:bc:03:35:
         fd:02:b3:08
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUcoemjLffoYT0LxfyX51aXsQSAJwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxOTE0MjdhODkyY2JhZjQxODhiMTJmMGYxODkyYmJmZDY4
YjkyNjU1NDIwNWI1NzM0YzgzYTI5MzBjMGYyNGU2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDQsQsUM5sMprM6C0CNLiv3k4qifxpkIfLTRkhUV1UomUfn
e+tmEj7pdm/vIbDJL2JHvmqRTCjdGL/r/gAkSebr2x/a26BzMOzcS60Xa1QKogmW
ezmTf8DDOKfeXeATFDwzdnHYv96qLv/cFCQGTJotEszKohPyGV/seBB9EI6wPfwX
N55yxCJ1Kzpydi8BaNiPyACP4qduNsZbc4iCGblXzSYS2rBw+iemEBGziwuowN5j
HMyi74YKuYCb6ifsgrWnHGdZzD7bT9qrL5Ma6bE739sjgUFaNp+2I8sU1tSfzmko
HxANmFE3q+tL+33v2N6OhDTP+qRMrl8Kz8nJQz3FAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUdIFQiHIlBFupHcW6RpEbnXCYQAkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2M2NGIzZWY3LWQ4NzEtNDE2MS04M2U5LThlYWJlMzFhNzRkNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA03jANBgkqhkiG9w0BAQsFAAOCAQEAkWR6lGvQuFpFLP1c99IiUXLgx/QO
w2Xaz1MsJVmtLsfixexpFmfNrh+bi4HqCQtmmPJSL+qmdNoa5+5+a3lmac3bhimb
9oJwveFENh7GUq++rVxtyZjJ7P2/KkE/oY15YgBsFFOky3fDXE5gJ87/SFPKd2xC
AkikW1xp+BtJx37V9k7hzKplWBixgMGkEstsUuRNEfgHdYgumOtGD2wgYAmwjlqd
U1RkMj/WMCD6A54dw5jMx1QLiGyZB70ICQ1aJulk1oEQ8HU7yTGgdjrvhvXD4v/7
9M7P240Cj/wTKry2+/NlqYCBBNTKiwrreMmQY1SzeeQEx5ATvAM1/QKzCA==
-----END CERTIFICATE-----