Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dbfe95fa-70d4-4ef4-8cbf-5cd8c85384b1.roa
File:                     dbfe95fa-70d4-4ef4-8cbf-5cd8c85384b1.roa (raw, json)
Hash identifier:          Rj+uHow8WjrVL9rWTj+NFaUo3bR+DOSFHSB3kGcNAi4=
Subject key identifier:   A4:5E:35:AE:73:C6:79:4E:B9:26:24:EB:17:47:2E:E2:90:FC:02:27
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       100687DCEC1D203DCBE345A2829FB5E3BA57A5A0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dbfe95fa-70d4-4ef4-8cbf-5cd8c85384b1.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.219.211.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:06:87:dc:ec:1d:20:3d:cb:e3:45:a2:82:9f:b5:e3:ba:57:a5:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:66:ec:9f:d0:53:71:62:2b:8c:3e:8e:4d:ab:
                    44:d3:7e:c6:93:7f:8a:80:61:95:e6:2a:48:19:21:
                    ca:7d:51:0b:d3:45:f9:1f:27:3b:56:b6:62:6f:4b:
                    94:b1:7b:6d:a2:0d:ab:9f:d9:97:e3:42:fa:54:ef:
                    93:cc:7a:7d:f1:b2:a4:f4:79:f4:b0:1d:05:c1:85:
                    fc:92:3c:88:99:ed:07:0a:96:98:7a:b7:6d:05:d9:
                    09:c7:72:57:53:4e:4a:ac:6b:34:d0:b3:56:b8:20:
                    5f:e3:71:96:d3:df:38:f1:84:b7:64:73:d5:2d:38:
                    29:a3:5c:10:03:48:21:52:48:eb:fd:84:6e:58:4d:
                    b4:77:e2:26:f1:fd:cc:73:90:35:58:5d:59:81:ad:
                    46:a8:c5:bd:d4:b6:f5:53:8f:fd:b3:0b:65:79:9b:
                    62:87:01:ce:17:5e:49:a8:b5:3d:e5:51:ba:1d:dd:
                    e8:c4:d7:c7:62:51:d1:82:d0:1c:ac:76:5b:99:12:
                    da:60:1b:c9:51:42:fd:84:cd:a2:5f:89:99:ec:ae:
                    86:33:37:d1:79:93:5c:f4:ac:27:73:06:f3:4f:d2:
                    e6:c6:ac:2f:a3:d5:dc:12:aa:b9:c8:8f:cc:49:b4:
                    70:11:fb:91:17:c2:b7:3e:21:12:a5:dd:3c:e2:59:
                    0a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:5E:35:AE:73:C6:79:4E:B9:26:24:EB:17:47:2E:E2:90:FC:02:27
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/dbfe95fa-70d4-4ef4-8cbf-5cd8c85384b1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.219.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:33:b9:b0:32:79:20:5b:db:41:40:0f:b2:a0:e1:84:56:84:
         71:93:87:b9:21:0b:a7:ff:13:11:6b:45:29:7e:10:d1:79:31:
         d2:39:4c:c1:cf:a0:4e:bb:b0:0b:f3:aa:47:f3:51:1c:46:00:
         92:9e:a1:43:59:2a:19:0a:51:c0:ef:8c:31:6f:56:9d:0c:f3:
         95:01:a8:a3:82:67:3b:17:b8:0a:d2:0f:de:77:91:9e:82:ac:
         8b:51:23:74:e4:01:f2:e6:87:42:52:f4:14:e7:4a:55:98:ed:
         51:ec:5a:e7:c5:9b:e9:4a:e8:48:dd:bd:d8:19:87:2c:43:e6:
         bb:3d:65:a9:59:0a:f3:98:2b:15:7e:aa:0b:d4:1c:28:9a:2e:
         61:83:94:68:1e:a4:9b:ff:52:ee:ce:d9:22:4f:b1:68:5e:eb:
         39:49:c4:03:23:de:54:44:c8:5f:db:5d:5b:f6:8c:60:3b:50:
         49:4f:e6:06:0d:27:e8:e1:2f:d6:62:27:de:67:0e:7e:17:01:
         97:23:7e:49:d1:a5:0e:ef:d1:01:f4:61:ab:4e:98:39:85:5c:
         77:98:cb:58:8c:70:37:ef:5f:95:1e:2a:75:91:57:2b:7d:f0:
         23:89:71:fb:69:2f:fc:06:11:22:15:01:ed:1f:87:8d:ee:dd:
         a8:b6:61:ec
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEAaH3OwdID3L40Wigp+147pXpaAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzM4YWI4Y2NmN2QwOWY1NTQxNmQyZjlmNjY4YTgyNDUx
ZWNlNmNkZmU0ZDFhYmJhZGIwMzFkMTRhODNkZjViMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3Zuyf0FNxYiuMPo5Nq0TTfsaTf4qAYZXmKkgZIcp9UQvT
RfkfJztWtmJvS5Sxe22iDauf2ZfjQvpU75PMen3xsqT0efSwHQXBhfySPIiZ7QcK
lph6t20F2QnHcldTTkqsazTQs1a4IF/jcZbT3zjxhLdkc9UtOCmjXBADSCFSSOv9
hG5YTbR34ibx/cxzkDVYXVmBrUaoxb3UtvVTj/2zC2V5m2KHAc4XXkmotT3lUbod
3ejE18diUdGC0BysdluZEtpgG8lRQv2EzaJfiZnsroYzN9F5k1z0rCdzBvNP0ubG
rC+j1dwSqrnIj8xJtHAR+5EXwrc+IRKl3TziWQqDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUpF41rnPGeU65JiTrF0cu4pD8AicwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2RiZmU5NWZhLTcwZDQtNGVmNC04Y2JmLTVjZDhjODUzODRiMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA029MwDQYJKoZIhvcNAQELBQADggEBAGEzubAyeSBb20FAD7Kg4YRWhHGT
h7khC6f/ExFrRSl+ENF5MdI5TMHPoE67sAvzqkfzURxGAJKeoUNZKhkKUcDvjDFv
Vp0M85UBqKOCZzsXuArSD953kZ6CrItRI3TkAfLmh0JS9BTnSlWY7VHsWufFm+lK
6EjdvdgZhyxD5rs9ZalZCvOYKxV+qgvUHCiaLmGDlGgepJv/Uu7O2SJPsWhe6zlJ
xAMj3lREyF/bXVv2jGA7UElP5gYNJ+jhL9ZiJ95nDn4XAZcjfknRpQ7v0QH0YatO
mDmFXHeYy1iMcDfvX5UeKnWRVyt98COJcftpL/wGESIVAe0fh43u3ai2Yew=
-----END CERTIFICATE-----