Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f5d26760-083e-4879-904f-87104de736d1.roa
File:                     f5d26760-083e-4879-904f-87104de736d1.roa (raw, json)
Hash identifier:          USPdPaafKTxP3hn11JhXrXWaU4mZNbiSbJTnRr+ZwSg=
Subject key identifier:   29:21:29:17:C7:02:EA:4A:76:C4:0F:50:E9:CF:D7:DB:F8:1A:88:BE
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2191760BC32A513855C2826C00107547FF8B5CD6
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f5d26760-083e-4879-904f-87104de736d1.roa
Signing time:             Fri 20 Dec 2024 00:00:00 +0000
ROA not before:           Fri 20 Dec 2024 00:00:00 +0000
ROA not after:            Fri 24 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.156.0/22 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:91:76:0b:c3:2a:51:38:55:c2:82:6c:00:10:75:47:ff:8b:5c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 20 00:00:00 2024 GMT
            Not After : Jan 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:48:d5:98:ef:ec:a1:32:8a:04:44:48:8e:de:
                    89:dd:56:bd:2e:72:90:e1:f0:cf:f6:7d:12:f8:4f:
                    5b:13:5a:a0:7a:36:ca:16:0f:c7:ae:c6:67:34:42:
                    f9:5a:05:bd:d1:b8:f6:83:16:20:0a:c6:b0:53:19:
                    dc:43:12:66:b0:df:19:f1:9b:dc:2a:72:6f:85:64:
                    f9:37:fb:9b:6c:36:9d:4c:27:13:5e:cb:fd:10:63:
                    0b:61:21:b9:c3:b2:ff:ee:4c:7e:49:b1:c9:a7:e7:
                    11:4c:50:6f:48:80:76:67:61:87:38:58:c7:38:f3:
                    fb:f9:8c:9b:2f:10:03:86:71:71:cc:c4:55:53:36:
                    5d:2a:1b:55:eb:e3:db:87:af:4b:7b:21:3a:6e:7a:
                    ed:bf:23:f0:a9:a0:05:e8:10:00:10:7e:06:ec:8e:
                    95:e2:eb:87:b2:16:c1:0e:b7:8f:a2:0d:ec:32:f6:
                    ef:3b:0d:e5:50:f1:1c:46:56:ad:eb:83:30:93:11:
                    ca:17:7e:e8:2a:f0:1a:5c:65:71:fc:bc:59:d9:c1:
                    fc:c9:1d:27:38:e2:ab:40:fe:72:64:1e:60:21:4a:
                    04:4d:24:82:f2:f3:17:74:cc:52:d5:8f:99:78:68:
                    e0:86:19:e0:51:31:a3:0a:12:df:c3:6e:f8:1e:bb:
                    b5:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:21:29:17:C7:02:EA:4A:76:C4:0F:50:E9:CF:D7:DB:F8:1A:88:BE
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/f5d26760-083e-4879-904f-87104de736d1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:df:e9:57:ed:77:a0:1c:51:13:41:ef:b9:a5:25:fb:89:03:
         0f:ab:41:d6:c0:7e:4d:1e:c0:a8:6c:4e:ba:92:dd:03:92:c2:
         09:28:7e:da:d0:4f:34:59:53:b8:cb:67:37:a9:49:30:62:eb:
         08:0d:3a:eb:67:18:58:10:59:5b:41:25:fa:e2:1b:1f:3e:8f:
         a9:47:96:9d:16:eb:2f:43:f8:f0:06:9a:4a:eb:cd:eb:5b:cc:
         f7:1c:a1:1b:39:96:94:cf:d7:8c:d4:33:e5:49:7c:55:f5:ce:
         1a:bb:c5:d9:a3:5a:3b:dd:4c:49:36:34:c9:b1:c5:8d:32:01:
         19:cf:4a:e3:d7:38:35:30:5e:91:6a:d6:87:49:41:5a:5f:0e:
         e7:8e:f4:a5:83:aa:ad:9b:62:6a:b6:3f:88:0d:f3:29:3f:f2:
         e7:cd:c5:73:04:79:1d:70:77:6c:34:f1:c5:83:de:39:24:6f:
         8a:74:39:f4:23:84:77:16:c3:ac:66:88:99:06:3a:85:08:c3:
         cb:42:aa:ae:41:1b:0d:4d:43:03:52:4a:ed:30:c9:df:7c:fe:
         1c:20:30:13:1f:29:34:2f:e4:c8:b1:93:69:84:31:c4:15:1d:
         55:2e:f4:6e:20:21:be:af:e3:46:2a:b5:4e:94:df:88:30:e6:
         c8:c9:bc:f9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIZF2C8MqUThVwoJsABB1R/+LXNYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjIwMDAwMDAwWhcNMjUwMTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A4NjUxNjMxOGIzOTE5NzNiNDIyYjk4NWU0OWQxMWYyM2Fm
OWEzZGE3YjM2ZjAxOGJlOWY1MWRiZThmMmYwMzA2MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSSNWY7+yhMooEREiO3ondVr0ucpDh8M/2fRL4T1sTWqB6
NsoWD8euxmc0QvlaBb3RuPaDFiAKxrBTGdxDEmaw3xnxm9wqcm+FZPk3+5tsNp1M
JxNey/0QYwthIbnDsv/uTH5Jscmn5xFMUG9IgHZnYYc4WMc48/v5jJsvEAOGcXHM
xFVTNl0qG1Xr49uHr0t7ITpueu2/I/CpoAXoEAAQfgbsjpXi64eyFsEOt4+iDewy
9u87DeVQ8RxGVq3rgzCTEcoXfugq8BpcZXH8vFnZwfzJHSc44qtA/nJkHmAhSgRN
JILy8xd0zFLVj5l4aOCGGeBRMaMKEt/Dbvgeu7WzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKSEpF8cC6kp2xA9Q6c/X2/gaiL4wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2Y1ZDI2NzYwLTA4M2UtNDg3OS05MDRmLTg3MTA0ZGU3MzZkMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAI0XZwwDQYJKoZIhvcNAQELBQADggEBAILf6Vftd6AcURNB77mlJfuJAw+r
QdbAfk0ewKhsTrqS3QOSwgkoftrQTzRZU7jLZzepSTBi6wgNOutnGFgQWVtBJfri
Gx8+j6lHlp0W6y9D+PAGmkrrzetbzPccoRs5lpTP14zUM+VJfFX1zhq7xdmjWjvd
TEk2NMmxxY0yARnPSuPXODUwXpFq1odJQVpfDueO9KWDqq2bYmq2P4gN8yk/8ufN
xXMEeR1wd2w08cWD3jkkb4p0OfQjhHcWw6xmiJkGOoUIw8tCqq5BGw1NQwNSSu0w
yd98/hwgMBMfKTQv5Mixk2mEMcQVHVUu9G4gIb6v40YqtU6U34gw5sjJvPk=
-----END CERTIFICATE-----