Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/684c2750-a370-4962-aba5-efd497c4ef17.roa
File:                     684c2750-a370-4962-aba5-efd497c4ef17.roa (raw, json)
Hash identifier:          Mys0nd5OhUEBJhMxcRj/QPK2sVvPbcTJam4WaSn9liw=
Subject key identifier:   BF:76:6D:9D:FF:18:31:90:89:1E:DB:57:06:E7:9E:EE:3B:6D:B9:AA
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       62439DF16BEC344F58E374BA1622A3583A431463
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/684c2750-a370-4962-aba5-efd497c4ef17.roa
Signing time:             Tue 10 Dec 2024 00:00:00 +0000
ROA not before:           Tue 10 Dec 2024 00:00:00 +0000
ROA not after:            Tue 14 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.93.69.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:43:9d:f1:6b:ec:34:4f:58:e3:74:ba:16:22:a3:58:3a:43:14:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Dec 10 00:00:00 2024 GMT
            Not After : Jan 14 23:59:59 2025 GMT
        Subject: serialNumber=d04e34be46b2d2eb54c31a91b0e4aac1c28d53100303d9bbffe40fd39fd6ddb8, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1b:08:56:ed:ee:30:4d:4d:74:75:d0:a2:93:
                    48:4a:98:8d:1f:10:bc:a3:67:a6:6f:fb:38:1f:2e:
                    53:28:70:d4:32:76:31:18:91:52:c9:55:a4:d8:ae:
                    a0:65:76:da:70:d1:99:fd:e0:31:00:63:60:72:53:
                    b2:c1:bd:71:41:63:27:79:a1:fd:f9:eb:c0:f0:01:
                    57:97:63:c7:2f:be:35:97:e2:4c:52:84:fd:77:8e:
                    d2:ba:8a:31:dd:a8:e7:eb:d2:53:e3:16:99:e0:a9:
                    1d:c9:77:da:69:e2:ec:9b:5d:bf:7e:f1:bf:61:b8:
                    cc:75:80:3e:93:ac:38:09:81:a3:44:ac:2b:81:f6:
                    68:e8:46:3d:7c:54:41:a2:a2:84:81:71:74:55:c6:
                    f7:6f:41:76:f2:a0:75:f4:30:68:01:4b:43:f6:98:
                    5d:f7:ea:b9:bf:89:12:87:8a:38:f7:3e:8e:5d:8b:
                    6e:77:b9:fc:c7:73:15:f7:a5:43:65:bc:92:b6:d9:
                    f9:35:ee:68:98:67:15:41:1d:79:85:e1:8d:47:6f:
                    6f:ab:fc:bd:1b:23:91:d1:ce:e6:bb:2c:53:99:58:
                    5d:32:f5:8a:6f:76:8d:93:00:22:10:7e:5a:7d:bc:
                    c6:8a:18:f7:2b:10:b0:b4:c1:5c:05:da:cd:96:db:
                    f7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:76:6D:9D:FF:18:31:90:89:1E:DB:57:06:E7:9E:EE:3B:6D:B9:AA
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/684c2750-a370-4962-aba5-efd497c4ef17.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.93.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:73:cf:49:ce:50:08:60:1f:1a:71:51:84:cd:32:9e:eb:76:
         be:ea:3b:ca:6f:0c:20:c3:38:1d:c9:f0:4b:ae:4e:f0:86:de:
         db:a7:14:d6:87:c9:4a:af:6a:fd:ef:9d:57:b6:80:78:41:8d:
         41:f9:f6:df:78:3f:30:d6:07:ab:a6:56:45:62:90:6a:94:0f:
         be:0f:5b:66:e0:ca:52:5d:ca:ea:47:6c:93:3e:aa:76:a5:9e:
         ed:7f:93:75:0d:0c:1d:57:b4:68:54:7b:e5:f3:96:b7:d1:c4:
         fa:d4:ff:80:e8:38:57:2d:63:70:7b:bf:b3:41:e4:75:e1:a2:
         fd:04:5d:7e:67:a2:50:3a:5a:d5:6c:7b:7d:be:3b:1e:a5:1a:
         3f:f2:54:f5:7b:87:2e:f6:25:ff:e6:11:cf:c8:4a:f3:62:ec:
         0d:3e:d0:b7:65:9f:c2:0e:65:b2:d2:60:64:c8:0c:1b:95:22:
         9f:50:e0:b2:5c:61:06:f7:00:ea:74:09:a3:19:38:0d:1d:7d:
         ca:2d:49:c7:d9:8a:53:01:25:5b:30:6e:33:53:69:8f:53:7d:
         26:c3:e7:4b:f1:1e:97:c8:d5:dc:f6:cb:cd:e2:e5:63:0f:8f:
         5f:20:56:b6:e3:05:3e:c6:80:52:cd:a5:0c:9e:5d:30:b5:16:
         12:65:31:0a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYkOd8WvsNE9Y43S6FiKjWDpDFGMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjQxMjEwMDAwMDAwWhcNMjUwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMDRlMzRiZTQ2YjJkMmViNTRjMzFhOTFiMGU0YWFjMWMy
OGQ1MzEwMDMwM2Q5YmJmZmU0MGZkMzlmZDZkZGI4MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1GwhW7e4wTU10ddCik0hKmI0fELyjZ6Zv+zgfLlMocNQy
djEYkVLJVaTYrqBldtpw0Zn94DEAY2ByU7LBvXFBYyd5of3568DwAVeXY8cvvjWX
4kxShP13jtK6ijHdqOfr0lPjFpngqR3Jd9pp4uybXb9+8b9huMx1gD6TrDgJgaNE
rCuB9mjoRj18VEGiooSBcXRVxvdvQXbyoHX0MGgBS0P2mF336rm/iRKHijj3Po5d
i253ufzHcxX3pUNlvJK22fk17miYZxVBHXmF4Y1Hb2+r/L0bI5HRzua7LFOZWF0y
9Ypvdo2TACIQflp9vMaKGPcrELC0wVwF2s2W2/dxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUv3Ztnf8YMZCJHttXBuee7jttuaowHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY4NGMyNzUwLWEzNzAtNDk2Mi1hYmE1LWVmZDQ5N2M0ZWYxNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAA0XUUwDQYJKoZIhvcNAQELBQADggEBAGFzz0nOUAhgHxpxUYTNMp7rdr7q
O8pvDCDDOB3J8EuuTvCG3tunFNaHyUqvav3vnVe2gHhBjUH59t94PzDWB6umVkVi
kGqUD74PW2bgylJdyupHbJM+qnalnu1/k3UNDB1XtGhUe+XzlrfRxPrU/4DoOFct
Y3B7v7NB5HXhov0EXX5nolA6WtVse32+Ox6lGj/yVPV7hy72Jf/mEc/ISvNi7A0+
0Ldln8IOZbLSYGTIDBuVIp9Q4LJcYQb3AOp0CaMZOA0dfcotScfZilMBJVswbjNT
aY9TfSbD50vxHpfI1dz2y83i5WMPj18gVrbjBT7GgFLNpQyeXTC1FhJlMQo=
-----END CERTIFICATE-----