Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b457f264-8c68-42c7-a459-6cb911328b8c.roa
File:                     b457f264-8c68-42c7-a459-6cb911328b8c.roa (raw, json)
Hash identifier:          Oa/Fg5cYHVi4r/3IgP/cU3N44augJbRMmb1vGdCr/ok=
Subject key identifier:   E3:A8:A8:FE:59:6E:37:0F:D5:33:B4:60:76:C8:DA:09:EC:F2:69:BD
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       483621FDF15CF252F7AD293E2C98EEFDDBE969E9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b457f264-8c68-42c7-a459-6cb911328b8c.roa
Signing time:             Mon 13 Nov 2023 00:00:00 +0000
ROA not before:           Mon 13 Nov 2023 00:00:00 +0000
ROA not after:            Mon 18 Dec 2023 23:59:59 +0000
asID:                     8987
IP address blocks:        192.31.212.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:36:21:fd:f1:5c:f2:52:f7:ad:29:3e:2c:98:ee:fd:db:e9:69:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Nov 13 00:00:00 2023 GMT
            Not After : Dec 18 23:59:59 2023 GMT
        Subject: serialNumber=63ee47ed4e34eb3c020c9079edbea397118862360f2f5150f54362f8f5867a65, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3c:7d:bc:61:63:1c:ad:f2:19:b5:c5:63:44:
                    3a:61:17:14:75:72:b8:d4:35:64:45:ec:ad:21:f2:
                    60:6c:bf:3e:b1:b5:28:77:5b:34:d1:a5:1c:40:3c:
                    36:f5:3d:46:66:8e:f4:95:76:26:30:b6:0a:11:de:
                    d2:a1:4b:87:bd:59:fa:ad:17:0c:07:da:6f:09:cd:
                    22:c3:66:b6:35:3f:ec:95:98:36:c9:f5:18:6d:e0:
                    25:1c:0d:5b:3b:b3:de:c8:3f:8c:5f:c4:99:b0:51:
                    98:18:13:c7:6a:b0:0d:38:96:f4:1f:f5:2e:b2:ab:
                    f4:21:45:a6:52:af:81:8d:82:22:bf:18:5f:ba:24:
                    1a:47:79:5d:ae:73:0c:ca:f8:6b:48:71:ec:9e:2b:
                    3b:f7:e8:9a:91:65:ca:04:c4:26:7d:f5:0f:3e:26:
                    65:8e:01:99:58:e3:b8:f3:22:df:9c:1b:52:0a:c7:
                    37:8d:86:10:df:8a:77:d2:1a:09:91:20:9f:6a:ba:
                    7e:ea:a0:bf:f4:13:d8:9f:a4:bc:8f:73:4a:c5:83:
                    85:3b:a5:a3:ce:f3:ce:a2:44:5b:10:33:dd:9d:79:
                    f5:3f:f6:d5:15:4f:3a:41:b5:af:0f:2d:38:aa:dc:
                    51:d9:2d:af:98:34:5d:63:dd:25:98:e9:90:32:7a:
                    9e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A8:A8:FE:59:6E:37:0F:D5:33:B4:60:76:C8:DA:09:EC:F2:69:BD
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b457f264-8c68-42c7-a459-6cb911328b8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.31.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:e4:51:1e:17:44:e5:90:a8:ef:cc:3e:50:a8:1d:99:2d:4f:
         b9:69:b4:50:06:e7:c2:fd:7f:5a:0b:42:80:69:ab:07:21:51:
         91:0c:8d:6b:d8:e3:51:71:30:11:35:47:b4:19:57:03:9e:1a:
         e2:be:00:d9:ac:d2:00:46:5d:a9:b0:08:4c:7f:2c:fc:97:59:
         25:bf:5d:41:41:54:54:fc:ef:d4:0b:c5:66:ef:82:b8:ef:cf:
         a0:9e:9b:98:50:2d:c2:d6:38:01:24:20:ff:5c:54:6d:35:5b:
         de:39:d6:07:4a:73:93:d8:52:87:28:cd:20:c8:dc:37:2a:7a:
         46:41:c4:01:b3:9d:71:27:90:2f:86:eb:7e:da:ef:ff:62:d0:
         e5:45:6f:13:77:2f:6d:a2:fc:26:ea:70:c5:33:9c:ac:17:05:
         6c:47:67:e9:ac:a0:e1:1d:38:83:4e:b8:a3:21:c4:95:2c:45:
         51:90:41:07:bb:9b:87:ad:2f:59:98:9d:8e:cf:19:77:68:27:
         2d:86:dd:54:77:d0:ab:d1:66:f5:9b:fe:5f:7f:65:b8:00:b1:
         fc:1b:11:f7:f0:ca:bd:1b:ff:53:9c:50:37:ac:cc:46:0b:77:
         54:59:9d:29:81:6d:06:8b:6d:aa:58:5b:55:eb:ef:30:0b:f4:
         51:c8:5e:16
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSDYh/fFc8lL3rSk+LJju/dvpaekwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjMxMTEzMDAwMDAwWhcNMjMxMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A2M2VlNDdlZDRlMzRlYjNjMDIwYzkwNzllZGJlYTM5NzEx
ODg2MjM2MGYyZjUxNTBmNTQzNjJmOGY1ODY3YTY1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2PH28YWMcrfIZtcVjRDphFxR1crjUNWRF7K0h8mBsvz6x
tSh3WzTRpRxAPDb1PUZmjvSVdiYwtgoR3tKhS4e9WfqtFwwH2m8JzSLDZrY1P+yV
mDbJ9Rht4CUcDVs7s97IP4xfxJmwUZgYE8dqsA04lvQf9S6yq/QhRaZSr4GNgiK/
GF+6JBpHeV2ucwzK+GtIceyeKzv36JqRZcoExCZ99Q8+JmWOAZlY47jzIt+cG1IK
xzeNhhDfinfSGgmRIJ9qun7qoL/0E9ifpLyPc0rFg4U7paPO886iRFsQM92defU/
9tUVTzpBta8PLTiq3FHZLa+YNF1j3SWY6ZAyep5XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU46io/lluNw/VM7RgdsjaCezyab0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I0NTdmMjY0LThjNjgtNDJjNy1hNDU5LTZjYjkxMTMyOGI4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADAH9QwDQYJKoZIhvcNAQELBQADggEBAJXkUR4XROWQqO/MPlCoHZktT7lp
tFAG58L9f1oLQoBpqwchUZEMjWvY41FxMBE1R7QZVwOeGuK+ANms0gBGXamwCEx/
LPyXWSW/XUFBVFT879QLxWbvgrjvz6Cem5hQLcLWOAEkIP9cVG01W9451gdKc5PY
UocozSDI3DcqekZBxAGznXEnkC+G637a7/9i0OVFbxN3L22i/CbqcMUznKwXBWxH
Z+msoOEdOINOuKMhxJUsRVGQQQe7m4etL1mYnY7PGXdoJy2G3VR30KvRZvWb/l9/
ZbgAsfwbEffwyr0b/1OcUDeszEYLd1RZnSmBbQaLbapYW1Xr7zAL9FHIXhY=
-----END CERTIFICATE-----