Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f9728e7-a392-40d1-9073-170d26138a2b.roa
File:                     0f9728e7-a392-40d1-9073-170d26138a2b.roa (raw, json)
Hash identifier:          s08ylZxhHp1W843ZYzcUg9CToYHA3dnJJzemgFDwsAo=
Subject key identifier:   57:86:81:18:66:C6:A3:24:B2:32:90:20:7F:6F:A3:1F:36:F3:B4:28
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1F7D019540100E424709092141DFB379BFB8F6DA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f9728e7-a392-40d1-9073-170d26138a2b.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        31.2.0.0/17 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:7d:01:95:40:10:0e:42:47:09:09:21:41:df:b3:79:bf:b8:f6:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=bed85fc399ab85d0a1d2b83bedf489e997460f5bae323e0401536e584501c485, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:06:52:c9:f2:b6:7f:2f:8a:71:72:0c:eb:4d:
                    03:78:80:dc:e6:73:a7:ad:3e:ce:9a:cf:82:d5:67:
                    0a:1c:72:e3:27:57:10:d6:06:42:2b:4d:c6:87:e3:
                    28:22:7b:2d:67:7f:b9:04:46:33:c9:0a:06:95:e1:
                    e9:33:67:09:25:35:a0:ad:1a:1f:ee:ee:86:c6:79:
                    8f:92:17:b8:e4:65:e2:73:6b:62:85:a9:c5:13:e3:
                    5b:05:31:03:cb:c9:76:0e:50:83:ea:0d:b8:95:39:
                    f8:c0:fe:a7:1d:34:57:c7:ff:0e:99:55:70:12:54:
                    70:88:bf:a2:44:df:2d:48:c1:1a:5f:01:02:75:5c:
                    b6:3d:99:97:35:80:76:e5:90:0d:a8:f9:5c:3b:13:
                    29:fa:d6:9a:22:5b:20:b9:3e:fc:70:f2:b2:c9:e7:
                    6d:16:cc:3b:55:9e:f4:58:53:7c:6f:cb:c6:87:d8:
                    6c:cc:ba:0c:3a:d3:fd:10:d1:e5:0e:e0:93:ed:a5:
                    15:66:63:ed:71:1e:59:ac:b8:18:f7:61:15:06:d3:
                    1b:cb:c0:2f:06:d9:a4:d6:ef:0e:e0:8a:97:1a:b4:
                    a1:f6:a1:da:43:6d:ea:a3:9e:fd:57:e6:05:e9:91:
                    11:83:ee:ef:69:a1:2d:fa:54:46:df:d3:4f:9d:ac:
                    ec:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:86:81:18:66:C6:A3:24:B2:32:90:20:7F:6F:A3:1F:36:F3:B4:28
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0f9728e7-a392-40d1-9073-170d26138a2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.2.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         1b:cf:d8:12:4f:1c:17:e5:32:62:aa:a7:1e:bb:ff:48:47:1f:
         4b:8f:ca:3f:01:de:01:94:e9:06:29:d9:e3:9b:1c:61:73:c4:
         89:e3:b6:ad:7d:52:2b:65:dd:89:8a:b9:38:f0:92:98:03:71:
         8a:b7:16:a6:af:32:b1:d9:6d:53:17:34:19:9b:3c:f5:d8:82:
         56:34:09:8d:3a:18:16:27:76:f9:05:e5:fa:c1:f4:32:50:16:
         71:aa:c9:85:90:43:24:64:e8:a2:01:a1:30:0d:23:b6:eb:9e:
         61:78:24:2f:7c:a7:e3:14:7d:2a:55:80:f8:49:14:73:29:c6:
         94:81:48:60:31:3b:5f:02:f9:15:bf:40:b0:9c:18:9b:a7:8c:
         e1:53:1d:fc:cd:3a:fd:cf:37:9a:a2:f5:05:1c:b4:18:b7:82:
         9e:93:05:5b:cd:8a:64:28:28:e2:aa:0e:96:eb:ed:50:62:41:
         83:2e:8b:83:ac:c3:26:fa:91:2f:49:c6:c8:80:10:ad:e5:16:
         fa:19:a9:bf:ff:aa:19:ac:49:6f:d1:04:cb:37:34:75:20:a3:
         7d:bd:37:2b:ad:1d:f0:2c:90:f1:4e:43:6c:19:f5:73:a5:51:
         a6:ab:9d:f9:32:5e:40:79:14:fe:2c:90:f1:5b:dd:36:95:bd:
         04:42:15:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH30BlUAQDkJHCQkhQd+zeb+49towDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWQ4NWZjMzk5YWI4NWQwYTFkMmI4M2JlZGY0ODllOTk3
NDYwZjViYWUzMjNlMDQwMTUzNmU1ODQ1MDFjNDg1MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0BlLJ8rZ/L4pxcgzrTQN4gNzmc6etPs6az4LVZwoccuMn
VxDWBkIrTcaH4ygiey1nf7kERjPJCgaV4ekzZwklNaCtGh/u7obGeY+SF7jkZeJz
a2KFqcUT41sFMQPLyXYOUIPqDbiVOfjA/qcdNFfH/w6ZVXASVHCIv6JE3y1IwRpf
AQJ1XLY9mZc1gHblkA2o+Vw7Eyn61poiWyC5Pvxw8rLJ520WzDtVnvRYU3xvy8aH
2GzMugw60/0Q0eUO4JPtpRVmY+1xHlmsuBj3YRUG0xvLwC8G2aTW7w7gipcatKH2
odpDbeqjnv1X5gXpkRGD7u9poS36VEbf00+drOyVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV4aBGGbGoySyMpAgf2+jHzbztCgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBmOTcyOGU3LWEzOTItNDBkMS05MDczLTE3MGQyNjEzOGEyYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAcfAgAwDQYJKoZIhvcNAQELBQADggEBABvP2BJPHBflMmKqpx67/0hHH0uP
yj8B3gGU6QYp2eObHGFzxInjtq19Uitl3YmKuTjwkpgDcYq3FqavMrHZbVMXNBmb
PPXYglY0CY06GBYndvkF5frB9DJQFnGqyYWQQyRk6KIBoTANI7brnmF4JC98p+MU
fSpVgPhJFHMpxpSBSGAxO18C+RW/QLCcGJunjOFTHfzNOv3PN5qi9QUctBi3gp6T
BVvNimQoKOKqDpbr7VBiQYMui4Oswyb6kS9JxsiAEK3lFvoZqb//qhmsSW/RBMs3
NHUgo329NyutHfAskPFOQ2wZ9XOlUaarnfkyXkB5FP4skPFb3TaVvQRCFc4=
-----END CERTIFICATE-----