Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81a9c4df-9112-467a-b220-12fccff4c1b9.roa
File:                     81a9c4df-9112-467a-b220-12fccff4c1b9.roa (raw, json)
Hash identifier:          ciNj4jx9tJf6psqIBqABC+G11OeOtUKWNLU2uJuIhUQ=
Subject key identifier:   B0:F4:7E:1C:4D:65:8C:8F:22:C7:1B:51:BC:F1:C1:05:71:4A:06:1E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       425A0280D241E5A90017E5BC6FA23A359594B3FC
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81a9c4df-9112-467a-b220-12fccff4c1b9.roa
Signing time:             Wed 25 Dec 2024 00:00:00 +0000
ROA not before:           Wed 25 Dec 2024 00:00:00 +0000
ROA not after:            Wed 29 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        131.127.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:5a:02:80:d2:41:e5:a9:00:17:e5:bc:6f:a2:3a:35:95:94:b3:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 25 00:00:00 2024 GMT
            Not After : Jan 29 23:59:59 2025 GMT
        Subject: serialNumber=59a16581528419f33457d0829507e17429b4977e40f84bc1ece6ad12fe762a4f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:aa:f5:b6:8a:8d:a1:80:a5:cc:e8:8d:b3:af:
                    f9:12:28:a5:29:23:23:7d:84:89:74:60:88:ce:84:
                    d6:01:1b:be:c5:65:26:74:48:b3:90:98:e4:3e:e9:
                    8b:c4:59:5e:bb:67:04:fd:8d:78:93:cd:6d:bc:ae:
                    c2:1e:e9:53:55:68:7f:25:b5:42:fe:48:1b:db:9d:
                    ea:c8:68:c3:8d:a0:50:77:02:ac:d7:70:2d:d5:18:
                    1e:4f:5b:09:25:04:b7:c3:b3:8f:57:71:28:46:1c:
                    4c:03:a0:44:44:26:7a:80:eb:f5:0c:99:b5:43:9d:
                    c2:5c:3d:97:c2:7d:48:28:d5:ba:6b:1a:aa:e1:53:
                    fb:4a:9f:2c:5f:bd:c1:41:9b:da:9b:d4:52:b6:64:
                    d7:d4:86:f4:2f:2a:8b:7e:15:e0:0d:9f:56:cc:09:
                    67:0d:37:d5:ba:0a:9d:23:d7:08:76:b5:8d:97:68:
                    44:46:b0:3e:34:d8:e1:6d:bc:dd:df:2a:4e:a3:cb:
                    23:62:6b:d4:a5:45:98:a8:3e:df:65:a9:ac:0f:99:
                    9d:9b:e8:0a:f3:a2:ce:cc:c7:7c:0c:1f:f3:3e:c9:
                    97:88:49:54:de:d4:0c:a2:73:b7:23:25:d7:20:7e:
                    5d:1f:bd:f6:24:c9:50:c0:55:86:c0:e6:e8:10:db:
                    cd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F4:7E:1C:4D:65:8C:8F:22:C7:1B:51:BC:F1:C1:05:71:4A:06:1E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81a9c4df-9112-467a-b220-12fccff4c1b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.127.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:b7:60:cb:f2:7e:cd:75:11:8c:8d:db:a9:b6:d0:13:ec:4f:
         0a:d4:d9:97:12:48:03:ce:c3:28:bf:62:25:3f:36:80:a4:2a:
         88:3c:7a:80:62:30:74:e9:bc:25:74:e4:51:cf:64:98:32:62:
         c7:48:41:67:e7:6e:43:c6:fa:10:76:2a:73:44:ea:79:d6:ce:
         1d:6b:5c:54:21:6f:6d:39:54:f8:35:27:1a:9f:3f:21:39:f9:
         6e:e3:25:50:dc:0b:bb:f9:19:2c:f8:c2:0d:50:cb:09:39:40:
         9a:b5:9e:c4:28:7b:16:de:79:13:72:5b:ab:8e:52:7d:74:cf:
         e8:64:5c:64:12:ad:fc:1b:33:80:c0:57:4d:3d:e0:c0:13:96:
         b8:2d:44:42:5e:25:cc:88:3a:06:6e:37:26:99:bb:a8:0f:61:
         91:87:7e:d2:a7:96:1e:15:c4:b9:dd:45:11:7a:de:97:3b:98:
         e0:ea:92:c1:60:d6:01:66:7d:a6:2a:04:59:74:99:da:41:7f:
         11:cf:49:08:41:44:05:fd:13:93:52:ab:27:3e:19:a4:c9:ad:
         b0:68:d8:55:41:81:7d:db:ad:9e:fc:73:10:6f:9c:c3:53:78:
         62:ac:b0:54:6a:a3:e0:5e:71:dd:84:f3:f0:9c:11:40:18:6a:
         b6:68:4e:02
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQloCgNJB5akAF+W8b6I6NZWUs/wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI1MDAwMDAwWhcNMjUwMTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWExNjU4MTUyODQxOWYzMzQ1N2QwODI5NTA3ZTE3NDI5
YjQ5NzdlNDBmODRiYzFlY2U2YWQxMmZlNzYyYTRmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZqvW2io2hgKXM6I2zr/kSKKUpIyN9hIl0YIjOhNYBG77F
ZSZ0SLOQmOQ+6YvEWV67ZwT9jXiTzW28rsIe6VNVaH8ltUL+SBvbnerIaMONoFB3
AqzXcC3VGB5PWwklBLfDs49XcShGHEwDoEREJnqA6/UMmbVDncJcPZfCfUgo1bpr
GqrhU/tKnyxfvcFBm9qb1FK2ZNfUhvQvKot+FeANn1bMCWcNN9W6Cp0j1wh2tY2X
aERGsD402OFtvN3fKk6jyyNia9SlRZioPt9lqawPmZ2b6Arzos7Mx3wMH/M+yZeI
SVTe1Ayic7cjJdcgfl0fvfYkyVDAVYbA5ugQ281xAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUsPR+HE1ljI8ixxtRvPHBBXFKBh4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxYTljNGRmLTkxMTItNDY3YS1iMjIwLTEyZmNjZmY0YzFiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCDfzANBgkqhkiG9w0BAQsFAAOCAQEAALdgy/J+zXURjI3bqbbQE+xPCtTZ
lxJIA87DKL9iJT82gKQqiDx6gGIwdOm8JXTkUc9kmDJix0hBZ+duQ8b6EHYqc0Tq
edbOHWtcVCFvbTlU+DUnGp8/ITn5buMlUNwLu/kZLPjCDVDLCTlAmrWexCh7Ft55
E3Jbq45SfXTP6GRcZBKt/BszgMBXTT3gwBOWuC1EQl4lzIg6Bm43Jpm7qA9hkYd+
0qeWHhXEud1FEXrelzuY4OqSwWDWAWZ9pioEWXSZ2kF/Ec9JCEFEBf0Tk1KrJz4Z
pMmtsGjYVUGBfdutnvxzEG+cw1N4YqywVGqj4F5x3YTz8JwRQBhqtmhOAg==
-----END CERTIFICATE-----