Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89f058be-9923-4c24-9abb-09596201e6b9.roa
File:                     89f058be-9923-4c24-9abb-09596201e6b9.roa (raw, json)
Hash identifier:          t5ov/ZpyvdOA0sijAlXr6rcx0aefUY/tw6zFQZ8YMBc=
Subject key identifier:   18:69:C9:34:37:09:4E:BA:C1:F1:5B:D5:A8:6D:5A:70:C6:C9:93:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       13548D6B8EC826208ED1B0DDBCDB567E7E85F236
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89f058be-9923-4c24-9abb-09596201e6b9.roa
Signing time:             Fri 23 Feb 2024 00:00:00 +0000
ROA not before:           Fri 23 Feb 2024 00:00:00 +0000
ROA not after:            Fri 29 Mar 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffd:803f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:54:8d:6b:8e:c8:26:20:8e:d1:b0:dd:bc:db:56:7e:7e:85:f2:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 23 00:00:00 2024 GMT
            Not After : Mar 29 23:59:59 2024 GMT
        Subject: serialNumber=21468b862fb914fcb80b488580eaaa1c7e46b8b93992be2b178ae9551364c7d3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:83:b8:24:59:d5:d4:fd:0d:d8:cc:4d:a3:cd:
                    66:9e:08:49:c1:3a:c9:96:04:21:ef:48:11:f1:75:
                    48:7e:a8:ca:6f:9b:d7:41:44:f5:8c:1f:30:9e:b8:
                    d2:ba:79:a1:bf:e2:33:53:ad:c4:9a:52:c8:a8:ae:
                    26:38:ef:80:75:45:77:82:aa:25:56:e9:13:1a:72:
                    23:a0:cc:99:6c:61:71:8b:6d:ce:87:84:5c:86:53:
                    f8:fd:42:88:79:9b:80:9f:01:3a:6d:49:72:22:09:
                    77:0a:2f:3e:23:ac:68:46:ec:24:5a:ae:1e:66:6d:
                    e3:9f:47:be:29:f5:93:0d:c0:71:db:30:ce:0c:bd:
                    00:55:70:8f:7b:5b:41:1c:bd:1e:50:6e:e2:0e:41:
                    6e:97:9d:9b:6d:54:da:91:a3:cc:eb:c1:16:0a:e1:
                    8f:7f:2f:b6:6a:12:22:2a:64:74:09:dd:ec:ad:a3:
                    f1:4c:05:64:6e:42:4e:00:c5:39:d3:1e:5c:31:16:
                    d7:db:7c:6d:e2:90:22:3c:d3:f8:f3:93:29:38:70:
                    34:fe:c7:83:b2:4a:a7:2e:bd:f8:bc:bf:28:2f:85:
                    35:b7:fc:0f:39:ac:1d:fc:92:05:99:3b:86:fe:cd:
                    6d:7f:d8:ba:b1:93:3d:0d:65:ae:56:8c:30:14:f6:
                    d5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:69:C9:34:37:09:4E:BA:C1:F1:5B:D5:A8:6D:5A:70:C6:C9:93:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/89f058be-9923-4c24-9abb-09596201e6b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:803f::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:e9:7f:69:2e:3a:4f:8d:3f:16:61:03:f4:d2:e5:e6:49:63:
         f7:fe:4a:a6:68:dd:e2:c4:79:ca:81:c9:d5:94:4d:e3:bc:00:
         14:b5:17:d5:c6:77:c0:59:cb:2d:92:53:37:1e:ce:1e:f8:9c:
         ff:f3:a9:30:fa:ee:88:0f:e3:0b:e1:f1:a3:b3:e7:a2:2b:1e:
         24:af:56:2f:77:47:21:50:cd:a4:08:be:cd:f6:d5:f6:71:33:
         49:3c:6f:7d:ae:cd:dd:cf:f6:68:31:12:11:e5:29:90:d0:a1:
         9b:af:11:ae:a7:b6:d7:2c:13:f5:5f:27:08:02:75:3f:4f:f2:
         ff:05:a4:77:6e:ec:3b:e3:af:2e:32:3e:17:85:51:1d:c6:d1:
         a4:36:d0:18:83:a2:8a:24:be:c0:e7:0c:49:10:05:a3:5a:09:
         38:73:b2:fd:01:53:1b:4f:ce:a4:01:9c:00:bf:61:f1:6f:c2:
         3c:6c:78:6b:30:44:59:c3:8d:69:56:8c:ff:35:8c:b8:0c:5a:
         66:83:e8:63:97:5d:7b:74:b0:c5:a3:41:6d:e2:1c:59:57:54:
         2c:5c:28:8b:28:37:43:30:7d:fc:4c:18:0a:54:36:46:70:c2:
         f0:68:8b:06:48:3a:38:b8:f5:1e:28:3f:8e:db:2a:e4:7e:d4:
         2c:bb:6a:6b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUE1SNa47IJiCO0bDdvNtWfn6F8jYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwMjIzMDAwMDAwWhcNMjQwMzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTQ2OGI4NjJmYjkxNGZjYjgwYjQ4ODU4MGVhYWExYzdl
NDZiOGI5Mzk5MmJlMmIxNzhhZTk1NTEzNjRjN2QzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC6g7gkWdXU/Q3YzE2jzWaeCEnBOsmWBCHvSBHxdUh+qMpv
m9dBRPWMHzCeuNK6eaG/4jNTrcSaUsioriY474B1RXeCqiVW6RMaciOgzJlsYXGL
bc6HhFyGU/j9Qoh5m4CfATptSXIiCXcKLz4jrGhG7CRarh5mbeOfR74p9ZMNwHHb
MM4MvQBVcI97W0EcvR5QbuIOQW6XnZttVNqRo8zrwRYK4Y9/L7ZqEiIqZHQJ3eyt
o/FMBWRuQk4AxTnTHlwxFtfbfG3ikCI80/jzkyk4cDT+x4OySqcuvfi8vygvhTW3
/A85rB38kgWZO4b+zW1/2Lqxkz0NZa5WjDAU9tXnAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUGGnJNDcJTrrB8VvVqG1acMbJk4cwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzg5ZjA1OGJlLTk5MjMtNGMyNC05YWJiLTA5NTk2MjAxZTZiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gD8wDQYJKoZIhvcNAQELBQADggEBALrpf2kuOk+NPxZhA/TS5eZJ
Y/f+SqZo3eLEecqBydWUTeO8ABS1F9XGd8BZyy2SUzcezh74nP/zqTD67ogP4wvh
8aOz56IrHiSvVi93RyFQzaQIvs321fZxM0k8b32uzd3P9mgxEhHlKZDQoZuvEa6n
ttcsE/VfJwgCdT9P8v8FpHdu7Dvjry4yPheFUR3G0aQ20BiDoookvsDnDEkQBaNa
CThzsv0BUxtPzqQBnAC/YfFvwjxseGswRFnDjWlWjP81jLgMWmaD6GOXXXt0sMWj
QW3iHFlXVCxcKIsoN0MwffxMGApUNkZwwvBoiwZIOji49R4oP47bKuR+1Cy7ams=
-----END CERTIFICATE-----