Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9dbe5d2a-4e3b-4c6e-b1ea-969dd8ce2813.roa
File:                     9dbe5d2a-4e3b-4c6e-b1ea-969dd8ce2813.roa (raw, json)
Hash identifier:          qBf/yzuACQI/eHJnl8ouEViNtX46vhryiOqzOck9By8=
Subject key identifier:   0A:D3:49:22:10:43:3F:83:61:AF:AA:96:0C:B9:1A:08:BA:E9:AB:BC
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       08A42F220C27F4816DBC92FD588A6DF018C50DB1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9dbe5d2a-4e3b-4c6e-b1ea-969dd8ce2813.roa
Signing time:             Fri 23 Feb 2024 00:00:00 +0000
ROA not before:           Fri 23 Feb 2024 00:00:00 +0000
ROA not after:            Fri 29 Mar 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ffd:807b::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:a4:2f:22:0c:27:f4:81:6d:bc:92:fd:58:8a:6d:f0:18:c5:0d:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 23 00:00:00 2024 GMT
            Not After : Mar 29 23:59:59 2024 GMT
        Subject: serialNumber=8ca655c7cbfb2d74ee413ff52879c172287ff234d6f097e4607ce5897d50c3e3, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:56:b8:52:c4:e6:f3:2e:95:63:c2:e6:75:ff:
                    79:f8:8e:40:32:8e:23:6d:80:7f:22:49:6d:98:a6:
                    f7:7b:02:40:3c:da:9b:55:4a:94:9b:a2:89:a4:c1:
                    1b:03:28:1b:36:93:3f:7d:f1:c6:8b:4b:61:db:62:
                    30:6f:65:4d:f8:a3:68:3f:f0:49:c9:94:05:28:7c:
                    e1:3e:51:ff:77:57:1c:cf:cd:0d:c3:32:22:da:a9:
                    e8:66:60:cd:f7:ed:65:5e:2f:85:dc:f0:9b:f8:13:
                    16:9a:9f:23:c4:d6:87:3b:2c:ef:58:f7:51:a1:34:
                    37:0c:70:52:34:65:0c:d8:55:5e:e5:f7:b5:a4:01:
                    73:6f:a5:33:c0:ea:41:05:81:bd:ce:37:94:2d:09:
                    80:10:09:63:27:3b:df:e8:b4:4b:a6:2d:f2:11:07:
                    f5:ae:7e:37:23:f9:b9:5f:d1:db:65:35:0a:24:77:
                    40:79:3b:c5:61:dc:db:9c:d1:d0:14:e2:90:0f:61:
                    1c:86:20:da:51:de:ae:07:36:f2:11:3c:5a:e8:07:
                    2c:04:89:a7:97:fe:eb:5b:65:eb:aa:f3:2e:77:62:
                    1d:5e:bc:f5:94:4f:1c:0e:d8:fa:47:ee:77:75:26:
                    d0:12:93:ee:d6:4c:9d:35:fa:fb:3e:59:6b:03:20:
                    7e:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:D3:49:22:10:43:3F:83:61:AF:AA:96:0C:B9:1A:08:BA:E9:AB:BC
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/9dbe5d2a-4e3b-4c6e-b1ea-969dd8ce2813.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffd:807b::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:da:38:d7:89:70:cd:d1:8e:f2:d7:55:19:f7:4d:87:fb:9c:
         b9:29:4d:36:87:a1:21:74:d2:fa:1d:8e:dd:9a:55:f7:ea:c3:
         4a:b8:3d:28:46:9a:bb:31:a1:b9:02:fe:71:51:d4:74:f2:43:
         0e:dc:29:e4:43:f1:34:6e:4e:77:71:fe:0e:9b:5b:9b:6c:a2:
         e2:02:6f:dd:3a:da:91:d9:e5:61:5b:65:66:7e:1e:01:39:e2:
         86:7a:8f:d6:9f:24:bb:d9:89:b1:26:71:fa:87:5f:46:d6:a2:
         d0:e9:bb:43:f8:ce:0d:9e:a1:e0:e2:ea:42:a8:6d:ad:6d:16:
         37:31:89:1c:fe:72:6a:56:b2:21:a2:2b:2f:52:d1:18:a2:ad:
         8a:5e:77:8d:c0:17:1d:86:22:03:5c:b3:89:af:e2:c8:c3:5e:
         21:02:27:19:12:9b:6e:2f:cf:d9:2f:6e:84:73:e0:29:9c:fc:
         89:2e:64:d8:12:2b:6b:43:2d:ae:cc:d2:3d:d4:71:84:1a:5f:
         68:45:8d:2d:c2:95:f7:ac:8c:5e:35:ab:d2:51:30:33:0d:61:
         65:b6:1b:08:87:0b:a0:c6:87:13:42:30:8f:b9:d4:d7:71:09:
         93:e5:ed:8f:a0:28:35:86:90:b2:63:39:99:71:7b:db:1a:8c:
         58:38:9d:5d
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUCKQvIgwn9IFtvJL9WIpt8BjFDbEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwMjIzMDAwMDAwWhcNMjQwMzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4Y2E2NTVjN2NiZmIyZDc0ZWU0MTNmZjUyODc5YzE3MjI4
N2ZmMjM0ZDZmMDk3ZTQ2MDdjZTU4OTdkNTBjM2UzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUVrhSxObzLpVjwuZ1/3n4jkAyjiNtgH8iSW2Ypvd7AkA8
2ptVSpSboomkwRsDKBs2kz998caLS2HbYjBvZU34o2g/8EnJlAUofOE+Uf93VxzP
zQ3DMiLaqehmYM337WVeL4Xc8Jv4ExaanyPE1oc7LO9Y91GhNDcMcFI0ZQzYVV7l
97WkAXNvpTPA6kEFgb3ON5QtCYAQCWMnO9/otEumLfIRB/Wufjcj+blf0dtlNQok
d0B5O8Vh3Nuc0dAU4pAPYRyGINpR3q4HNvIRPFroBywEiaeX/utbZeuq8y53Yh1e
vPWUTxwO2PpH7nd1JtASk+7WTJ01+vs+WWsDIH5DAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUCtNJIhBDP4Nhr6qWDLkaCLrpq7wwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzlkYmU1ZDJhLTRlM2ItNGM2ZS1iMWVhLTk2OWRkOGNlMjgxMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/9gHswDQYJKoZIhvcNAQELBQADggEBAB7aONeJcM3RjvLXVRn3TYf7
nLkpTTaHoSF00vodjt2aVffqw0q4PShGmrsxobkC/nFR1HTyQw7cKeRD8TRuTndx
/g6bW5tsouICb9062pHZ5WFbZWZ+HgE54oZ6j9afJLvZibEmcfqHX0bWotDpu0P4
zg2eoeDi6kKoba1tFjcxiRz+cmpWsiGiKy9S0RiirYped43AFx2GIgNcs4mv4sjD
XiECJxkSm24vz9kvboRz4Cmc/IkuZNgSK2tDLa7M0j3UcYQaX2hFjS3ClfesjF41
q9JRMDMNYWW2GwiHC6DGhxNCMI+51NdxCZPl7Y+gKDWGkLJjOZlxe9sajFg4nV0=
-----END CERTIFICATE-----