Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bed1a427-4409-46ac-84fe-7b87b93033cf.roa
File:                     bed1a427-4409-46ac-84fe-7b87b93033cf.roa (raw, json)
Hash identifier:          UfrdU9C9SBPPeN33v2aCUUTR2KQIpI8lJK2iTVns46E=
Subject key identifier:   F8:22:47:13:BC:68:A1:8B:F2:7D:BF:58:AD:FB:3B:07:DF:94:2A:00
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       57ABAC141B790CB97EFA5D0BCE4ED41A3D8255B7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bed1a427-4409-46ac-84fe-7b87b93033cf.roa
Signing time:             Fri 23 Feb 2024 00:00:00 +0000
ROA not before:           Fri 23 Feb 2024 00:00:00 +0000
ROA not after:            Fri 29 Mar 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f21:4000::/36 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:ab:ac:14:1b:79:0c:b9:7e:fa:5d:0b:ce:4e:d4:1a:3d:82:55:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 23 00:00:00 2024 GMT
            Not After : Mar 29 23:59:59 2024 GMT
        Subject: serialNumber=8939e5cb2dc00d36e571d0d17db754356de39948b9faac95a7b6478440e94a4a, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:94:68:d3:6d:15:7d:c7:40:04:cb:77:65:8c:
                    1a:47:f0:9a:5d:55:d3:53:a3:f5:c2:3c:63:4c:29:
                    1c:e4:be:18:df:f0:de:47:3e:28:b4:81:f1:75:e4:
                    7c:6d:95:14:8f:55:dd:21:30:f8:03:80:67:db:d9:
                    67:88:61:95:56:2d:fe:d8:93:0c:3e:b6:c6:bb:23:
                    9e:80:16:93:f2:6f:39:7b:9c:59:b5:b7:65:48:51:
                    b3:b5:39:57:63:70:9e:3e:76:ae:f7:1c:ee:c4:45:
                    4f:f4:40:9d:fc:94:da:9d:5b:b9:a6:0b:55:f9:22:
                    6a:0f:bb:9d:8f:02:12:85:db:1d:ff:ba:73:9a:57:
                    6d:cb:2e:a9:94:65:92:30:7c:a2:cf:c9:b4:ad:b9:
                    a6:e5:57:9d:40:eb:af:e1:d5:15:bf:bf:f4:e9:80:
                    6a:da:be:21:ad:19:18:1d:f8:19:52:2a:d7:aa:3e:
                    cf:b7:3b:98:c6:7b:17:9b:b9:47:bb:9d:23:9d:32:
                    59:4f:1f:76:9c:14:31:19:89:86:fd:a2:f4:f3:ff:
                    de:80:27:db:db:1d:9e:3e:9d:88:b0:5d:c1:6a:71:
                    b2:91:24:67:58:8a:9f:57:ea:c0:da:61:be:02:b7:
                    ae:e1:f8:06:4a:df:0c:20:7c:ed:f0:24:35:2d:a4:
                    40:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:22:47:13:BC:68:A1:8B:F2:7D:BF:58:AD:FB:3B:07:DF:94:2A:00
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/bed1a427-4409-46ac-84fe-7b87b93033cf.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f21:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         aa:59:ea:18:d6:e1:b6:13:5f:3c:80:96:2d:49:f3:a4:ea:09:
         41:a2:52:b0:21:35:14:30:74:00:44:17:f0:62:ab:48:e2:20:
         5a:47:1f:02:44:29:09:80:af:94:02:9a:b5:07:f3:8b:ac:cd:
         9b:b1:57:dc:32:87:4d:9d:4b:e6:cf:63:a6:4c:11:f2:97:d4:
         da:fb:6f:bc:d5:a0:37:b4:d1:91:b0:17:d1:33:4b:46:e6:34:
         60:1e:85:97:24:41:f5:2b:8c:91:c5:d9:d0:2f:5e:f6:db:02:
         35:4f:b0:4e:89:cf:ce:75:cf:06:5c:8b:f7:c1:31:3f:51:a6:
         d5:cb:ed:16:18:af:a4:a8:1b:01:58:d6:85:fd:a5:2c:9e:73:
         e6:e4:48:9f:7c:73:36:48:52:2b:c2:fa:4c:7d:8b:bc:b1:dd:
         cf:ea:88:6d:56:7d:9c:c9:9f:6b:38:7f:23:9e:c3:59:9f:a4:
         ab:f3:15:c6:14:3b:8c:c9:dd:ab:34:5c:bf:cc:10:2c:70:c4:
         26:b7:16:f5:dd:17:21:01:dd:21:99:d4:40:11:d4:7b:52:97:
         52:95:ac:8a:dd:26:81:88:e4:3a:7b:c9:65:64:ac:47:bd:ab:
         ac:ce:76:d5:74:f8:81:05:7d:1b:db:24:a6:1f:b3:c2:5d:cf:
         d8:4d:0b:ee
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUV6usFBt5DLl++l0Lzk7UGj2CVbcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwMjIzMDAwMDAwWhcNMjQwMzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTM5ZTVjYjJkYzAwZDM2ZTU3MWQwZDE3ZGI3NTQzNTZk
ZTM5OTQ4YjlmYWFjOTVhN2I2NDc4NDQwZTk0YTRhMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1lGjTbRV9x0AEy3dljBpH8JpdVdNTo/XCPGNMKRzkvhjf
8N5HPii0gfF15HxtlRSPVd0hMPgDgGfb2WeIYZVWLf7Ykww+tsa7I56AFpPybzl7
nFm1t2VIUbO1OVdjcJ4+dq73HO7ERU/0QJ38lNqdW7mmC1X5ImoPu52PAhKF2x3/
unOaV23LLqmUZZIwfKLPybStuablV51A66/h1RW/v/TpgGraviGtGRgd+BlSKteq
Ps+3O5jGexebuUe7nSOdMllPH3acFDEZiYb9ovTz/96AJ9vbHZ4+nYiwXcFqcbKR
JGdYip9X6sDaYb4Ct67h+AZK3wwgfO3wJDUtpEDZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU+CJHE7xooYvyfb9Yrfs7B9+UKgAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2JlZDFhNDI3LTQ0MDktNDZhYy04NGZlLTdiODdiOTMwMzNjZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8hQDANBgkqhkiG9w0BAQsFAAOCAQEAqlnqGNbhthNfPICWLUnzpOoJ
QaJSsCE1FDB0AEQX8GKrSOIgWkcfAkQpCYCvlAKatQfzi6zNm7FX3DKHTZ1L5s9j
pkwR8pfU2vtvvNWgN7TRkbAX0TNLRuY0YB6FlyRB9SuMkcXZ0C9e9tsCNU+wTonP
znXPBlyL98ExP1Gm1cvtFhivpKgbAVjWhf2lLJ5z5uRIn3xzNkhSK8L6TH2LvLHd
z+qIbVZ9nMmfazh/I57DWZ+kq/MVxhQ7jMndqzRcv8wQLHDEJrcW9d0XIQHdIZnU
QBHUe1KXUpWsit0mgYjkOnvJZWSsR72rrM521XT4gQV9G9skph+zwl3P2E0L7g==
-----END CERTIFICATE-----