Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/87141eb5-7e9b-44c7-a50a-a0441b37f022.roa
File:                     87141eb5-7e9b-44c7-a50a-a0441b37f022.roa (raw, json)
Hash identifier:          +XMmHxwtWcfk1p0QGlQZimtWqcZIJWNY2RwmzyiT5mc=
Subject key identifier:   68:E6:04:E7:48:A1:F0:E9:F4:F7:59:94:31:21:75:89:55:D1:89:9E
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       4B761B224D4C983A5D5D7E3F443822DFDE12314D
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/87141eb5-7e9b-44c7-a50a-a0441b37f022.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40:1000::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:76:1b:22:4d:4c:98:3a:5d:5d:7e:3f:44:38:22:df:de:12:31:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: serialNumber=bb04ab5071be363a53e15dfae23bc335f3ad4d4cb00b93a805167a6b024931c3, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6a:41:c5:78:c2:de:61:96:83:4f:fd:7b:9c:
                    d3:55:9b:e6:5d:37:ba:1e:45:55:ae:6c:ff:4f:d8:
                    21:23:71:a5:7f:f3:df:14:8e:f5:bd:1b:b8:bf:4a:
                    01:09:15:df:48:fd:50:0e:2e:b1:42:14:df:a9:df:
                    74:ed:4f:9a:e4:84:e8:76:de:83:b4:72:ff:93:9e:
                    ec:3d:b8:98:94:ed:a0:c3:9e:33:3b:57:f4:2b:b4:
                    1d:9c:7a:ae:a3:4f:b2:b1:a6:d2:c7:de:a7:75:17:
                    63:35:22:f0:44:c5:23:78:79:2b:5d:9d:f3:a5:06:
                    b0:d7:84:3b:8e:88:05:76:81:7b:31:b3:dd:e3:55:
                    4f:4f:07:ce:7d:63:62:f3:e5:c6:7e:8a:01:11:7c:
                    59:6a:95:0f:8c:73:47:84:47:22:2d:b9:a1:3c:1f:
                    e0:5b:db:93:7c:fb:00:32:b7:66:83:b7:9b:59:10:
                    c0:f4:e9:9c:ea:62:6c:9a:aa:88:28:e8:f8:49:02:
                    2c:4b:5b:32:f1:58:7e:e5:cb:37:8b:63:92:9b:93:
                    d2:69:a1:28:6b:70:48:1e:9b:57:b2:2d:7f:60:38:
                    25:3c:04:99:66:97:83:c6:1a:ee:22:db:dd:9d:13:
                    5e:b0:5a:39:dc:f8:d2:5f:ea:87:29:d2:6d:f4:da:
                    b1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E6:04:E7:48:A1:F0:E9:F4:F7:59:94:31:21:75:89:55:D1:89:9E
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/87141eb5-7e9b-44c7-a50a-a0441b37f022.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:1000::/39

    Signature Algorithm: sha256WithRSAEncryption
         c2:06:60:a7:24:41:2c:70:b7:e1:00:61:a0:2f:a9:70:a3:a9:
         55:42:ed:56:bc:5c:3c:74:88:92:5a:e1:c7:15:b1:0e:e8:81:
         9f:44:f0:43:27:aa:ae:d0:27:1d:e4:4d:9f:21:ae:6b:ff:f4:
         de:99:bf:2f:3b:d4:fc:0e:09:f2:7c:dc:03:e5:5d:4a:b6:8e:
         3d:7c:45:db:a4:8c:b5:bf:ec:89:5a:30:3b:87:c1:e8:bc:f7:
         5e:f8:60:3c:a1:49:fa:7f:0b:73:c9:bd:cc:3e:01:c6:87:00:
         16:c0:6c:81:a5:4c:1f:01:b3:93:b4:91:5b:ad:05:da:f5:d4:
         67:15:d6:7e:69:19:a2:78:76:51:ea:6d:49:c4:71:4d:fb:5b:
         ac:c4:f1:78:c2:c2:07:77:af:17:f6:dc:91:80:f0:8d:3f:47:
         7f:5c:51:d9:10:13:aa:6c:d6:21:0c:4d:04:18:80:57:04:d0:
         09:da:6a:77:8b:32:58:8f:4e:a3:c5:d5:74:e4:2c:6d:c9:53:
         6e:7c:ed:90:e5:0f:6f:08:a2:37:d5:cd:c6:50:83:f5:ae:f5:
         ed:04:a6:eb:64:52:dd:25:b1:0c:08:9b:18:e9:1e:56:61:69:
         16:f3:da:68:fc:c5:34:10:46:c2:02:9b:75:ba:9e:fc:96:c3:
         ac:72:4c:bf
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUS3YbIk1MmDpdXX4/RDgi394SMU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjA0YWI1MDcxYmUzNjNhNTNlMTVkZmFlMjNiYzMzNWYz
YWQ0ZDRjYjAwYjkzYTgwNTE2N2E2YjAyNDkzMWMzMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcakHFeMLeYZaDT/17nNNVm+ZdN7oeRVWubP9P2CEjcaV/
898UjvW9G7i/SgEJFd9I/VAOLrFCFN+p33TtT5rkhOh23oO0cv+Tnuw9uJiU7aDD
njM7V/QrtB2ceq6jT7KxptLH3qd1F2M1IvBExSN4eStdnfOlBrDXhDuOiAV2gXsx
s93jVU9PB859Y2Lz5cZ+igERfFlqlQ+Mc0eERyItuaE8H+Bb25N8+wAyt2aDt5tZ
EMD06ZzqYmyaqogo6PhJAixLWzLxWH7lyzeLY5Kbk9JpoShrcEgem1eyLX9gOCU8
BJlml4PGGu4i292dE16wWjnc+NJf6ocp0m302rFVAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUaOYE50ih8On091mUMSF1iVXRiZ4wHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjLzg3MTQxZWI1LTdlOWItNDRjNy1hNTBhLWEwNDQxYjM3ZjAyMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmBg9AEDANBgkqhkiG9w0BAQsFAAOCAQEAwgZgpyRBLHC34QBhoC+pcKOp
VULtVrxcPHSIklrhxxWxDuiBn0TwQyeqrtAnHeRNnyGua//03pm/LzvU/A4J8nzc
A+VdSraOPXxF26SMtb/siVowO4fB6Lz3XvhgPKFJ+n8Lc8m9zD4BxocAFsBsgaVM
HwGzk7SRW60F2vXUZxXWfmkZonh2UeptScRxTftbrMTxeMLCB3evF/bckYDwjT9H
f1xR2RATqmzWIQxNBBiAVwTQCdpqd4syWI9Oo8XVdOQsbclTbnztkOUPbwiiN9XN
xlCD9a717QSm62RS3SWxDAibGOkeVmFpFvPaaPzFNBBGwgKbdbqe/JbDrHJMvw==
-----END CERTIFICATE-----