Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/ca3b7905-fc3e-488b-9f36-5fa382bf07c6.roa
File:                     ca3b7905-fc3e-488b-9f36-5fa382bf07c6.roa (raw, json)
Hash identifier:          XTvhZtvrlI7I6tJKIGSYnOcIolya88yj7HgWcJafcqM=
Subject key identifier:   7B:AF:89:E8:D7:AA:B2:2A:B5:95:E3:1F:B9:51:D8:C2:07:70:E4:FA
Certificate issuer:       /CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
Certificate serial:       6D3BA42D5A68C41EC6734C1A36DF25D87FD1E9A9
Authority key identifier: 1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/ca3b7905-fc3e-488b-9f36-5fa382bf07c6.roa
Signing time:             Tue 31 Dec 2024 00:00:00 +0000
ROA not before:           Tue 31 Dec 2024 00:00:00 +0000
ROA not after:            Tue 04 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2606:f40:fffd::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:3b:a4:2d:5a:68:c4:1e:c6:73:4c:1a:36:df:25:d8:7f:d1:e9:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2
        Validity
            Not Before: Dec 31 00:00:00 2024 GMT
            Not After : Feb  4 23:59:59 2025 GMT
        Subject: serialNumber=3d30090e7d18d9227087f928403bee1662a41d9c4004638ed4f23872afb4f9f1, CN=8f95e4d1-f14f-4d61-ae00-67e047d2f102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:1a:89:1e:e4:a9:1b:c0:51:73:9f:b0:4f:3f:
                    4f:6c:71:94:f9:7c:fb:d1:f2:13:e5:35:4b:e5:dc:
                    28:15:05:25:e6:a7:ba:c3:f6:e2:0f:3b:c9:87:35:
                    10:d6:7e:98:37:80:64:c2:ff:8f:89:6c:21:64:18:
                    0d:46:46:44:63:36:1d:69:1b:36:a9:a2:27:d7:46:
                    db:4a:b5:0d:aa:12:50:46:c7:9b:3a:55:38:41:e1:
                    b0:42:eb:a4:54:e3:ac:0a:05:5b:bf:fa:d0:17:7a:
                    a1:94:d7:6e:da:50:58:af:11:51:aa:42:6e:8f:05:
                    d4:ce:72:9e:02:59:62:c5:9e:cb:4b:e7:5e:a3:52:
                    d3:ef:83:c0:d7:85:c7:4a:78:0b:c0:96:d4:0c:1b:
                    45:3e:6f:2b:be:90:81:f4:c5:b9:10:90:b2:3b:59:
                    3b:33:3d:5f:32:f4:80:3c:57:32:18:b7:45:38:3d:
                    c7:bc:98:db:b1:6c:f9:a7:79:45:0a:ca:9f:be:4a:
                    c7:3d:27:48:a8:15:f3:29:e2:de:fc:c4:9f:48:24:
                    27:56:ea:f6:ad:e6:38:82:7d:de:73:69:ce:2c:05:
                    fb:b5:91:80:34:1c:9f:0a:f3:08:14:49:f7:f4:92:
                    38:13:23:3f:4c:05:2f:09:25:8c:72:f5:3d:8a:17:
                    5b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:AF:89:E8:D7:AA:B2:2A:B5:95:E3:1F:B9:51:D8:C2:07:70:E4:FA
            X509v3 Authority Key Identifier:
                keyid:1E:5F:2D:62:F8:5A:D2:84:D4:D1:89:25:6B:88:69:E8:E9:11:28:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/76fe11d4-d352-4994-8f6c-d6c91b0b8415/0a3db4ff-9cd8-4d02-a027-6fa90494a3a1/c167a8b3a01f06717d2af62e3809072084c3af8f48948e40e2.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/ca3b7905-fc3e-488b-9f36-5fa382bf07c6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/2f059a21-d41b-4846-b7ae-7ea38c32fd4c/HwZxfSr2LjgJByCEw6-PSJSOQOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2606:f40:fffd::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:6f:65:b8:31:85:86:9e:8e:82:2a:66:57:3b:d9:e8:2d:63:
         1a:b7:29:6b:d8:ad:42:1c:75:72:a0:48:b3:49:e5:ed:e1:21:
         31:91:45:5b:e8:92:eb:99:99:56:b7:67:c1:bf:ef:87:7d:eb:
         ff:e7:ce:9c:89:d4:a9:59:f4:e3:3c:f7:73:48:38:c8:af:87:
         0f:5b:65:03:29:af:70:36:66:8f:59:b3:12:2a:23:f7:14:85:
         11:53:3f:df:59:65:f7:81:37:09:ad:fe:ea:2f:b2:14:a8:b1:
         76:25:71:14:4d:60:8b:95:12:e6:c7:e6:3d:28:6e:bf:e6:cd:
         a7:f9:08:aa:c0:6f:c2:85:e7:07:e2:c4:e7:62:b1:7d:1e:2a:
         5c:79:72:5a:00:0e:19:0e:f2:03:5a:b0:a2:7e:cd:14:47:74:
         ee:62:1a:ca:bf:51:c3:fb:e8:c0:0a:9b:7a:24:22:02:be:66:
         8e:8e:94:fe:3e:b3:14:0a:59:07:26:b8:0a:4b:89:f2:ef:c9:
         26:55:5a:55:3d:d1:02:36:f4:05:5e:ad:31:d1:af:b2:45:3c:
         78:76:5e:19:07:5c:c0:a7:c0:a9:12:a9:8f:ed:76:02:6c:fe:
         32:56:b8:ed:04:5b:e5:ff:84:d1:2b:58:83:04:8b:df:d0:76:
         c0:f2:50:b9
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUbTukLVpoxB7Gc0waNt8l2H/R6akwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYzE2N2E4YjNhMDFmMDY3MTdkMmFmNjJlMzgwOTA3MjA4
NGMzYWY4ZjQ4OTQ4ZTQwZTIwHhcNMjQxMjMxMDAwMDAwWhcNMjUwMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZDMwMDkwZTdkMThkOTIyNzA4N2Y5Mjg0MDNiZWUxNjYy
YTQxZDljNDAwNDYzOGVkNGYyMzg3MmFmYjRmOWYxMS0wKwYDVQQDEyQ4Zjk1ZTRk
MS1mMTRmLTRkNjEtYWUwMC02N2UwNDdkMmYxMDIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8Goke5KkbwFFzn7BPP09scZT5fPvR8hPlNUvl3CgVBSXm
p7rD9uIPO8mHNRDWfpg3gGTC/4+JbCFkGA1GRkRjNh1pGzapoifXRttKtQ2qElBG
x5s6VThB4bBC66RU46wKBVu/+tAXeqGU127aUFivEVGqQm6PBdTOcp4CWWLFnstL
516jUtPvg8DXhcdKeAvAltQMG0U+byu+kIH0xbkQkLI7WTszPV8y9IA8VzIYt0U4
Pce8mNuxbPmneUUKyp++Ssc9J0ioFfMp4t78xJ9IJCdW6vat5jiCfd5zac4sBfu1
kYA0HJ8K8wgUSff0kjgTIz9MBS8JJYxy9T2KF1uxAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUe6+J6Neqsiq1leMfuVHYwgdw5PowHwYDVR0jBBgwFoAUHl8tYvha0oTU
0Ykla4hp6OkRKDgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
Lzc2ZmUxMWQ0LWQzNTItNDk5NC04ZjZjLWQ2YzkxYjBiODQxNS8wYTNkYjRmZi05
Y2Q4LTRkMDItYTAyNy02ZmE5MDQ5NGEzYTEvYzE2N2E4YjNhMDFmMDY3MTdkMmFm
NjJlMzgwOTA3MjA4NGMzYWY4ZjQ4OTQ4ZTQwZTIuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMmYwNTlhMjEtZDQxYi00ODQ2LWI3YWUtN2Vh
MzhjMzJmZDRjL2NhM2I3OTA1LWZjM2UtNDg4Yi05ZjM2LTVmYTM4MmJmMDdjNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzJmMDU5YTIxLWQ0MWItNDg0Ni1iN2Fl
LTdlYTM4YzMyZmQ0Yy9Id1p4ZlNyMkxqZ0pCeUNFdzYtUFNKU09RT0kuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBg9A//0wDQYJKoZIhvcNAQELBQADggEBAE9vZbgxhYaejoIqZlc72egt
Yxq3KWvYrUIcdXKgSLNJ5e3hITGRRVvokuuZmVa3Z8G/74d96//nzpyJ1KlZ9OM8
93NIOMivhw9bZQMpr3A2Zo9ZsxIqI/cUhRFTP99ZZfeBNwmt/uovshSosXYlcRRN
YIuVEubH5j0obr/mzaf5CKrAb8KF5wfixOdisX0eKlx5cloADhkO8gNasKJ+zRRH
dO5iGsq/UcP76MAKm3okIgK+Zo6OlP4+sxQKWQcmuApLifLvySZVWlU90QI29AVe
rTHRr7JFPHh2XhkHXMCnwKkSqY/tdgJs/jJWuO0EW+X/hNErWIMEi9/QdsDyULk=
-----END CERTIFICATE-----