Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/595ebfb9-e548-4d3e-9fa8-016973527359.roa
File:                     595ebfb9-e548-4d3e-9fa8-016973527359.roa (raw, json)
Hash identifier:          xMpQId127aDGt0mDU5EQtOhoSf50SqjpuwKW6LsvLuk=
Subject key identifier:   7E:FF:CF:2F:B8:82:0A:DB:69:02:29:93:FF:1D:FE:BF:C0:B6:C4:FC
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       37E96790C956A3F86F38A42A0C9A6EECD26DF795
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/595ebfb9-e548-4d3e-9fa8-016973527359.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f0:8000::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:e9:67:90:c9:56:a3:f8:6f:38:a4:2a:0c:9a:6e:ec:d2:6d:f7:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ad:4e:76:58:44:60:6b:db:5e:bd:b3:ad:d8:
                    a2:47:a8:df:81:35:6b:e7:10:84:2a:00:80:79:56:
                    4e:45:2a:ef:d7:d1:6a:2c:1b:56:53:58:07:c9:11:
                    8f:3d:fc:a4:c6:7e:b3:3b:25:d0:e4:c7:6f:36:2f:
                    b3:4f:55:7d:0c:f5:da:07:59:cd:f9:3f:b3:4c:5d:
                    a6:19:a3:99:31:cf:8a:57:2e:56:dc:d2:fc:24:de:
                    e0:34:a8:ae:10:c4:34:36:5a:8a:fb:c6:91:ea:9b:
                    81:cb:10:0b:08:b4:54:80:00:47:a6:8b:67:86:55:
                    46:b1:51:2c:f2:15:54:f2:a0:dc:2a:ee:22:8e:8f:
                    f1:94:38:37:d4:2d:b2:00:b0:9f:94:11:a0:72:1b:
                    5d:36:65:af:ba:9d:6a:ab:99:00:c0:6e:a8:46:3a:
                    c4:f9:ff:5a:ce:46:25:1d:e4:7d:38:b2:fe:e3:f1:
                    a1:38:39:4d:00:e8:6f:8d:4b:7d:f1:0f:14:1d:09:
                    4e:9c:ed:ac:fa:a5:dd:c0:f9:7c:c9:ee:86:2f:3e:
                    06:8c:d1:59:3e:8a:84:70:dd:5b:22:05:82:86:42:
                    11:2d:36:1e:3e:98:54:b7:88:08:0d:4c:bf:ea:6d:
                    09:3c:25:cf:6f:f8:af:3e:46:9e:4a:f8:23:7c:7f:
                    0d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:FF:CF:2F:B8:82:0A:DB:69:02:29:93:FF:1D:FE:BF:C0:B6:C4:FC
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/595ebfb9-e548-4d3e-9fa8-016973527359.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f0:8000::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:08:eb:67:ba:5f:30:33:d7:62:5d:71:d3:a6:24:f2:f4:bb:
         18:3b:75:bc:10:ea:95:59:bd:cf:33:a7:a0:8a:08:78:67:84:
         2d:ea:79:b4:b1:1a:1f:77:aa:e3:51:51:1e:97:83:66:64:fe:
         26:4e:6b:06:66:10:99:05:4d:c5:f2:a9:d7:cf:61:d5:54:4f:
         4f:c4:c6:04:42:6f:2b:cb:aa:65:26:f2:e8:2d:10:90:76:89:
         7a:02:9a:ec:03:b2:62:dc:bc:1c:0a:26:96:cf:85:e5:5b:2e:
         5c:6d:85:15:d2:4a:f2:21:8b:c5:e0:a2:d5:b5:4c:48:f7:1f:
         47:fb:49:cd:f1:3c:9a:e3:c8:69:7e:0b:db:79:ca:5a:d3:aa:
         10:0a:38:d8:ae:a8:5b:d4:1d:e0:13:00:3a:df:ad:6a:95:d0:
         31:3d:29:e0:32:0d:80:9e:91:3d:4f:f7:c0:df:e7:03:f7:22:
         ec:d7:2f:b0:fc:19:c6:4c:5b:ba:d3:51:ea:21:97:9e:b2:cc:
         21:c9:8d:34:16:57:1a:06:73:77:fa:73:4b:1e:79:4e:bd:5d:
         bf:15:94:b6:b8:fd:32:d5:30:b3:8b:c4:80:14:8e:b4:c5:16:
         47:0e:52:b5:aa:ac:fe:67:5d:bb:df:d9:0b:8d:b6:cd:74:4d:
         7d:a4:e0:cf
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUN+lnkMlWo/hvOKQqDJpu7NJt95UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlNGUxYmFhOTA3ZjI1YWJlNTk4ZjU5NjM5M2U0Mjg5NDY2
MGU0MzdkMDE3YjZlY2I2NTNmYmUyZmZmOWQ3MjgzMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbrU52WERga9tevbOt2KJHqN+BNWvnEIQqAIB5Vk5FKu/X
0WosG1ZTWAfJEY89/KTGfrM7JdDkx282L7NPVX0M9doHWc35P7NMXaYZo5kxz4pX
Llbc0vwk3uA0qK4QxDQ2Wor7xpHqm4HLEAsItFSAAEemi2eGVUaxUSzyFVTyoNwq
7iKOj/GUODfULbIAsJ+UEaByG102Za+6nWqrmQDAbqhGOsT5/1rORiUd5H04sv7j
8aE4OU0A6G+NS33xDxQdCU6c7az6pd3A+XzJ7oYvPgaM0Vk+ioRw3VsiBYKGQhEt
Nh4+mFS3iAgNTL/qbQk8Jc9v+K8+Rp5K+CN8fw1LAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUfv/PL7iCCttpAimT/x3+v8C2xPwwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzU5NWViZmI5LWU1NDgtNGQzZS05ZmE4LTAxNjk3MzUyNzM1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAPDwgAAwDQYJKoZIhvcNAQELBQADggEBABUI62e6XzAz12JdcdOmJPL0
uxg7dbwQ6pVZvc8zp6CKCHhnhC3qebSxGh93quNRUR6Xg2Zk/iZOawZmEJkFTcXy
qdfPYdVUT0/ExgRCbyvLqmUm8ugtEJB2iXoCmuwDsmLcvBwKJpbPheVbLlxthRXS
SvIhi8XgotW1TEj3H0f7Sc3xPJrjyGl+C9t5ylrTqhAKONiuqFvUHeATADrfrWqV
0DE9KeAyDYCekT1P98Df5wP3IuzXL7D8GcZMW7rTUeohl56yzCHJjTQWVxoGc3f6
c0seeU69Xb8VlLa4/TLVMLOLxIAUjrTFFkcOUrWqrP5nXbvf2QuNts10TX2k4M8=
-----END CERTIFICATE-----