Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7fdbaccf-5a12-463f-a5ed-d3d9cfc795fe.roa
File:                     7fdbaccf-5a12-463f-a5ed-d3d9cfc795fe.roa (raw, json)
Hash identifier:          yO+deSte2cHMNfAb5WGppdzwkAxaTvItM8v9jlvhxM8=
Subject key identifier:   8C:5A:B1:2B:7D:B5:E3:6A:4F:EF:42:A9:E6:F8:9F:18:45:2A:1D:36
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       1FBC0A387BC47A0F81028D897B7442C20BF8C590
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7fdbaccf-5a12-463f-a5ed-d3d9cfc795fe.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f2:100::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:bc:0a:38:7b:c4:7a:0f:81:02:8d:89:7b:74:42:c2:0b:f8:c5:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:8c:ca:cb:7d:0a:db:7b:ac:a6:4f:13:84:0d:
                    5e:45:75:0f:b9:ac:e3:96:aa:06:67:34:fb:88:6a:
                    36:4b:6b:28:97:66:73:62:e4:68:ba:ad:dd:37:2a:
                    a8:1c:4a:82:b6:d7:97:2c:81:6f:51:bb:6d:13:ce:
                    10:76:cb:16:6f:29:04:a4:ec:ea:94:c4:cd:61:6b:
                    57:36:d4:48:84:f3:4d:10:73:11:13:b5:ba:17:ab:
                    0f:12:b6:7e:4a:17:7b:1e:59:45:bc:57:bf:3e:20:
                    d8:11:79:fe:94:38:a6:e9:4a:3a:53:33:31:95:e8:
                    7f:64:c6:8f:c4:c4:25:04:e9:4e:8c:05:63:79:72:
                    99:5c:6c:e4:06:a3:fa:76:ef:6b:4b:2e:ed:e1:47:
                    a3:db:99:4d:51:79:1e:38:f0:83:2f:10:a5:e0:85:
                    c1:97:c6:e1:ee:69:ab:5f:17:73:10:35:8c:1f:76:
                    4f:9e:c9:08:63:f5:ba:87:ff:7f:04:70:4c:d9:cc:
                    71:cd:c4:de:94:79:58:8b:d4:05:72:51:13:92:f4:
                    a1:f8:f1:9b:73:7d:6f:da:78:c4:65:6d:62:6d:22:
                    99:e3:41:86:09:c3:b1:dd:91:0d:ee:00:bd:cc:63:
                    93:34:02:61:38:06:a8:03:47:1d:d5:ee:ee:71:80:
                    ab:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:5A:B1:2B:7D:B5:E3:6A:4F:EF:42:A9:E6:F8:9F:18:45:2A:1D:36
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/7fdbaccf-5a12-463f-a5ed-d3d9cfc795fe.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f2:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:64:62:e3:65:9c:d4:ae:9c:50:40:76:2b:37:9d:7d:46:29:
         de:f8:4c:cf:80:e3:f5:b1:26:ed:97:48:72:13:0b:c3:41:1e:
         7e:f6:d2:be:a2:53:6f:2f:96:ba:26:b6:be:4f:df:24:e1:dc:
         7b:6f:8a:54:a1:ac:c5:6b:f9:b9:00:ff:9d:5c:c2:87:1b:07:
         13:d6:d5:3f:4a:a8:3e:6b:f2:cc:d2:50:f6:f0:02:fc:3a:cb:
         63:89:c5:f4:2c:6e:b7:de:54:89:3b:e4:4e:e0:a7:0b:8c:a8:
         04:c6:b9:85:12:81:41:96:80:8b:2e:a0:7e:1e:b2:43:e8:77:
         1b:12:45:b2:f1:f1:c6:ac:72:28:c4:f1:61:53:2e:8a:de:94:
         27:bd:7e:f2:47:22:fa:6c:9a:f3:f1:53:31:b4:7b:a9:d3:a6:
         78:e9:6c:0c:2e:36:77:5f:91:8c:9a:63:bd:39:7d:01:14:62:
         e5:10:83:88:35:45:82:34:09:7a:04:dc:8f:48:c4:f3:37:7b:
         41:cb:14:e4:e9:20:c8:da:a7:d0:48:79:3e:57:1e:39:39:f8:
         e3:e0:c7:27:3e:5c:b1:a8:7e:ac:bc:58:d5:f8:b8:1a:5e:50:
         9a:98:21:6e:7a:4d:6f:87:98:23:46:40:1b:44:72:e2:cb:ae:
         62:83:ac:8a
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUH7wKOHvEeg+BAo2Je3RCwgv4xZAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2Q4ZWM1NTc4ODkxNjU3ZmE0ZjBiMDcwZDNkOWFkN2E2
YjIyOTlkMzE1ZWY2NWZmNmU0NWE3ZmE1OGNjOGFmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0jMrLfQrbe6ymTxOEDV5FdQ+5rOOWqgZnNPuIajZLayiX
ZnNi5Gi6rd03KqgcSoK215csgW9Ru20TzhB2yxZvKQSk7OqUxM1ha1c21EiE800Q
cxETtboXqw8Stn5KF3seWUW8V78+INgRef6UOKbpSjpTMzGV6H9kxo/ExCUE6U6M
BWN5cplcbOQGo/p272tLLu3hR6PbmU1ReR448IMvEKXghcGXxuHuaatfF3MQNYwf
dk+eyQhj9bqH/38EcEzZzHHNxN6UeViL1AVyUROS9KH48ZtzfW/aeMRlbWJtIpnj
QYYJw7HdkQ3uAL3MY5M0AmE4BqgDRx3V7u5xgKunAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUjFqxK32142pP70Kp5vifGEUqHTYwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzdmZGJhY2NmLTVhMTItNDYzZi1hNWVkLWQzZDljZmM3OTVmZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDyATANBgkqhkiG9w0BAQsFAAOCAQEAf2Ri42Wc1K6cUEB2KzedfUYp
3vhMz4Dj9bEm7ZdIchMLw0EefvbSvqJTby+Wuia2vk/fJOHce2+KVKGsxWv5uQD/
nVzChxsHE9bVP0qoPmvyzNJQ9vAC/DrLY4nF9Cxut95UiTvkTuCnC4yoBMa5hRKB
QZaAiy6gfh6yQ+h3GxJFsvHxxqxyKMTxYVMuit6UJ71+8kci+mya8/FTMbR7qdOm
eOlsDC42d1+RjJpjvTl9ARRi5RCDiDVFgjQJegTcj0jE8zd7QcsU5OkgyNqn0Eh5
PlceOTn44+DHJz5csah+rLxY1fi4Gl5QmpghbnpNb4eYI0ZAG0Ry4suuYoOsig==
-----END CERTIFICATE-----