Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d0609614-d82d-46c7-9a5b-5d1f4c7a3c97.roa
File:                     d0609614-d82d-46c7-9a5b-5d1f4c7a3c97.roa (raw, json)
Hash identifier:          p9HVD70GbU0wBgtJU00AMwEkP1RwdYYfAu5I2O1LTdg=
Subject key identifier:   B4:87:AE:07:06:55:62:A9:C0:FB:68:B5:89:70:80:2C:8E:9D:CE:FA
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       25CB295551BB195739A558C033EAEDFEAF42EDE5
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d0609614-d82d-46c7-9a5b-5d1f4c7a3c97.roa
Signing time:             Mon 06 Jan 2025 00:00:00 +0000
ROA not before:           Mon 06 Jan 2025 00:00:00 +0000
ROA not after:            Mon 10 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0f3:ce00::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:cb:29:55:51:bb:19:57:39:a5:58:c0:33:ea:ed:fe:af:42:ed:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  6 00:00:00 2025 GMT
            Not After : Feb 10 23:59:59 2025 GMT
        Subject: CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6c:3b:c2:7b:d5:3d:22:c5:5c:90:f2:25:b1:
                    e9:54:32:b3:13:16:83:56:d9:75:b4:bc:c7:7e:d0:
                    80:17:4b:db:e4:c2:3f:28:0b:e7:1c:54:95:2d:f4:
                    97:1c:b4:91:50:95:69:ef:96:88:e6:26:e9:5a:c0:
                    93:b8:7c:23:53:e4:29:e6:e2:d0:b7:34:ca:d8:72:
                    34:d9:db:8b:9a:3f:6c:16:38:6b:d9:96:39:00:a4:
                    ab:1e:eb:a7:32:18:ad:27:d5:24:5e:33:e1:f3:90:
                    51:de:40:49:c3:b8:11:2d:95:78:30:14:11:74:d3:
                    b7:a4:ef:1f:f9:95:56:90:6f:fe:9b:0c:fd:31:9d:
                    71:7c:31:87:16:c8:54:32:0e:ef:8f:fb:51:1d:80:
                    61:47:b9:ff:10:20:e1:b8:79:11:07:ea:98:fc:6e:
                    e6:25:a9:86:18:d6:e4:e2:ee:f8:bd:1a:bb:75:49:
                    7a:ae:7c:76:e3:39:2d:a2:b9:c1:b0:4c:4e:bd:cd:
                    04:6e:9c:55:9d:d9:db:99:5d:39:ed:7e:90:e8:8f:
                    72:ea:38:82:72:61:fe:46:70:ed:c2:f2:65:26:c1:
                    64:d3:5e:33:8a:84:26:de:84:ab:ca:43:6b:d8:ee:
                    8b:66:68:89:86:fa:26:44:7a:fb:4e:a9:0c:98:c1:
                    c7:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:87:AE:07:06:55:62:A9:C0:FB:68:B5:89:70:80:2C:8E:9D:CE:FA
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/d0609614-d82d-46c7-9a5b-5d1f4c7a3c97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0f3:ce00::/40

    Signature Algorithm: sha256WithRSAEncryption
         9c:c2:68:84:53:9a:cf:19:f4:94:c3:f9:c1:a0:3d:bb:c7:92:
         53:6f:53:2a:4d:34:65:ea:2a:63:3d:2c:77:d6:21:5c:cb:af:
         86:41:19:ec:61:88:a9:d1:2b:36:04:a4:fe:c9:16:f9:59:95:
         2a:95:69:41:60:5c:20:54:05:76:2d:e6:b6:b1:b5:cd:c9:0e:
         69:74:46:b2:4d:20:9f:ed:bf:b3:2e:ff:c3:9b:09:09:12:3a:
         c7:e2:57:68:65:b8:57:be:fc:13:6c:5b:4a:97:12:2f:b1:cd:
         69:99:9f:00:6b:18:35:9f:c5:43:69:d3:08:57:b5:ca:0b:54:
         06:ab:9b:7b:bd:14:cf:b2:07:bd:c1:b2:de:58:9e:ac:05:3c:
         28:51:7e:54:a8:26:31:ce:c7:6d:1e:21:5c:6d:fa:10:55:11:
         af:e8:8b:bd:87:6c:10:30:f4:a1:3f:e7:ac:e0:b6:02:0a:9a:
         c6:6f:3e:2d:39:13:82:ed:b0:82:cd:29:af:02:7e:94:7a:6e:
         db:88:ac:c6:c9:42:ad:a7:f2:8e:2d:64:da:70:0f:99:15:2e:
         da:be:e4:3f:66:c3:e1:77:67:5f:15:e5:b8:5f:ca:f5:29:70:
         73:c4:7a:85:32:77:11:74:f5:b6:73:f5:f1:f6:f3:d9:ab:54:
         08:01:5f:ef
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJcspVVG7GVc5pVjAM+rt/q9C7eUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTA2MDAwMDAwWhcNMjUwMjEwMjM1OTU5
WjB6MUkwRwYDVQQFE0AyOWYyMDQxOGM2YjhiODQ3ZDA2Yjg5MzVhMzRhNDlkZDMz
ZGQyMjY3NDVlN2M3ZjEzMWQ0NGI5OTYzMTk3NmNmMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC2bDvCe9U9IsVckPIlselUMrMTFoNW2XW0vMd+0IAXS9vk
wj8oC+ccVJUt9JcctJFQlWnvlojmJulawJO4fCNT5Cnm4tC3NMrYcjTZ24uaP2wW
OGvZljkApKse66cyGK0n1SReM+HzkFHeQEnDuBEtlXgwFBF007ek7x/5lVaQb/6b
DP0xnXF8MYcWyFQyDu+P+1EdgGFHuf8QIOG4eREH6pj8buYlqYYY1uTi7vi9Grt1
SXqufHbjOS2iucGwTE69zQRunFWd2duZXTntfpDoj3LqOIJyYf5GcO3C8mUmwWTT
XjOKhCbehKvKQ2vY7otmaImG+iZEevtOqQyYwceZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUtIeuBwZVYqnA+2i1iXCALI6dzvowHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2QwNjA5NjE0LWQ4MmQtNDZjNy05YTViLTVkMWY0YzdhM2M5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPDzzjANBgkqhkiG9w0BAQsFAAOCAQEAnMJohFOazxn0lMP5waA9u8eS
U29TKk00ZeoqYz0sd9YhXMuvhkEZ7GGIqdErNgSk/skW+VmVKpVpQWBcIFQFdi3m
trG1zckOaXRGsk0gn+2/sy7/w5sJCRI6x+JXaGW4V778E2xbSpcSL7HNaZmfAGsY
NZ/FQ2nTCFe1ygtUBqube70Uz7IHvcGy3lierAU8KFF+VKgmMc7HbR4hXG36EFUR
r+iLvYdsEDD0oT/nrOC2Agqaxm8+LTkTgu2wgs0prwJ+lHpu24isxslCrafyji1k
2nAPmRUu2r7kP2bD4XdnXxXluF/K9Slwc8R6hTJ3EXT1tnP18fbz2atUCAFf7w==
-----END CERTIFICATE-----