Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/065cf5b5-b079-4d2c-84e1-8b31330331bb.roa
File:                     065cf5b5-b079-4d2c-84e1-8b31330331bb.roa (raw, json)
Hash identifier:          hGvbUk+smRhQaK1FWhl0tt4VITUqu9A3//565eeqi4w=
Subject key identifier:   49:06:8C:49:F9:7C:D3:39:B5:71:A0:39:55:80:56:D0:4D:3D:8B:50
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2E2315643C6B1A48E1C64159B5132A7C61A20CC5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/065cf5b5-b079-4d2c-84e1-8b31330331bb.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f2d:4000::/36 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:23:15:64:3c:6b:1a:48:e1:c6:41:59:b5:13:2a:7c:61:a2:0c:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=ad5b2cff866262ab0d7a2642cb9da7c27b56e75bd647a5940e82ea87a6095a76, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6d:aa:cf:a7:0c:f1:82:dc:78:26:54:f1:73:
                    df:09:b5:fd:1d:c6:da:9f:6b:23:82:32:26:e8:d6:
                    20:67:a7:f7:29:98:b1:81:dd:8a:a5:5b:f7:72:4c:
                    6d:cd:8f:e6:84:d8:f1:b9:7e:76:e5:47:2c:11:87:
                    bd:59:be:5f:bc:18:cf:5b:cc:c3:bc:da:c8:f8:36:
                    03:8b:48:75:1a:c3:a8:40:00:95:36:ec:35:cf:bc:
                    f8:a6:e6:0e:9d:10:e8:76:88:42:58:0e:2d:41:79:
                    d7:29:bf:80:56:7b:ca:98:74:d8:ed:04:98:95:6d:
                    a7:13:4d:5e:d5:d8:94:5b:ae:75:18:f6:f0:54:ae:
                    b3:72:9c:2c:a4:e2:06:6a:17:f7:2f:59:2b:c5:7b:
                    f1:70:f7:81:f2:83:3b:e2:60:c7:9a:55:fd:3c:01:
                    42:20:5f:5b:a4:04:5e:99:99:a1:88:21:f2:25:16:
                    66:18:cb:3f:2d:f8:3e:ff:1d:45:fb:d9:6a:e1:57:
                    2a:8c:d2:83:1f:de:af:d2:07:b7:8a:81:a0:4a:dd:
                    da:9b:0d:85:71:db:c6:47:ff:10:10:dd:d1:9b:7e:
                    2f:45:da:94:60:df:dd:0b:75:32:c8:6a:87:d0:6e:
                    ec:e8:22:77:9c:dd:a3:40:dd:c8:4d:2d:f1:7b:bd:
                    49:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:06:8C:49:F9:7C:D3:39:B5:71:A0:39:55:80:56:D0:4D:3D:8B:50
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/065cf5b5-b079-4d2c-84e1-8b31330331bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f2d:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         58:ea:8f:97:eb:41:d0:8c:45:dd:39:b5:d1:ec:43:f6:b9:6e:
         16:ef:69:1e:81:18:43:24:d5:06:ac:fd:2e:66:c9:43:e1:d5:
         06:c7:e5:73:ee:8a:fa:7c:0c:a3:2c:93:f2:7d:fc:2e:49:e5:
         d6:f3:5e:ec:9e:06:de:33:6e:37:02:c1:23:cc:43:f3:56:75:
         d2:0e:3b:62:d1:fc:33:59:c2:b0:db:6b:a8:86:d1:46:fa:84:
         a3:db:2e:e3:d7:f1:e3:d4:c0:0d:7b:d8:85:66:df:1d:1a:81:
         9e:c6:f8:81:3b:95:01:77:d3:aa:2d:00:42:36:ec:b3:20:04:
         cd:92:a0:3b:6d:84:ed:c3:d2:1f:65:ee:16:12:63:a7:ca:fb:
         dc:c9:df:3e:54:86:d2:78:2e:e9:d4:da:85:5a:87:2c:35:03:
         93:b4:49:41:d8:d5:df:63:b2:19:3c:60:ba:42:d7:d1:06:b2:
         0b:63:5e:f8:46:ce:f0:19:1c:9d:b4:e0:4e:1c:aa:10:0f:bf:
         1f:05:28:55:db:56:91:6a:f1:f8:68:ed:22:71:a2:45:83:a5:
         33:41:67:b3:fc:39:19:0a:f1:7d:81:13:65:28:d3:6d:ea:c0:
         48:b9:af:e0:b6:14:e4:24:5d:26:eb:ef:7e:d6:02:ff:d9:99:
         4a:ef:b1:13
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIULiMVZDxrGkjhxkFZtRMqfGGiDMUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZDViMmNmZjg2NjI2MmFiMGQ3YTI2NDJjYjlkYTdjMjdi
NTZlNzViZDY0N2E1OTQwZTgyZWE4N2E2MDk1YTc2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSbarPpwzxgtx4JlTxc98Jtf0dxtqfayOCMibo1iBnp/cp
mLGB3YqlW/dyTG3Nj+aE2PG5fnblRywRh71Zvl+8GM9bzMO82sj4NgOLSHUaw6hA
AJU27DXPvPim5g6dEOh2iEJYDi1Bedcpv4BWe8qYdNjtBJiVbacTTV7V2JRbrnUY
9vBUrrNynCyk4gZqF/cvWSvFe/Fw94HygzviYMeaVf08AUIgX1ukBF6ZmaGIIfIl
FmYYyz8t+D7/HUX72WrhVyqM0oMf3q/SB7eKgaBK3dqbDYVx28ZH/xAQ3dGbfi9F
2pRg390LdTLIaofQbuzoInec3aNA3chNLfF7vUk7AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUSQaMSfl80zm1caA5VYBW0E09i1AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA2NWNmNWI1LWIwNzktNGQyYy04NGUxLThiMzEzMzAzMzFiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8tQDANBgkqhkiG9w0BAQsFAAOCAQEAWOqPl+tB0IxF3Tm10exD9rlu
Fu9pHoEYQyTVBqz9LmbJQ+HVBsflc+6K+nwMoyyT8n38Lknl1vNe7J4G3jNuNwLB
I8xD81Z10g47YtH8M1nCsNtrqIbRRvqEo9su49fx49TADXvYhWbfHRqBnsb4gTuV
AXfTqi0AQjbssyAEzZKgO22E7cPSH2XuFhJjp8r73MnfPlSG0ngu6dTahVqHLDUD
k7RJQdjV32OyGTxgukLX0QayC2Ne+EbO8BkcnbTgThyqEA+/HwUoVdtWkWrx+Gjt
InGiRYOlM0Fns/w5GQrxfYETZSjTberASLmv4LYU5CRdJuvvftYC/9mZSu+xEw==
-----END CERTIFICATE-----