Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aba4921-276c-4452-94a5-fd4c11b5b287.roa
File:                     0aba4921-276c-4452-94a5-fd4c11b5b287.roa (raw, json)
Hash identifier:          xmgnFfL0Oo9y1kuDSD4H5HMWoOiK0bzhG7eCPK3bDBs=
Subject key identifier:   60:F8:11:2C:E9:D1:37:14:D5:61:A0:5B:D1:D8:27:37:0D:0D:38:2E
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2ADE36A923B7761F4D82A7635A6A634B45D74453
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aba4921-276c-4452-94a5-fd4c11b5b287.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f36:3400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:de:36:a9:23:b7:76:1f:4d:82:a7:63:5a:6a:63:4b:45:d7:44:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:77:72:b3:dc:eb:5c:2a:5f:d4:55:b0:5a:f9:
                    82:da:1e:f7:e3:14:b8:b6:61:de:af:a2:62:dc:25:
                    70:06:e6:84:31:7f:ee:a0:62:e8:7f:f5:4e:90:15:
                    6f:68:cb:57:96:98:03:fe:95:39:97:f3:be:70:8c:
                    0d:ae:f4:6d:93:bb:07:20:46:40:d5:67:06:d9:4f:
                    fb:ea:eb:ee:65:63:15:f5:35:2a:56:fc:2e:0f:6f:
                    49:d8:fe:6d:ba:77:14:8a:2f:02:fe:df:7e:53:7a:
                    ae:35:0a:0a:98:fa:c2:aa:68:b3:a6:88:ad:0d:02:
                    39:c0:3a:50:73:29:dc:86:c5:47:93:6d:f6:9e:5f:
                    5c:5b:2f:4f:73:b8:04:c2:a5:e0:88:1a:40:a8:10:
                    58:2c:dc:88:07:c0:00:2e:43:18:4d:ac:c7:ed:74:
                    84:76:74:c8:57:48:27:6c:62:0d:2f:06:39:89:0a:
                    19:d5:2b:22:de:4e:ad:6d:8a:9b:78:96:02:1b:6e:
                    69:e0:0d:15:e7:14:b8:e1:b6:1b:80:49:c8:25:c6:
                    9d:a2:5b:eb:66:2b:b9:ee:d3:6a:55:8e:ce:4b:83:
                    5c:b3:cf:f8:55:b5:c2:95:00:d0:c3:a4:48:eb:a7:
                    1d:09:88:7e:4a:b5:09:65:86:a3:b7:6c:4e:08:11:
                    31:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F8:11:2C:E9:D1:37:14:D5:61:A0:5B:D1:D8:27:37:0D:0D:38:2E
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0aba4921-276c-4452-94a5-fd4c11b5b287.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f36:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         44:1c:a1:fe:a1:3f:90:2a:c2:86:fd:d8:2e:62:34:de:a3:2f:
         b0:b0:2c:ec:e7:9b:12:43:72:5d:40:60:91:d7:62:a2:79:47:
         71:ab:89:65:77:2e:7f:f4:f7:78:6e:ca:83:ea:1d:ca:9e:8b:
         49:a2:25:29:c7:ac:d8:1e:fd:58:c4:4d:cb:27:40:07:a9:bf:
         a4:bb:c8:69:cf:2d:90:cf:a9:86:87:86:52:26:0c:c2:53:21:
         b6:34:fd:91:fc:43:24:82:0c:72:57:5e:0a:a7:be:4e:17:75:
         1e:6d:28:bb:62:71:aa:c5:7d:8f:ee:47:a3:32:92:3a:13:45:
         07:55:19:14:a8:59:f4:98:c1:21:8a:fd:bb:f0:5b:a1:5f:b8:
         7b:54:4e:2f:ec:9a:e8:68:ac:d9:58:91:e7:81:5b:75:75:04:
         91:8b:be:78:6c:74:83:79:42:e7:cc:5d:f7:04:75:59:82:6d:
         3e:87:c2:3f:1a:8e:04:c7:fb:90:dc:3a:79:fa:11:f8:1d:c5:
         b4:f9:db:38:f7:97:56:ef:ad:bc:49:f3:25:da:b0:c6:e4:23:
         82:35:19:68:e7:ec:fe:94:53:fb:54:f8:80:4a:5a:be:93:65:
         78:48:7f:4c:f1:e2:96:37:70:4d:ab:d3:13:93:67:ba:e5:c9:
         9e:a3:e2:51
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUKt42qSO3dh9NgqdjWmpjS0XXRFMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMDhhMzFiMjA0MmEwMGE4Y2Y5YTlkYzBiMjExNmIxMDY3
OTljOTExNWEwOWYxM2U0NTY0OTI4ZjYyN2Q3ODFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1d3Kz3OtcKl/UVbBa+YLaHvfjFLi2Yd6vomLcJXAG5oQx
f+6gYuh/9U6QFW9oy1eWmAP+lTmX875wjA2u9G2TuwcgRkDVZwbZT/vq6+5lYxX1
NSpW/C4Pb0nY/m26dxSKLwL+335Teq41CgqY+sKqaLOmiK0NAjnAOlBzKdyGxUeT
bfaeX1xbL09zuATCpeCIGkCoEFgs3IgHwAAuQxhNrMftdIR2dMhXSCdsYg0vBjmJ
ChnVKyLeTq1tipt4lgIbbmngDRXnFLjhthuAScglxp2iW+tmK7nu02pVjs5Lg1yz
z/hVtcKVANDDpEjrpx0JiH5KtQllhqO3bE4IETGTAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUYPgRLOnRNxTVYaBb0dgnNw0NOC4wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBhYmE0OTIxLTI3NmMtNDQ1Mi05NGE1LWZkNGMxMWI1YjI4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB82NDANBgkqhkiG9w0BAQsFAAOCAQEARByh/qE/kCrChv3YLmI03qMv
sLAs7OebEkNyXUBgkddionlHcauJZXcuf/T3eG7Kg+odyp6LSaIlKces2B79WMRN
yydAB6m/pLvIac8tkM+phoeGUiYMwlMhtjT9kfxDJIIMcldeCqe+Thd1Hm0ou2Jx
qsV9j+5HozKSOhNFB1UZFKhZ9JjBIYr9u/BboV+4e1ROL+ya6Gis2ViR54FbdXUE
kYu+eGx0g3lC58xd9wR1WYJtPofCPxqOBMf7kNw6efoR+B3FtPnbOPeXVu+tvEnz
JdqwxuQjgjUZaOfs/pRT+1T4gEpavpNleEh/TPHiljdwTavTE5NnuuXJnqPiUQ==
-----END CERTIFICATE-----