Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0da673f5-9e6d-4234-8255-feec6dc6c368.roa
File:                     0da673f5-9e6d-4234-8255-feec6dc6c368.roa (raw, json)
Hash identifier:          one3Xa3Sm9TI27t/SvX/vWckJa5AH4mQgUNFjBNSyok=
Subject key identifier:   C0:D0:59:2B:37:E7:6B:5E:4B:98:D2:BE:BC:6D:C3:F7:CC:EF:2B:38
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       274C63126D66205F912020192FCF9A9F6B54F11E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0da673f5-9e6d-4234-8255-feec6dc6c368.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:4c:63:12:6d:66:20:5f:91:20:20:19:2f:cf:9a:9f:6b:54:f1:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=a1cd3a4eb9ce79d6663c26841b157fd5f89d23843b58ce309787ba19a01c8304, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:17:27:0f:85:34:07:48:45:0d:db:21:c2:4d:
                    c2:4e:45:62:7b:8f:6c:7d:32:12:73:70:d0:49:99:
                    98:88:3b:0c:91:e1:0b:31:a7:33:ec:b8:18:4c:94:
                    24:57:b9:16:e3:bc:81:74:2d:aa:7d:9f:71:d2:74:
                    b3:77:43:f2:29:04:55:77:4e:45:72:4a:f1:a7:97:
                    24:b4:e1:e5:ac:33:08:55:14:4d:ea:62:4f:c4:da:
                    64:86:f1:4a:88:ee:13:13:01:f6:71:a0:32:38:e7:
                    d6:76:09:a1:98:0f:70:71:9b:94:4c:2e:63:11:9f:
                    4b:de:71:bd:d3:eb:52:d7:42:9f:05:3e:0a:78:89:
                    ec:fd:65:d8:61:8a:6e:21:04:20:5c:fd:a3:a0:f4:
                    39:0a:57:80:55:49:fd:5e:96:a7:f6:c2:42:2c:27:
                    57:66:f6:f9:13:0e:32:7d:b1:c8:87:6f:62:96:59:
                    70:eb:96:18:b6:4b:be:fb:44:75:f2:a8:d4:7f:31:
                    40:13:cf:b5:3f:42:6e:89:ee:a1:99:23:e1:68:a3:
                    c2:ce:aa:5b:80:ae:f2:22:c0:94:45:27:c2:aa:18:
                    b3:43:49:6b:8e:aa:94:a9:a2:4c:06:8f:77:da:f8:
                    0c:73:0e:24:10:7b:ed:2f:30:af:eb:be:ea:68:e6:
                    33:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D0:59:2B:37:E7:6B:5E:4B:98:D2:BE:BC:6D:C3:F7:CC:EF:2B:38
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/0da673f5-9e6d-4234-8255-feec6dc6c368.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8d:bc:f9:b4:43:24:b5:aa:37:32:29:8e:4c:99:42:97:10:4d:
         2b:ef:75:d1:4c:c1:67:44:9d:89:15:08:fa:9c:ed:07:72:ae:
         c5:04:fc:5b:9b:49:64:5c:90:5d:7a:7f:8a:12:88:f8:24:b2:
         ce:53:64:b7:3a:40:75:01:27:9a:ef:04:90:51:cb:c3:af:78:
         17:cf:2b:1c:01:eb:a8:00:f6:66:af:f2:d6:89:c2:0b:be:77:
         b0:a5:31:d4:2f:03:4b:cf:2b:b2:3f:d0:b7:79:e8:7a:05:1e:
         dd:6f:ba:3e:89:4e:d5:50:f2:86:0f:3a:88:f5:3b:39:71:f7:
         45:ec:94:8c:5b:c2:ee:75:79:cc:1f:31:b2:df:59:79:04:8d:
         c6:82:8e:40:38:68:07:2c:5c:99:c6:7c:66:2a:c2:0e:13:db:
         7a:53:5e:24:f3:d3:92:07:2f:33:47:db:01:2c:c1:fd:98:a2:
         5f:52:df:2d:56:59:a8:76:ed:f0:13:41:87:aa:cd:4c:58:70:
         02:fd:d6:5c:68:07:d9:f6:7c:2b:e9:d5:4b:78:1e:ce:b7:6d:
         f0:4a:c9:8b:c1:13:bd:2d:11:e8:05:e3:b5:e5:4a:5e:0e:b4:
         ae:fd:23:cd:7d:fc:5c:f8:01:b0:8d:99:e4:75:5b:45:02:6b:
         c9:0d:53:33
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUJ0xjEm1mIF+RICAZL8+an2tU8R4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMWNkM2E0ZWI5Y2U3OWQ2NjYzYzI2ODQxYjE1N2ZkNWY4
OWQyMzg0M2I1OGNlMzA5Nzg3YmExOWEwMWM4MzA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgFycPhTQHSEUN2yHCTcJORWJ7j2x9MhJzcNBJmZiIOwyR
4QsxpzPsuBhMlCRXuRbjvIF0Lap9n3HSdLN3Q/IpBFV3TkVySvGnlyS04eWsMwhV
FE3qYk/E2mSG8UqI7hMTAfZxoDI459Z2CaGYD3Bxm5RMLmMRn0vecb3T61LXQp8F
Pgp4iez9Zdhhim4hBCBc/aOg9DkKV4BVSf1elqf2wkIsJ1dm9vkTDjJ9sciHb2KW
WXDrlhi2S777RHXyqNR/MUATz7U/Qm6J7qGZI+Foo8LOqluArvIiwJRFJ8KqGLND
SWuOqpSpokwGj3fa+AxzDiQQe+0vMK/rvupo5jOFAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUwNBZKzfna15LmNK+vG3D98zvKzgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzBkYTY3M2Y1LTllNmQtNDIzNC04MjU1LWZlZWM2ZGM2YzM2OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8ywDANBgkqhkiG9w0BAQsFAAOCAQEAjbz5tEMktao3MimOTJlClxBN
K+910UzBZ0SdiRUI+pztB3KuxQT8W5tJZFyQXXp/ihKI+CSyzlNktzpAdQEnmu8E
kFHLw694F88rHAHrqAD2Zq/y1onCC753sKUx1C8DS88rsj/Qt3noegUe3W+6PolO
1VDyhg86iPU7OXH3ReyUjFvC7nV5zB8xst9ZeQSNxoKOQDhoByxcmcZ8ZirCDhPb
elNeJPPTkgcvM0fbASzB/ZiiX1LfLVZZqHbt8BNBh6rNTFhwAv3WXGgH2fZ8K+nV
S3gezrdt8ErJi8ETvS0R6AXjteVKXg60rv0jzX38XPgBsI2Z5HVbRQJryQ1TMw==
-----END CERTIFICATE-----