Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e0fdf0b-509b-4469-b9c9-3029b85fffe5.roa
File:                     1e0fdf0b-509b-4469-b9c9-3029b85fffe5.roa (raw, json)
Hash identifier:          4RH2XV8CihFajfk99UBb7GQZdyTDNzw8pbpMoRHTGpk=
Subject key identifier:   BB:21:67:3E:87:BF:4B:CA:9D:90:C5:A4:2E:31:E9:62:22:9C:70:B3
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       16094A26CB87518956421B0871080F8ABA9D1C50
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e0fdf0b-509b-4469-b9c9-3029b85fffe5.roa
Signing time:             Wed 05 Feb 2025 00:00:00 +0000
ROA not before:           Wed 05 Feb 2025 00:00:00 +0000
ROA not after:            Wed 12 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f30:3400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:09:4a:26:cb:87:51:89:56:42:1b:08:71:08:0f:8a:ba:9d:1c:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  5 00:00:00 2025 GMT
            Not After : Mar 12 23:59:59 2025 GMT
        Subject: serialNumber=df90032d9d0a609d85af213da412197d6b2b92b52c7fcfb0c7e728b72649896b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:01:14:25:22:a7:10:b8:24:85:3d:96:32:30:
                    2f:03:f1:22:16:54:c4:5b:7a:09:4f:9f:d1:f6:07:
                    5b:5b:75:f1:72:76:ab:6b:dc:05:25:1a:8f:ea:b2:
                    61:44:c8:20:59:c0:f2:3c:8f:b6:4f:b1:d4:7f:3f:
                    32:90:04:00:7f:2a:3f:6c:63:5d:d9:a9:00:67:28:
                    34:75:83:22:25:24:93:6c:44:54:7b:7d:de:24:a9:
                    ee:81:aa:56:05:7f:46:bc:5d:40:10:03:68:d8:4f:
                    a6:ce:e6:56:f3:35:05:0f:a4:33:0c:73:be:35:6d:
                    3f:8a:24:da:0b:c9:21:3d:d6:e7:8e:e2:da:fa:c7:
                    82:8c:0d:c8:3d:63:17:fa:0c:01:4e:13:95:b5:3e:
                    45:4a:31:2b:b1:43:cb:0c:2c:f8:4a:43:5b:fa:8e:
                    10:e5:34:c3:10:f8:47:12:17:22:f8:e6:09:a3:33:
                    94:61:ce:db:9e:05:89:de:17:6f:7d:9f:06:a8:fd:
                    24:f1:ca:da:d0:77:25:9d:76:9a:bf:4d:38:c0:30:
                    3c:43:ee:43:7f:f9:41:49:8e:6f:3f:de:11:ce:5e:
                    6f:bc:36:9d:4c:3f:98:81:29:84:e7:95:44:af:a3:
                    9e:6c:8a:b2:9e:2d:e2:16:d1:f3:f3:72:2e:b2:70:
                    7b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:21:67:3E:87:BF:4B:CA:9D:90:C5:A4:2E:31:E9:62:22:9C:70:B3
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1e0fdf0b-509b-4469-b9c9-3029b85fffe5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f30:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         85:9e:18:95:03:11:8e:58:f1:38:87:4a:ab:34:c0:3a:55:dd:
         eb:b4:c3:36:51:7a:41:60:60:87:7a:5a:68:da:61:99:de:1e:
         d5:a6:da:cd:54:eb:ae:09:20:75:3d:55:47:36:23:9a:de:fb:
         b2:24:57:9a:27:80:2c:cb:03:79:c6:29:dd:9f:a9:27:28:59:
         ac:ce:e1:9d:73:76:c3:f6:2c:71:75:78:3b:84:49:92:f8:f6:
         bd:3f:91:69:8e:43:26:cf:3c:51:0f:26:9a:f0:16:be:1c:4c:
         40:d6:97:16:59:46:5f:ce:c3:af:6e:39:1a:04:63:d8:c6:0b:
         dd:b2:39:6d:3a:68:23:d1:3e:4c:6f:62:0f:35:7c:b3:35:96:
         f6:49:ae:26:60:7c:d5:01:67:cd:29:30:89:73:0d:29:ab:67:
         c5:83:49:b5:86:e9:44:1f:af:64:04:ea:4f:6b:de:37:94:2f:
         3b:97:dc:68:e7:82:4e:82:9a:a9:be:d1:df:1e:2f:1f:15:63:
         e9:de:81:00:e7:b6:44:a5:02:24:22:71:76:4b:6f:89:78:bc:
         1e:ee:ca:f9:2b:8a:03:5a:7a:88:c6:b6:91:d1:e4:d4:e8:13:
         89:6a:c4:f0:02:00:dd:a9:8c:71:ab:1f:0e:c2:31:26:a1:f3:
         38:85:f6:00
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUFglKJsuHUYlWQhsIcQgPirqdHFAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA1MDAwMDAwWhcNMjUwMzEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkZjkwMDMyZDlkMGE2MDlkODVhZjIxM2RhNDEyMTk3ZDZi
MmI5MmI1MmM3ZmNmYjBjN2U3MjhiNzI2NDk4OTZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDeARQlIqcQuCSFPZYyMC8D8SIWVMRbeglPn9H2B1tbdfFy
dqtr3AUlGo/qsmFEyCBZwPI8j7ZPsdR/PzKQBAB/Kj9sY13ZqQBnKDR1gyIlJJNs
RFR7fd4kqe6BqlYFf0a8XUAQA2jYT6bO5lbzNQUPpDMMc741bT+KJNoLySE91ueO
4tr6x4KMDcg9Yxf6DAFOE5W1PkVKMSuxQ8sMLPhKQ1v6jhDlNMMQ+EcSFyL45gmj
M5RhztueBYneF299nwao/STxytrQdyWddpq/TTjAMDxD7kN/+UFJjm8/3hHOXm+8
Np1MP5iBKYTnlUSvo55sirKeLeIW0fPzci6ycHvnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUuyFnPoe/S8qdkMWkLjHpYiKccLMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFlMGZkZjBiLTUwOWItNDQ2OS1iOWM5LTMwMjliODVmZmZlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB8wNDANBgkqhkiG9w0BAQsFAAOCAQEAhZ4YlQMRjljxOIdKqzTAOlXd
67TDNlF6QWBgh3paaNphmd4e1abazVTrrgkgdT1VRzYjmt77siRXmieALMsDecYp
3Z+pJyhZrM7hnXN2w/YscXV4O4RJkvj2vT+RaY5DJs88UQ8mmvAWvhxMQNaXFllG
X87Dr245GgRj2MYL3bI5bTpoI9E+TG9iDzV8szWW9kmuJmB81QFnzSkwiXMNKatn
xYNJtYbpRB+vZATqT2veN5QvO5fcaOeCToKaqb7R3x4vHxVj6d6BAOe2RKUCJCJx
dktviXi8Hu7K+SuKA1p6iMa2kdHk1OgTiWrE8AIA3amMcasfDsIxJqHzOIX2AA==
-----END CERTIFICATE-----