Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f42ce54-e9cf-40a2-934a-6c649ed8a320.roa
File:                     1f42ce54-e9cf-40a2-934a-6c649ed8a320.roa (raw, json)
Hash identifier:          LaYe8n63QyzCBUeVT9hUWU28maI6Wz3q4SgJXclI4sw=
Subject key identifier:   2C:96:C3:09:06:FC:21:AD:6A:95:49:58:A3:A1:55:DC:93:93:57:49
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       18CA84B1782B270A7584C81F8FEEC2398FCF31E4
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f42ce54-e9cf-40a2-934a-6c649ed8a320.roa
Signing time:             Fri 23 Feb 2024 00:00:00 +0000
ROA not before:           Fri 23 Feb 2024 00:00:00 +0000
ROA not after:            Fri 29 Mar 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f23:8000::/36 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:ca:84:b1:78:2b:27:0a:75:84:c8:1f:8f:ee:c2:39:8f:cf:31:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 23 00:00:00 2024 GMT
            Not After : Mar 29 23:59:59 2024 GMT
        Subject: serialNumber=fbaceba510f49957ae0916712e3f8eda323c23167b11fa0fe699ce966fab8f9e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:89:99:69:35:5e:50:12:43:b6:40:3a:9a:e8:
                    70:bf:99:5b:71:db:5f:bc:83:8b:d9:cb:af:5a:3d:
                    fd:5e:3a:3a:c6:cb:88:6b:4e:d0:83:e1:b0:6a:cb:
                    60:1b:19:72:7d:fe:1a:f5:46:a9:8d:18:2e:0e:8a:
                    30:27:2c:a0:b8:c5:4e:df:3c:f2:28:60:41:80:d0:
                    68:a0:52:d2:16:73:27:0c:80:8c:8a:dd:e7:c3:47:
                    a8:69:97:8f:c3:8e:96:65:8f:1d:f2:07:c5:4d:89:
                    70:18:8f:9d:3c:8b:93:5e:c6:ab:cc:66:b7:2b:bf:
                    a7:28:ef:b5:b8:a0:88:9c:c8:07:86:d1:ea:a8:15:
                    ea:32:ee:4c:14:80:c7:9b:41:ff:e5:67:3a:b4:d2:
                    89:76:00:c7:f8:8e:35:ad:67:3d:ab:5a:e5:de:ff:
                    cb:34:d2:01:10:5e:1f:a9:a4:ba:d6:9a:98:09:7a:
                    b5:6e:10:9a:7f:0e:fe:4e:c1:da:7e:d1:4c:04:0c:
                    c5:45:0f:8b:a1:ac:a2:5f:e1:cc:6c:20:e3:fa:98:
                    b6:ac:fe:c1:15:c9:6c:78:d3:bf:a6:fd:2b:e7:4f:
                    dc:c9:c6:19:b2:19:4e:82:d6:8a:c5:88:06:89:72:
                    88:7d:a5:59:99:21:d4:1d:6e:12:db:af:0c:d9:c5:
                    5d:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:96:C3:09:06:FC:21:AD:6A:95:49:58:A3:A1:55:DC:93:93:57:49
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/1f42ce54-e9cf-40a2-934a-6c649ed8a320.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f23:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         88:9f:ac:a1:cb:6e:93:27:31:4d:93:42:4a:f4:f0:2f:4e:b7:
         d7:f8:a1:91:d4:13:ef:e6:c8:41:2d:1f:4a:13:a8:53:69:ec:
         cf:e3:62:ee:c0:ac:b1:78:b1:c8:f7:e8:5f:68:91:e3:1f:6b:
         35:02:7f:a1:a9:ab:a3:2b:d4:14:9e:1f:ed:82:09:e0:96:ed:
         75:fe:77:30:1f:d2:50:ff:31:bf:ad:c9:c4:3f:64:f3:07:1d:
         09:78:c4:20:d6:d6:df:96:4a:d1:8f:1e:63:d5:6f:06:81:42:
         c4:77:a2:e3:9d:d6:f3:d0:7f:f3:59:5a:25:27:5b:91:56:5d:
         ed:43:0f:f4:bc:eb:53:e6:b3:f6:6d:1b:94:73:d8:99:a3:98:
         f7:c7:d6:8f:e4:59:44:ff:2a:a6:51:93:c4:89:e8:f6:fe:04:
         56:98:33:73:6c:25:c9:0a:99:f7:78:6b:b2:20:77:a7:2b:b8:
         af:0f:70:8a:cc:bb:ac:d8:95:1c:73:45:9c:af:b0:25:21:f0:
         fc:91:3a:69:2d:0c:92:63:0e:5a:5a:65:89:80:3b:c2:f0:15:
         a6:29:16:8e:82:ec:b0:1c:e5:0c:bb:41:0b:98:94:0b:8f:21:
         1b:92:71:0d:a4:43:23:17:32:43:6d:79:39:a1:61:8b:b8:63:
         d1:61:8c:9e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUGMqEsXgrJwp1hMgfj+7COY/PMeQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQwMjIzMDAwMDAwWhcNMjQwMzI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYmFjZWJhNTEwZjQ5OTU3YWUwOTE2NzEyZTNmOGVkYTMy
M2MyMzE2N2IxMWZhMGZlNjk5Y2U5NjZmYWI4ZjllMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdiZlpNV5QEkO2QDqa6HC/mVtx21+8g4vZy69aPf1eOjrG
y4hrTtCD4bBqy2AbGXJ9/hr1RqmNGC4OijAnLKC4xU7fPPIoYEGA0GigUtIWcycM
gIyK3efDR6hpl4/DjpZljx3yB8VNiXAYj508i5NexqvMZrcrv6co77W4oIicyAeG
0eqoFeoy7kwUgMebQf/lZzq00ol2AMf4jjWtZz2rWuXe/8s00gEQXh+ppLrWmpgJ
erVuEJp/Dv5Owdp+0UwEDMVFD4uhrKJf4cxsIOP6mLas/sEVyWx407+m/SvnT9zJ
xhmyGU6C1orFiAaJcoh9pVmZIdQdbhLbrwzZxV3jAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQULJbDCQb8Ia1qlUlYo6FV3JOTV0kwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzFmNDJjZTU0LWU5Y2YtNDBhMi05MzRhLTZjNjQ5ZWQ4YTMyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8jgDANBgkqhkiG9w0BAQsFAAOCAQEAiJ+soctukycxTZNCSvTwL063
1/ihkdQT7+bIQS0fShOoU2nsz+Ni7sCssXixyPfoX2iR4x9rNQJ/oamroyvUFJ4f
7YIJ4Jbtdf53MB/SUP8xv63JxD9k8wcdCXjEINbW35ZK0Y8eY9VvBoFCxHei453W
89B/81laJSdbkVZd7UMP9LzrU+az9m0blHPYmaOY98fWj+RZRP8qplGTxIno9v4E
Vpgzc2wlyQqZ93hrsiB3pyu4rw9wisy7rNiVHHNFnK+wJSHw/JE6aS0MkmMOWlpl
iYA7wvAVpikWjoLssBzlDLtBC5iUC48hG5JxDaRDIxcyQ215OaFhi7hj0WGMng==
-----END CERTIFICATE-----