Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23e70a12-4ee0-4dae-9be2-f76d802d5260.roa
File:                     23e70a12-4ee0-4dae-9be2-f76d802d5260.roa (raw, json)
Hash identifier:          +5+XJR6DewtsL/vL++dIuXsgkxTIReUYCGBBh0rQiic=
Subject key identifier:   17:F4:48:FB:07:A5:3D:91:9A:5D:E4:C7:19:28:92:00:0E:26:0C:86
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6F30F54211A87D4CFC3CDC7868EAB74FCAC9AC11
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23e70a12-4ee0-4dae-9be2-f76d802d5260.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f27:4000::/36 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:30:f5:42:11:a8:7d:4c:fc:3c:dc:78:68:ea:b7:4f:ca:c9:ac:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=bb7536949b28bb3cdf6982f6abf382614515c576c4e7891bb9e75c56c34ba117, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:24:67:36:8f:44:4f:e7:6e:08:fa:9f:d5:f6:
                    72:eb:23:e0:ec:61:34:88:90:40:bd:4c:d9:ce:a0:
                    4a:32:25:03:ab:9c:6a:f2:79:19:33:13:7d:7a:45:
                    2e:26:1f:9a:d8:68:b5:97:e9:a5:2c:48:d8:43:4f:
                    45:71:6f:5d:5e:9b:7f:8f:3a:fe:f3:71:0c:8a:72:
                    66:46:4b:2c:e8:55:0f:d9:ad:52:ce:9a:05:e7:b7:
                    84:df:f4:fb:ff:50:01:68:7b:3e:8b:ac:59:87:41:
                    d3:3a:3a:a3:51:f2:08:65:88:af:a8:47:68:17:04:
                    c7:02:4f:82:3f:10:4a:fa:87:20:19:00:80:1a:e5:
                    00:18:77:84:f2:ec:90:b6:e2:e1:40:ac:a9:f7:bd:
                    2c:0c:09:f3:61:f0:fe:2f:33:9e:16:79:e9:51:4c:
                    1a:70:15:13:08:bb:8b:f1:be:11:1e:3f:81:62:0d:
                    d2:20:e0:87:ef:09:36:40:bf:b1:0f:3c:e8:89:db:
                    eb:bf:44:d5:cb:47:13:95:80:95:ae:33:d1:e0:8b:
                    1b:42:f7:af:42:48:37:25:10:7b:d6:68:9c:1e:ef:
                    89:b9:5c:b9:f3:19:69:e3:75:79:5d:4f:3d:f3:14:
                    68:40:ad:1d:bb:75:e5:6e:82:47:20:14:ce:e8:54:
                    86:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F4:48:FB:07:A5:3D:91:9A:5D:E4:C7:19:28:92:00:0E:26:0C:86
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/23e70a12-4ee0-4dae-9be2-f76d802d5260.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f27:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         30:39:58:59:46:49:67:01:45:cf:bd:a0:8c:c9:0d:5c:2e:8d:
         b6:99:53:3d:fb:c8:28:48:dc:a6:89:0d:b7:f8:09:ff:c5:65:
         59:dd:18:b2:8e:9b:b1:53:12:db:29:2c:52:2b:e4:60:c0:c2:
         3c:ad:4e:e4:6b:0c:89:b2:68:ae:ec:72:24:ae:0e:60:bd:30:
         46:63:89:f6:79:30:99:fa:8f:9d:99:29:26:2f:c6:25:0a:59:
         7a:74:09:63:5d:20:17:d7:18:e7:f5:8a:88:36:05:44:ff:27:
         50:47:6f:65:fd:bc:34:88:dc:83:e8:ed:20:69:35:e7:2c:ea:
         c3:22:a8:bb:74:ca:68:56:2b:e5:ec:36:eb:bb:2c:f0:e8:e2:
         f6:21:f2:af:45:a4:3f:26:82:07:ea:b5:8f:d3:16:eb:55:a1:
         41:3c:54:13:55:48:e7:d6:30:75:77:17:67:26:69:bc:c6:6a:
         dc:52:57:db:b9:b2:ff:a2:cb:2b:42:ba:98:3f:f2:98:72:8b:
         93:6b:27:6d:3e:bc:0a:47:05:bc:e7:e2:0d:f6:b7:b6:0e:bc:
         a0:d8:94:25:72:34:67:52:91:9d:58:76:f2:b3:5c:98:db:3f:
         49:68:c8:88:3c:18:22:81:4e:18:c1:e4:67:c1:93:ee:ae:f6:
         ac:09:bf:2d
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUbzD1QhGofUz8PNx4aOq3T8rJrBEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiYjc1MzY5NDliMjhiYjNjZGY2OTgyZjZhYmYzODI2MTQ1
MTVjNTc2YzRlNzg5MWJiOWU3NWM1NmMzNGJhMTE3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCiJGc2j0RP524I+p/V9nLrI+DsYTSIkEC9TNnOoEoyJQOr
nGryeRkzE316RS4mH5rYaLWX6aUsSNhDT0Vxb11em3+POv7zcQyKcmZGSyzoVQ/Z
rVLOmgXnt4Tf9Pv/UAFoez6LrFmHQdM6OqNR8ghliK+oR2gXBMcCT4I/EEr6hyAZ
AIAa5QAYd4Ty7JC24uFArKn3vSwMCfNh8P4vM54WeelRTBpwFRMIu4vxvhEeP4Fi
DdIg4IfvCTZAv7EPPOiJ2+u/RNXLRxOVgJWuM9HgixtC969CSDclEHvWaJwe74m5
XLnzGWnjdXldTz3zFGhArR27deVugkcgFM7oVIZzAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUF/RI+welPZGaXeTHGSiSAA4mDIYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzIzZTcwYTEyLTRlZTAtNGRhZS05YmUyLWY3NmQ4MDJkNTI2MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8nQDANBgkqhkiG9w0BAQsFAAOCAQEAMDlYWUZJZwFFz72gjMkNXC6N
tplTPfvIKEjcpokNt/gJ/8VlWd0Yso6bsVMS2yksUivkYMDCPK1O5GsMibJoruxy
JK4OYL0wRmOJ9nkwmfqPnZkpJi/GJQpZenQJY10gF9cY5/WKiDYFRP8nUEdvZf28
NIjcg+jtIGk15yzqwyKou3TKaFYr5ew267ss8Oji9iHyr0WkPyaCB+q1j9MW61Wh
QTxUE1VI59YwdXcXZyZpvMZq3FJX27my/6LLK0K6mD/ymHKLk2snbT68CkcFvOfi
Dfa3tg68oNiUJXI0Z1KRnVh28rNcmNs/SWjIiDwYIoFOGMHkZ8GT7q72rAm/LQ==
-----END CERTIFICATE-----