Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2645849a-4d1c-4d39-9157-62ba39467753.roa
File:                     2645849a-4d1c-4d39-9157-62ba39467753.roa (raw, json)
Hash identifier:          7a/jHUtHG6wXFGsN0yYVktZ3KNeZmQDEI3bgqpd2jh4=
Subject key identifier:   02:EB:90:4E:D1:C2:C6:5B:41:D2:E9:87:4A:8E:46:72:46:1B:15:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4CF2A7C8D7D2E6690B51DE9FA84A85E681FFCFD2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2645849a-4d1c-4d39-9157-62ba39467753.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f70:c000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:f2:a7:c8:d7:d2:e6:69:0b:51:de:9f:a8:4a:85:e6:81:ff:cf:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=67f1a2721aca387e6df2a27141edb6211354e5a808a30ff4ed4cab3b04d3bd31, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:c2:74:58:f9:7e:c3:eb:35:64:17:56:75:cb:
                    92:4e:e0:92:df:72:87:58:67:67:65:90:b2:c4:59:
                    40:08:5a:b9:68:0f:d3:fa:ca:dc:f3:7c:e1:77:e6:
                    2b:3b:4b:e3:df:ff:bf:44:b4:86:07:2e:73:45:36:
                    ff:bd:64:ca:e8:c8:ef:4d:8f:15:48:f9:94:aa:34:
                    37:e8:6b:14:34:fa:60:cd:7f:1c:2e:b0:f4:0a:54:
                    a7:fd:25:6d:69:63:ed:57:7d:ba:63:f5:6a:65:e0:
                    2a:d4:25:bf:74:21:b2:de:ae:48:0a:81:86:66:7c:
                    ff:53:bf:bc:35:37:4b:4f:83:d9:37:e5:54:29:45:
                    83:ef:c9:a1:06:c4:d1:f3:57:0f:8a:92:11:02:47:
                    7f:4b:3f:9d:84:5d:4d:67:b2:e9:1b:d5:99:59:84:
                    9b:30:cf:04:15:2b:7b:d1:98:b1:e3:1a:38:49:7f:
                    7c:57:bf:88:95:e3:65:cc:f4:02:66:87:22:1e:f1:
                    4b:20:70:f4:f6:03:7c:7b:20:6b:97:ed:dc:47:6a:
                    d5:a4:61:29:7e:f8:21:3f:4d:08:ab:0e:38:bc:a0:
                    a2:c1:ea:b3:69:f5:53:8b:3d:d2:ae:02:58:9a:85:
                    ce:63:af:ee:f9:29:14:93:a7:13:33:63:50:14:61:
                    7c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EB:90:4E:D1:C2:C6:5B:41:D2:E9:87:4A:8E:46:72:46:1B:15:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2645849a-4d1c-4d39-9157-62ba39467753.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f70:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         d3:18:94:7c:47:ca:2a:3f:25:3e:5b:51:9c:d1:37:53:14:71:
         90:10:8f:94:d4:e9:4a:3f:cf:3c:f5:31:3b:ab:1f:a6:4e:d5:
         8a:1c:91:86:f5:4b:08:33:04:4d:35:c9:24:73:16:94:f1:78:
         e1:9e:6f:e7:c8:95:e6:10:12:e3:9a:64:bc:6c:68:f4:1b:3a:
         fc:83:bb:6e:b5:63:a4:73:49:9a:17:84:6c:f9:6f:7c:a6:0d:
         4f:03:87:6f:83:46:6a:2c:ec:0e:0e:db:52:2b:00:59:8e:f1:
         85:28:fc:e3:e6:bc:a9:df:01:2a:76:4b:34:0a:39:6f:b1:0b:
         a0:ff:be:26:47:9c:2b:b6:ff:66:94:0d:e5:c5:aa:c5:24:bc:
         e4:46:b0:35:12:22:99:54:f0:13:f1:e8:f9:87:d1:fe:ac:dd:
         fc:de:30:89:b2:ed:fa:9c:ca:cd:cd:0e:9a:3a:1a:28:fb:b3:
         3b:68:e5:2d:c9:2e:e5:55:b7:6c:54:34:2e:cb:24:8a:0b:8c:
         21:f0:46:e2:3d:e2:02:03:a0:18:d0:af:e1:80:5c:b7:40:2d:
         53:a5:c9:2e:06:73:8d:93:09:78:27:40:5f:e2:11:a6:da:d7:
         8a:d9:04:8e:f5:56:58:e7:32:ca:5e:84:c2:58:be:a7:83:dc:
         3d:97:b8:b3
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTPKnyNfS5mkLUd6fqEqF5oH/z9IwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A2N2YxYTI3MjFhY2EzODdlNmRmMmEyNzE0MWVkYjYyMTEz
NTRlNWE4MDhhMzBmZjRlZDRjYWIzYjA0ZDNiZDMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcwnRY+X7D6zVkF1Z1y5JO4JLfcodYZ2dlkLLEWUAIWrlo
D9P6ytzzfOF35is7S+Pf/79EtIYHLnNFNv+9ZMroyO9NjxVI+ZSqNDfoaxQ0+mDN
fxwusPQKVKf9JW1pY+1Xfbpj9Wpl4CrUJb90IbLerkgKgYZmfP9Tv7w1N0tPg9k3
5VQpRYPvyaEGxNHzVw+KkhECR39LP52EXU1nsukb1ZlZhJswzwQVK3vRmLHjGjhJ
f3xXv4iV42XM9AJmhyIe8UsgcPT2A3x7IGuX7dxHatWkYSl++CE/TQirDji8oKLB
6rNp9VOLPdKuAliahc5jr+75KRSTpxMzY1AUYXxNAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUAuuQTtHCxltB0umHSo5GckYbFSUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI2NDU4NDlhLTRkMWMtNGQzOS05MTU3LTYyYmEzOTQ2Nzc1My5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9wwDANBgkqhkiG9w0BAQsFAAOCAQEA0xiUfEfKKj8lPltRnNE3UxRx
kBCPlNTpSj/PPPUxO6sfpk7VihyRhvVLCDMETTXJJHMWlPF44Z5v58iV5hAS45pk
vGxo9Bs6/IO7brVjpHNJmheEbPlvfKYNTwOHb4NGaizsDg7bUisAWY7xhSj84+a8
qd8BKnZLNAo5b7ELoP++JkecK7b/ZpQN5cWqxSS85EawNRIimVTwE/Ho+YfR/qzd
/N4wibLt+pzKzc0OmjoaKPuzO2jlLcku5VW3bFQ0LsskiguMIfBG4j3iAgOgGNCv
4YBct0AtU6XJLgZzjZMJeCdAX+IRptrXitkEjvVWWOcyyl6Ewli+p4PcPZe4sw==
-----END CERTIFICATE-----