Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29b28107-0c2b-4bd8-9710-29ab472aef46.roa
File:                     29b28107-0c2b-4bd8-9710-29ab472aef46.roa (raw, json)
Hash identifier:          usSPQmAUxQNsCH0fzrT/CGtWcGXZBpPNF17fP1T4+pA=
Subject key identifier:   64:98:69:57:68:95:B6:46:FF:4F:CF:6A:56:FD:12:8D:99:CC:7E:4D
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7B54890ABA93C9394B0E39C9317D8AC61DC8DFCE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29b28107-0c2b-4bd8-9710-29ab472aef46.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:80c0::/46 maxlen: 46
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:54:89:0a:ba:93:c9:39:4b:0e:39:c9:31:7d:8a:c6:1d:c8:df:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=4e348b057bfe97749460f2f7da91431ee80a598e3a9fc6f19cae3c042df314ef, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:66:dd:7e:9d:ae:2e:f6:97:d2:9f:da:95:ea:
                    72:3e:e2:1c:85:99:0c:ab:bd:25:bc:23:d6:12:5f:
                    54:21:17:d5:1a:1c:15:17:47:69:80:94:de:f8:b9:
                    3c:bc:1d:21:74:98:0e:97:e2:25:5e:17:9b:e7:0b:
                    ad:ff:6a:c6:17:a5:4f:df:da:3e:d3:af:86:13:43:
                    df:e3:42:f7:65:1f:69:3a:55:40:d3:96:72:8f:2d:
                    53:5f:9a:42:72:8a:3e:95:df:e4:5a:0a:91:73:c9:
                    ea:87:da:c0:c6:87:d3:bf:d2:8b:9e:51:e4:bb:5d:
                    ef:95:56:91:a1:0a:66:80:25:66:2e:6f:80:0c:86:
                    f0:3c:57:d8:7a:ef:7a:4b:74:31:0a:16:ae:8f:fb:
                    f2:da:43:e2:3e:03:94:88:13:6d:15:73:17:ff:db:
                    cf:e0:49:ff:63:4e:da:08:8b:b3:a0:a3:8a:1b:f1:
                    b0:51:85:f0:61:ba:9e:4c:3f:a4:b0:65:f5:12:8c:
                    95:2b:e2:83:f7:79:42:91:4b:91:9b:70:68:7f:39:
                    70:93:52:eb:6b:d5:f5:08:7e:9d:7e:f3:8b:a8:6c:
                    b2:31:81:2a:07:1a:d4:03:0d:72:3e:6a:26:62:28:
                    eb:87:4f:36:1d:c0:96:5e:77:f2:59:e0:56:ef:64:
                    f8:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:98:69:57:68:95:B6:46:FF:4F:CF:6A:56:FD:12:8D:99:CC:7E:4D
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/29b28107-0c2b-4bd8-9710-29ab472aef46.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:80c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         72:f8:6c:92:0a:8f:7b:f0:74:97:55:ae:5d:3d:bc:62:5a:f4:
         ce:0f:ec:8f:1f:b7:56:85:9e:dd:43:31:3b:20:7c:f9:f8:09:
         06:bd:ea:23:ef:cc:1f:b2:69:01:4e:c9:66:52:04:7b:43:8d:
         26:16:30:c5:21:f5:db:06:79:3f:f1:e2:ee:8d:a2:fd:08:b3:
         f0:a0:ba:cc:91:78:90:e7:9f:d3:a5:21:66:e6:50:43:b0:3d:
         75:dc:bf:6d:7e:9e:01:b7:e5:7e:fb:88:44:24:1b:dc:2a:d1:
         3b:c3:69:11:ca:28:c3:16:ac:cb:d0:af:ed:86:45:21:1f:b3:
         06:1f:ce:82:98:01:3e:e8:15:5c:c5:9f:d7:73:cc:81:01:0e:
         25:a6:ad:94:44:02:86:a4:c2:f0:e3:29:eb:83:2c:34:7c:60:
         de:c0:81:cf:dc:bf:9c:61:3c:dc:69:19:d2:66:03:90:f4:e8:
         80:d7:f2:4f:9c:0c:aa:3e:93:69:66:88:50:82:df:a3:88:a1:
         60:aa:8f:8b:26:bd:a8:3a:d8:2f:41:1e:de:d2:ad:2b:53:fe:
         bf:0a:f9:9a:66:10:c1:27:db:48:50:8c:d4:ca:ff:df:a9:7e:
         59:8a:eb:ff:ea:63:53:e8:f6:49:74:91:e7:8e:2d:e6:2b:41:
         73:f6:e4:32
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUe1SJCrqTyTlLDjnJMX2Kxh3I384wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZTM0OGIwNTdiZmU5Nzc0OTQ2MGYyZjdkYTkxNDMxZWU4
MGE1OThlM2E5ZmM2ZjE5Y2FlM2MwNDJkZjMxNGVmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKZt1+na4u9pfSn9qV6nI+4hyFmQyrvSW8I9YSX1QhF9Ua
HBUXR2mAlN74uTy8HSF0mA6X4iVeF5vnC63/asYXpU/f2j7Tr4YTQ9/jQvdlH2k6
VUDTlnKPLVNfmkJyij6V3+RaCpFzyeqH2sDGh9O/0oueUeS7Xe+VVpGhCmaAJWYu
b4AMhvA8V9h673pLdDEKFq6P+/LaQ+I+A5SIE20Vcxf/28/gSf9jTtoIi7Ogo4ob
8bBRhfBhup5MP6SwZfUSjJUr4oP3eUKRS5GbcGh/OXCTUutr1fUIfp1+84uobLIx
gSoHGtQDDXI+aiZiKOuHTzYdwJZed/JZ4FbvZPi1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUZJhpV2iVtkb/T89qVv0SjZnMfk0wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzI5YjI4MTA3LTBjMmItNGJkOC05NzEwLTI5YWI0NzJhZWY0Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB9ggMAwDQYJKoZIhvcNAQELBQADggEBAHL4bJIKj3vwdJdVrl09vGJa
9M4P7I8ft1aFnt1DMTsgfPn4CQa96iPvzB+yaQFOyWZSBHtDjSYWMMUh9dsGeT/x
4u6Nov0Is/CgusyReJDnn9OlIWbmUEOwPXXcv21+ngG35X77iEQkG9wq0TvDaRHK
KMMWrMvQr+2GRSEfswYfzoKYAT7oFVzFn9dzzIEBDiWmrZREAoakwvDjKeuDLDR8
YN7Agc/cv5xhPNxpGdJmA5D06IDX8k+cDKo+k2lmiFCC36OIoWCqj4smvag62C9B
Ht7SrStT/r8K+ZpmEMEn20hQjNTK/9+pflmK6//qY1Po9kl0keeOLeYrQXP25DI=
-----END CERTIFICATE-----