Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bb91fff-d9a1-4df2-aab1-5481abf16927.roa
File:                     2bb91fff-d9a1-4df2-aab1-5481abf16927.roa (raw, json)
Hash identifier:          voJ1iJIi9dSOzGJji31WxjSJJkF0mxzJmXBkF3HTxm4=
Subject key identifier:   A9:3F:34:1C:DA:A7:39:F9:28:0D:0B:84:9E:6E:10:C8:3E:B5:06:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3E27871B8DA5EE2A4523D75857FF94FDAF24225A
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bb91fff-d9a1-4df2-aab1-5481abf16927.roa
Signing time:             Tue 24 Dec 2024 00:00:00 +0000
ROA not before:           Tue 24 Dec 2024 00:00:00 +0000
ROA not after:            Tue 28 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f01:48d2::/47 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:27:87:1b:8d:a5:ee:2a:45:23:d7:58:57:ff:94:fd:af:24:22:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 24 00:00:00 2024 GMT
            Not After : Jan 28 23:59:59 2025 GMT
        Subject: serialNumber=43f5ea20f5ff11b1a7a37a355335ce9e4f5f8aa8698acf7552a182f8350db852, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4e:c9:f1:9a:ee:58:3e:b4:76:1d:0b:2d:8f:
                    34:73:26:ed:4c:53:7f:6e:16:3a:bd:8a:46:07:c4:
                    37:db:b4:3d:3f:85:12:40:3c:1f:fb:c0:e8:4c:ba:
                    99:28:dd:d5:56:11:d2:ae:81:c2:0f:5c:85:a0:fb:
                    06:9e:24:17:fc:18:1d:cc:93:9d:70:f8:01:e1:aa:
                    ad:09:3d:61:d4:43:91:20:cb:c9:4f:88:44:28:20:
                    18:d5:f9:3b:58:57:3e:ac:6f:c4:83:8d:0f:41:7c:
                    bb:e0:80:29:a8:86:ce:20:59:da:00:db:9e:3c:a6:
                    a0:57:20:81:3e:28:26:d3:bf:77:86:3d:c0:38:c5:
                    1c:81:f5:08:bf:6c:1b:b4:19:05:13:0f:94:08:b9:
                    0a:b6:a3:a8:38:97:8a:9b:02:eb:24:bf:a6:dc:63:
                    58:32:b7:ad:a8:00:c9:25:d8:6c:ab:3e:3a:9d:71:
                    da:0c:7b:be:9a:30:6e:cc:93:c3:fc:27:5d:0d:89:
                    1b:41:51:d3:b3:a9:65:e6:0b:c5:8d:a5:84:1c:bd:
                    90:71:c0:9e:63:87:e9:f3:99:f5:39:f8:5c:cc:20:
                    cd:93:33:3e:83:e4:d3:9b:b4:7b:8d:8e:37:ad:a4:
                    bc:23:1a:ed:84:04:6b:7c:1e:0e:c7:7d:04:0f:f3:
                    b5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:3F:34:1C:DA:A7:39:F9:28:0D:0B:84:9E:6E:10:C8:3E:B5:06:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2bb91fff-d9a1-4df2-aab1-5481abf16927.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f01:48d2::/47

    Signature Algorithm: sha256WithRSAEncryption
         a0:8c:ae:37:66:60:39:fb:47:79:98:97:4d:92:00:43:ae:07:
         96:ce:da:e5:c3:ba:9d:df:4e:79:aa:55:42:7a:d2:70:d2:0e:
         20:c2:2f:ae:94:18:34:ba:b2:d8:b5:f3:68:e4:1f:b9:d7:75:
         2a:bd:66:9b:b7:12:d4:59:5a:cb:cd:a8:1b:9a:0c:45:60:4f:
         81:aa:e9:cc:73:0e:d7:b9:d6:3f:d8:d5:5d:c5:50:8c:ca:d6:
         dd:5b:ea:3f:3c:c3:c7:ea:dc:7b:31:4f:29:16:b8:7e:0d:f7:
         fc:90:49:52:ac:9c:db:9e:bf:71:09:0a:4e:4f:1c:f0:d5:35:
         20:67:7f:ba:43:1f:67:92:eb:ec:e4:4b:c8:ef:80:0b:66:74:
         20:fb:72:77:67:76:8e:37:cb:ab:6b:e1:c5:64:14:ef:e5:d3:
         f3:67:bb:43:58:e0:4e:d8:48:9d:1b:54:0b:be:dd:43:f1:cd:
         a6:46:79:27:36:c4:6c:27:25:c8:0f:48:ec:dd:85:65:ee:84:
         c7:82:96:08:c4:9b:75:7c:78:1d:f2:c7:77:86:17:e6:9f:04:
         80:a1:7a:2f:96:f7:bf:3c:4b:fd:f0:39:df:bb:4c:c7:94:0e:
         dc:73:87:25:a8:98:94:48:de:00:03:42:c7:f9:2b:89:9e:b6:
         23:67:48:c8
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUPieHG42l7ipFI9dYV/+U/a8kIlowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI0MDAwMDAwWhcNMjUwMTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2Y1ZWEyMGY1ZmYxMWIxYTdhMzdhMzU1MzM1Y2U5ZTRm
NWY4YWE4Njk4YWNmNzU1MmExODJmODM1MGRiODUyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDITsnxmu5YPrR2HQstjzRzJu1MU39uFjq9ikYHxDfbtD0/
hRJAPB/7wOhMupko3dVWEdKugcIPXIWg+waeJBf8GB3Mk51w+AHhqq0JPWHUQ5Eg
y8lPiEQoIBjV+TtYVz6sb8SDjQ9BfLvggCmohs4gWdoA2548pqBXIIE+KCbTv3eG
PcA4xRyB9Qi/bBu0GQUTD5QIuQq2o6g4l4qbAuskv6bcY1gyt62oAMkl2GyrPjqd
cdoMe76aMG7Mk8P8J10NiRtBUdOzqWXmC8WNpYQcvZBxwJ5jh+nzmfU5+FzMIM2T
Mz6D5NObtHuNjjetpLwjGu2EBGt8Hg7HfQQP87V1AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUqT80HNqnOfkoDQuEnm4QyD61BiYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJiYjkxZmZmLWQ5YTEtNGRmMi1hYWIxLTU0ODFhYmYxNjkyNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwEmAB8BSNIwDQYJKoZIhvcNAQELBQADggEBAKCMrjdmYDn7R3mYl02SAEOu
B5bO2uXDup3fTnmqVUJ60nDSDiDCL66UGDS6sti182jkH7nXdSq9Zpu3EtRZWsvN
qBuaDEVgT4Gq6cxzDte51j/Y1V3FUIzK1t1b6j88w8fq3HsxTykWuH4N9/yQSVKs
nNuev3EJCk5PHPDVNSBnf7pDH2eS6+zkS8jvgAtmdCD7cndndo43y6tr4cVkFO/l
0/Nnu0NY4E7YSJ0bVAu+3UPxzaZGeSc2xGwnJcgPSOzdhWXuhMeClgjEm3V8eB3y
x3eGF+afBIChei+W9788S/3wOd+7TMeUDtxzhyWomJRI3gADQsf5K4metiNnSMg=
-----END CERTIFICATE-----