Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2dff1d1c-ed0c-4bce-b471-b01cd80c2b81.roa
File:                     2dff1d1c-ed0c-4bce-b471-b01cd80c2b81.roa (raw, json)
Hash identifier:          HGnf4+R1oZcWmWsjjLz71duWC3siosCCm7YAkc5oPQs=
Subject key identifier:   B2:4D:00:3D:C6:FC:17:2A:F9:E7:FD:74:8D:2D:CB:47:F2:B0:00:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4DAF88EEA17256F99CE2995EF30EDED0863D64FD
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2dff1d1c-ed0c-4bce-b471-b01cd80c2b81.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f60:a400::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:af:88:ee:a1:72:56:f9:9c:e2:99:5e:f3:0e:de:d0:86:3d:64:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7a:2e:9d:eb:d3:54:a4:16:12:44:53:89:0e:
                    58:8f:c3:d6:04:89:35:d1:39:33:9a:35:11:5d:ab:
                    48:45:60:5d:43:c0:61:9c:d1:32:33:e8:3d:57:ac:
                    ea:d2:57:66:f1:83:55:c5:75:b2:23:73:45:bc:96:
                    ef:77:ab:ca:50:8b:3c:78:d2:b7:f5:b9:cb:b1:53:
                    c3:59:5a:59:36:c5:e4:fd:26:71:0a:d8:19:e1:fd:
                    89:1f:ce:ba:62:4e:e6:a4:6f:c4:d1:bc:34:4f:98:
                    ef:28:28:8e:8f:bb:5d:a4:79:69:b0:c6:14:e6:2b:
                    d9:0a:85:f7:e6:c5:73:9c:a7:2a:6d:1c:05:49:ff:
                    6e:a6:2b:51:fb:f1:4d:fb:95:d8:73:75:4d:f8:b0:
                    7e:d7:51:df:f6:2c:2c:6a:2b:1f:e5:a1:aa:e3:69:
                    40:2e:71:dd:46:23:f0:e8:cd:59:7a:86:85:5b:b4:
                    f0:b5:c0:49:4c:40:b9:3a:d9:dd:66:f2:26:ff:de:
                    c9:d3:57:c1:5d:46:0a:c2:b8:df:97:81:20:90:53:
                    4e:be:cf:15:c1:4d:86:72:ed:ec:a9:6f:91:0d:50:
                    3c:62:b8:c7:2c:58:72:d3:0f:71:b5:0b:4a:7f:da:
                    72:6c:00:f7:22:c2:11:07:5f:55:64:3c:5d:eb:07:
                    74:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4D:00:3D:C6:FC:17:2A:F9:E7:FD:74:8D:2D:CB:47:F2:B0:00:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/2dff1d1c-ed0c-4bce-b471-b01cd80c2b81.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f60:a400::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:f7:37:99:e9:10:3b:24:af:95:62:6a:c9:60:19:37:ea:92:
         ca:b0:54:05:ab:65:89:2d:41:0c:8f:1a:e5:99:7d:7b:ed:c8:
         7c:38:2f:a2:e7:eb:53:ff:03:20:98:4d:45:4c:60:62:4c:0a:
         b8:86:66:3c:dc:dc:53:1e:4c:52:87:21:81:e2:8a:cd:d2:9d:
         b8:8e:3d:91:bd:32:de:08:a7:79:63:75:eb:56:bd:50:a1:60:
         7f:2c:a7:fe:71:73:ce:16:04:c6:f0:f1:f0:cf:77:af:59:5c:
         95:ce:40:15:76:0c:8c:ba:a1:71:57:ef:4c:b2:cc:df:f0:2c:
         b0:a1:bc:ce:0d:fb:5b:11:3f:06:51:da:0f:d6:3c:3c:e9:c9:
         93:40:56:8a:70:4d:c1:f2:81:47:c9:ff:7f:f2:8a:60:54:7b:
         c9:b7:71:74:0d:6c:1c:02:e3:4c:6a:a4:b9:b2:04:d5:be:7c:
         d5:cd:a3:4c:99:7e:f1:5b:dd:7b:a6:4d:d5:e7:4d:af:9a:02:
         ca:0d:fc:2f:62:56:b6:97:24:58:51:a1:0c:a6:01:d6:cb:d1:
         ee:24:f0:d2:3d:e9:8e:90:f2:68:28:a2:f2:e1:75:34:de:6f:
         84:a7:dd:c9:a2:1b:c2:35:9f:1d:61:00:34:6e:2f:34:10:0a:
         5e:70:fa:f1
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUTa+I7qFyVvmc4ple8w7e0IY9ZP0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AwNWU0MTRjYzI4OTc0YTg0MDBkZDRkOWVmNjE0MTdiYmZh
NmVlZmJkZGRkZDAyNDA4YmY4ZmY4MDZkN2RhZDA3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCqei6d69NUpBYSRFOJDliPw9YEiTXROTOaNRFdq0hFYF1D
wGGc0TIz6D1XrOrSV2bxg1XFdbIjc0W8lu93q8pQizx40rf1ucuxU8NZWlk2xeT9
JnEK2Bnh/YkfzrpiTuakb8TRvDRPmO8oKI6Pu12keWmwxhTmK9kKhffmxXOcpypt
HAVJ/26mK1H78U37ldhzdU34sH7XUd/2LCxqKx/loarjaUAucd1GI/DozVl6hoVb
tPC1wElMQLk62d1m8ib/3snTV8FdRgrCuN+XgSCQU06+zxXBTYZy7eypb5ENUDxi
uMcsWHLTD3G1C0p/2nJsAPciwhEHX1VkPF3rB3STAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUsk0APcb8Fyr55/10jS3LR/KwAIMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzJkZmYxZDFjLWVkMGMtNGJjZS1iNDcxLWIwMWNkODBjMmI4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB9gpDANBgkqhkiG9w0BAQsFAAOCAQEAr/c3mekQOySvlWJqyWAZN+qS
yrBUBatliS1BDI8a5Zl9e+3IfDgvoufrU/8DIJhNRUxgYkwKuIZmPNzcUx5MUoch
geKKzdKduI49kb0y3gineWN161a9UKFgfyyn/nFzzhYExvDx8M93r1lclc5AFXYM
jLqhcVfvTLLM3/AssKG8zg37WxE/BlHaD9Y8POnJk0BWinBNwfKBR8n/f/KKYFR7
ybdxdA1sHALjTGqkubIE1b581c2jTJl+8Vvde6ZN1edNr5oCyg38L2JWtpckWFGh
DKYB1svR7iTw0j3pjpDyaCii8uF1NN5vhKfdyaIbwjWfHWEANG4vNBAKXnD68Q==
-----END CERTIFICATE-----