Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cbb8c34-7621-4fa5-902c-9dd95bbabe32.roa
File:                     3cbb8c34-7621-4fa5-902c-9dd95bbabe32.roa (raw, json)
Hash identifier:          ONmvNsK6GapesmaFGFI5YFtl+Qe8Jsv8uztGSQ9pH8s=
Subject key identifier:   A3:23:13:E1:CE:E9:EC:A9:F5:80:1E:1E:EC:77:FE:7B:89:3A:A4:22
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1EE8D79B6CC0CCF8974C45BC16849BADB9C10614
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cbb8c34-7621-4fa5-902c-9dd95bbabe32.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffe:4000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:e8:d7:9b:6c:c0:cc:f8:97:4c:45:bc:16:84:9b:ad:b9:c1:06:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: serialNumber=be129f00caeed2e57909375798c1c6848383da6816041ab36aa7ab12a8cf2f6e, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:01:43:80:5b:3e:ee:db:48:01:27:4d:b3:2e:
                    a3:f5:8c:ea:f0:36:aa:ce:2d:4e:19:fd:86:10:11:
                    bf:38:b6:36:bf:df:0e:f4:cb:a6:fc:cd:dd:7d:92:
                    0f:e5:95:68:8c:9a:1d:93:ec:b5:b3:e0:d5:ed:ad:
                    d6:e6:2d:1f:68:52:d2:b1:d4:3f:aa:18:50:f6:9e:
                    6a:66:a7:ed:ea:f5:17:85:4e:f9:6b:13:ec:2d:a7:
                    9f:cc:49:4f:39:27:06:51:f5:6b:d6:65:10:6f:0d:
                    08:c0:5b:35:f6:40:0a:19:92:32:cf:d5:a3:7e:e5:
                    58:e4:c0:b8:ba:e7:50:09:4d:e9:99:a3:1f:b7:7b:
                    ab:d9:e5:14:32:70:6f:44:d6:8d:e2:c9:33:63:b4:
                    f9:28:c7:6f:f9:31:76:dd:91:66:f0:27:39:b7:ca:
                    81:7f:01:f5:13:ea:71:38:a8:88:78:34:72:44:da:
                    10:72:22:76:43:a6:1c:52:a7:32:50:4b:50:21:fd:
                    3c:fd:ff:b4:ce:6c:af:ac:79:73:15:c4:e5:38:30:
                    a0:7a:aa:b5:93:44:b3:d1:61:6d:1b:3e:76:e5:38:
                    83:00:17:49:b9:72:4b:98:9f:25:5d:8b:86:4e:a0:
                    af:68:f8:e0:c8:47:41:fc:29:c8:67:6b:a7:03:41:
                    5a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:23:13:E1:CE:E9:EC:A9:F5:80:1E:1E:EC:77:FE:7B:89:3A:A4:22
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/3cbb8c34-7621-4fa5-902c-9dd95bbabe32.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffe:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         50:9f:12:02:0b:1e:e4:05:f1:26:61:e5:90:8e:d5:91:db:3c:
         30:17:1c:4a:e9:02:d5:f6:6d:7c:5e:ee:3e:34:8b:46:f6:72:
         78:18:82:0a:a2:c9:0c:5b:99:13:51:21:84:e3:62:03:12:ee:
         6b:ff:0e:17:d7:33:d9:fa:40:e9:37:76:73:57:2f:88:f6:58:
         8f:e8:7c:60:27:57:f3:48:6d:89:bf:22:b1:46:a6:8f:30:8c:
         ee:d2:8e:07:d2:b8:e1:d8:6b:69:c6:46:74:97:eb:f8:3e:1b:
         96:32:b3:62:5c:18:99:7a:ab:0b:8f:60:da:2a:5e:61:d2:53:
         4d:17:5d:ff:a1:d4:af:84:87:a1:81:5f:8a:e6:ac:2b:b7:1c:
         57:75:8b:ca:73:9e:27:4a:75:3d:8d:f8:6e:6d:06:24:2b:8c:
         92:ba:a3:69:c2:c8:95:1a:ba:7f:d1:cf:0c:64:20:ac:9b:11:
         25:31:d3:61:80:58:c7:7d:d7:5a:b7:e9:90:00:bb:38:2b:b7:
         c5:35:ee:53:44:b0:ee:29:fc:93:77:4c:11:f9:d7:6a:46:47:
         86:30:83:66:05:66:10:f7:4d:82:b6:75:43:46:42:e9:3b:d8:
         28:70:f7:86:a2:b1:bd:f8:80:9c:97:ee:33:10:52:53:71:8e:
         40:fd:26:a0
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUHujXm2zAzPiXTEW8FoSbrbnBBhQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTEyOWYwMGNhZWVkMmU1NzkwOTM3NTc5OGMxYzY4NDgz
ODNkYTY4MTYwNDFhYjM2YWE3YWIxMmE4Y2YyZjZlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCeAUOAWz7u20gBJ02zLqP1jOrwNqrOLU4Z/YYQEb84tja/
3w70y6b8zd19kg/llWiMmh2T7LWz4NXtrdbmLR9oUtKx1D+qGFD2nmpmp+3q9ReF
TvlrE+wtp5/MSU85JwZR9WvWZRBvDQjAWzX2QAoZkjLP1aN+5VjkwLi651AJTemZ
ox+3e6vZ5RQycG9E1o3iyTNjtPkox2/5MXbdkWbwJzm3yoF/AfUT6nE4qIh4NHJE
2hByInZDphxSpzJQS1Ah/Tz9/7TObK+seXMVxOU4MKB6qrWTRLPRYW0bPnblOIMA
F0m5ckuYnyVdi4ZOoK9o+ODIR0H8Kchna6cDQVqDAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUoyMT4c7p7Kn1gB4e7Hf+e4k6pCIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzNjYmI4YzM0LTc2MjEtNGZhNS05MDJjLTlkZDk1YmJhYmUzMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/+QDANBgkqhkiG9w0BAQsFAAOCAQEAUJ8SAgse5AXxJmHlkI7Vkds8
MBccSukC1fZtfF7uPjSLRvZyeBiCCqLJDFuZE1EhhONiAxLua/8OF9cz2fpA6Td2
c1cviPZYj+h8YCdX80htib8isUamjzCM7tKOB9K44dhracZGdJfr+D4bljKzYlwY
mXqrC49g2ipeYdJTTRdd/6HUr4SHoYFfiuasK7ccV3WLynOeJ0p1PY34bm0GJCuM
krqjacLIlRq6f9HPDGQgrJsRJTHTYYBYx33XWrfpkAC7OCu3xTXuU0Sw7in8k3dM
EfnXakZHhjCDZgVmEPdNgrZ1Q0ZC6TvYKHD3hqKxvfiAnJfuMxBSU3GOQP0moA==
-----END CERTIFICATE-----