Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e498b2c-1869-4d49-be54-f35a871a8566.roa
File:                     4e498b2c-1869-4d49-be54-f35a871a8566.roa (raw, json)
Hash identifier:          Di6YmmIp3Smn6pR5nOXbcOvaq7EXdq3fkKkGGeXyNaQ=
Subject key identifier:   41:A9:40:40:00:25:36:93:4A:24:92:08:44:6B:91:4D:EA:64:B8:84
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       4F6F0554B7F6E391DA51686ADA72CF378EDF390E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e498b2c-1869-4d49-be54-f35a871a8566.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff2:6000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:6f:05:54:b7:f6:e3:91:da:51:68:6a:da:72:cf:37:8e:df:39:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=0e787ae9c7381a21a6ab25f04db547c3460045e544b14c4854e869cb7f231a44, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:89:40:0e:e3:36:bf:44:7c:0d:aa:ac:36:51:
                    9e:07:2a:f9:9b:d2:f2:58:77:b3:65:74:78:0f:2d:
                    14:48:6a:08:1e:8e:31:c9:d4:2b:b9:9e:71:18:14:
                    7c:6e:8c:a1:e6:b4:c8:38:d3:95:06:ad:3f:aa:9b:
                    e9:ba:91:33:f8:0e:5e:30:74:18:1b:b5:dc:cb:fe:
                    ae:56:9b:ee:5d:0e:83:9f:f8:f9:67:7a:4f:69:57:
                    3f:b4:bd:ac:a7:06:6c:c8:b3:d6:44:e3:50:8f:f6:
                    13:b5:66:02:50:a4:ce:07:3c:c0:26:38:5f:43:33:
                    7d:49:e9:98:ab:8b:46:5a:3a:9f:32:54:6a:2b:53:
                    b6:be:b8:a9:03:c9:e5:cf:13:77:85:5f:7c:65:50:
                    4e:73:bb:6f:b5:3c:fe:f3:a6:78:c4:2f:49:e3:40:
                    37:7f:08:51:c0:7e:cd:2f:43:64:e3:86:e7:74:db:
                    34:30:e5:e2:e2:f8:6c:ec:a7:ea:1e:48:b4:d4:86:
                    78:0f:3b:11:b0:d1:58:31:99:d4:f2:28:4a:e4:b0:
                    77:04:2e:cb:8d:fd:3f:6d:ff:04:f8:d4:71:de:8f:
                    7d:b4:5e:e9:c0:8e:91:2f:ca:99:34:9f:80:42:f8:
                    75:43:32:72:5e:84:46:be:73:27:06:60:40:a9:2d:
                    84:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A9:40:40:00:25:36:93:4A:24:92:08:44:6B:91:4D:EA:64:B8:84
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4e498b2c-1869-4d49-be54-f35a871a8566.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff2:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:e3:cd:5a:24:34:d3:22:4f:4e:e7:83:61:82:c3:6c:27:15:
         3c:ec:d0:aa:ce:8f:cc:b4:bd:31:d8:3a:bf:b2:84:9e:7c:2d:
         7e:06:f6:3e:5a:c1:f0:05:e6:5a:e7:f4:c9:be:94:51:55:03:
         da:61:17:1e:31:1d:d8:75:81:7e:4d:0e:14:2a:7b:1f:da:7b:
         b0:9b:d6:20:0c:e7:3a:d4:fb:89:06:eb:72:10:d0:b8:e9:7e:
         8d:cf:06:b3:e8:03:94:5f:f4:a0:21:d0:87:d4:e3:ce:2c:bc:
         d8:d5:84:82:1c:dc:92:2b:86:7a:71:7e:76:dc:40:e3:73:53:
         78:5d:38:ad:96:65:f4:96:f0:31:12:9d:e0:06:28:bf:1f:ac:
         d0:5d:49:d7:f3:5d:b8:03:3c:9b:90:42:d4:b5:f9:bd:ef:03:
         a4:68:db:83:f8:bd:b7:7a:0b:e3:8c:4d:5e:e0:21:f9:7d:54:
         0c:24:12:0f:13:a3:11:da:8c:c4:20:ac:94:a3:81:11:71:f4:
         36:e3:97:38:92:b4:57:a1:6b:65:42:a2:71:ba:ae:fb:18:15:
         90:0e:1a:91:42:47:84:ab:7a:fa:22:08:99:aa:6c:a4:06:77:
         48:c3:a3:34:b3:81:7b:85:c2:22:31:12:a6:57:b8:4f:73:ef:
         ee:62:35:ec
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUT28FVLf245HaUWhq2nLPN47fOQ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwZTc4N2FlOWM3MzgxYTIxYTZhYjI1ZjA0ZGI1NDdjMzQ2
MDA0NWU1NDRiMTRjNDg1NGU4NjljYjdmMjMxYTQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDaiUAO4za/RHwNqqw2UZ4HKvmb0vJYd7NldHgPLRRIagge
jjHJ1Cu5nnEYFHxujKHmtMg405UGrT+qm+m6kTP4Dl4wdBgbtdzL/q5Wm+5dDoOf
+Plnek9pVz+0vaynBmzIs9ZE41CP9hO1ZgJQpM4HPMAmOF9DM31J6Ziri0ZaOp8y
VGorU7a+uKkDyeXPE3eFX3xlUE5zu2+1PP7zpnjEL0njQDd/CFHAfs0vQ2Tjhud0
2zQw5eLi+Gzsp+oeSLTUhngPOxGw0VgxmdTyKErksHcELsuN/T9t/wT41HHej320
XunAjpEvypk0n4BC+HVDMnJehEa+cycGYECpLYT9AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUQalAQAAlNpNKJJIIRGuRTepkuIQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRlNDk4YjJjLTE4NjktNGQ0OS1iZTU0LWYzNWE4NzFhODU2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/yYDANBgkqhkiG9w0BAQsFAAOCAQEAJOPNWiQ00yJPTueDYYLDbCcV
POzQqs6PzLS9Mdg6v7KEnnwtfgb2PlrB8AXmWuf0yb6UUVUD2mEXHjEd2HWBfk0O
FCp7H9p7sJvWIAznOtT7iQbrchDQuOl+jc8Gs+gDlF/0oCHQh9Tjziy82NWEghzc
kiuGenF+dtxA43NTeF04rZZl9JbwMRKd4AYovx+s0F1J1/NduAM8m5BC1LX5ve8D
pGjbg/i9t3oL44xNXuAh+X1UDCQSDxOjEdqMxCCslKOBEXH0NuOXOJK0V6FrZUKi
cbqu+xgVkA4akUJHhKt6+iIImapspAZ3SMOjNLOBe4XCIjESple4T3Pv7mI17A==
-----END CERTIFICATE-----