Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/664b5c88-c7b6-4443-8c1a-f4429e487f3a.roa
File:                     664b5c88-c7b6-4443-8c1a-f4429e487f3a.roa (raw, json)
Hash identifier:          sdYuah3F5k+wIn9yiErzjKcOXJKnjhBp/GAZOXvZ2Dk=
Subject key identifier:   18:BD:06:C1:FC:46:E3:EA:0F:34:36:E1:08:3A:52:97:15:5F:41:A1
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2B16A2639756D249A76F25F15529A087A2B36BF9
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/664b5c88-c7b6-4443-8c1a-f4429e487f3a.roa
Signing time:             Tue 08 Jul 2025 16:00:27 +0000
ROA not before:           Tue 08 Jul 2025 16:00:27 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ffb:5080::/46 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:16:a2:63:97:56:d2:49:a7:6f:25:f1:55:29:a0:87:a2:b3:6b:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 16:00:27 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=93ca5e2f036436f90dfe56ea5345768c3d741fceda16062f050861b8160f3267, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:88:c0:fe:2b:27:2d:06:3c:fa:70:f5:4d:2d:
                    75:6b:2c:55:13:aa:9a:77:29:5c:e7:fb:92:51:84:
                    77:fb:1a:69:2a:26:54:09:99:6c:80:9e:89:aa:d6:
                    1b:1a:56:0e:ea:3c:ed:1f:1e:a7:d5:c0:e3:5a:4b:
                    04:57:09:45:57:21:0f:d4:91:5c:74:ea:8f:c2:77:
                    a6:58:fe:d1:03:95:a2:fd:84:7c:2a:32:d0:33:e4:
                    0e:29:bc:a9:e7:85:2e:2b:e9:c8:4a:c2:77:22:f0:
                    b4:86:1f:65:71:6b:70:0b:29:66:d9:3e:75:f1:7e:
                    11:d3:20:13:6b:1f:94:6f:7d:97:bd:52:f3:e2:ff:
                    27:23:a2:cb:63:7c:29:3d:42:85:7e:b1:c6:b4:a6:
                    55:24:26:88:b8:67:56:66:26:16:6d:d4:ca:79:c5:
                    49:ad:46:ac:98:05:23:6b:d4:f2:c1:d0:91:e2:ee:
                    50:1d:51:94:cf:b9:47:a9:09:9f:e6:73:da:bc:2c:
                    40:bf:12:f9:08:50:b6:1a:23:04:4d:3a:e4:2f:c0:
                    bf:e2:25:50:fe:5a:ea:5d:ce:36:97:de:58:6c:ee:
                    a1:82:a4:6b:3d:06:a2:2f:6f:2b:a1:db:f5:e1:25:
                    46:6c:4a:cd:87:7f:39:41:59:88:62:17:b0:02:52:
                    c3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:BD:06:C1:FC:46:E3:EA:0F:34:36:E1:08:3A:52:97:15:5F:41:A1
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/664b5c88-c7b6-4443-8c1a-f4429e487f3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:5080::/46

    Signature Algorithm: sha256WithRSAEncryption
         6f:64:13:ab:2d:9b:c7:35:23:36:42:bd:03:a0:68:b1:8a:2f:
         c0:87:64:35:e5:65:e3:74:6d:6a:1c:7b:fe:48:e2:f1:f6:54:
         f1:17:f0:64:1c:5b:5c:75:49:7f:7d:a8:ef:f3:30:5f:88:76:
         21:72:ad:7f:56:95:4b:51:2f:a6:30:20:f6:46:dd:4a:38:ff:
         07:50:ea:7b:07:77:e0:d5:25:38:be:fe:a7:d0:e5:98:45:ae:
         7b:ea:2c:8a:6d:ba:41:8a:d8:1a:7c:90:a1:a3:9e:cc:55:ce:
         2e:cd:21:b7:ae:6b:27:fc:c7:28:8e:0e:5c:34:26:30:f5:11:
         0d:55:89:20:82:99:a7:ce:be:05:9b:3f:14:fe:a5:34:7f:a4:
         ec:4a:da:cd:8d:a4:a6:b3:eb:a6:e1:1a:90:01:0e:e6:ba:a9:
         c7:81:0d:d0:a7:39:1a:d1:03:2d:1f:6f:7a:76:b2:3d:dc:e5:
         97:32:57:e3:17:7c:1b:21:2a:3b:0e:39:a5:e8:30:a0:01:2c:
         d7:42:4f:54:09:ba:62:d0:bd:25:ee:c7:79:8f:3b:61:f5:a5:
         7c:a2:a7:27:08:17:3a:2f:29:60:cc:74:74:67:c9:7a:28:50:
         c8:da:da:c3:b6:41:27:32:3f:c1:06:6d:09:c6:63:dd:7a:da:
         8e:fc:34:84
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUKxaiY5dW0kmnbyXxVSmgh6Kza/kwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MTYwMDI3WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2NhNWUyZjAzNjQzNmY5MGRmZTU2ZWE1MzQ1NzY4YzNk
NzQxZmNlZGExNjA2MmYwNTA4NjFiODE2MGYzMjY3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCSiMD+KyctBjz6cPVNLXVrLFUTqpp3KVzn+5JRhHf7Gmkq
JlQJmWyAnomq1hsaVg7qPO0fHqfVwONaSwRXCUVXIQ/UkVx06o/Cd6ZY/tEDlaL9
hHwqMtAz5A4pvKnnhS4r6chKwnci8LSGH2Vxa3ALKWbZPnXxfhHTIBNrH5RvfZe9
UvPi/ycjostjfCk9QoV+sca0plUkJoi4Z1ZmJhZt1Mp5xUmtRqyYBSNr1PLB0JHi
7lAdUZTPuUepCZ/mc9q8LEC/EvkIULYaIwRNOuQvwL/iJVD+WupdzjaX3lhs7qGC
pGs9BqIvbyuh2/XhJUZsSs2HfzlBWYhiF7ACUsO5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUGL0GwfxG4+oPNDbhCDpSlxVfQaEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2NGI1Yzg4LWM3YjYtNDQ0My04YzFhLWY0NDI5ZTQ4N2YzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/7UIAwDQYJKoZIhvcNAQELBQADggEBAG9kE6stm8c1IzZCvQOgaLGK
L8CHZDXlZeN0bWoce/5I4vH2VPEX8GQcW1x1SX99qO/zMF+IdiFyrX9WlUtRL6Yw
IPZG3Uo4/wdQ6nsHd+DVJTi+/qfQ5ZhFrnvqLIptukGK2Bp8kKGjnsxVzi7NIbeu
ayf8xyiODlw0JjD1EQ1ViSCCmafOvgWbPxT+pTR/pOxK2s2NpKaz66bhGpABDua6
qceBDdCnORrRAy0fb3p2sj3c5ZcyV+MXfBshKjsOOaXoMKABLNdCT1QJumLQvSXu
x3mPO2H1pXyipycIFzovKWDMdHRnyXooUMja2sO2QScyP8EGbQnGY9162o78NIQ=
-----END CERTIFICATE-----