Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66b6103b-42bf-4804-87da-374ed23ffff2.roa
File:                     66b6103b-42bf-4804-87da-374ed23ffff2.roa (raw, json)
Hash identifier:          B0Vm231+mZseAMYeJWktJhvmHv65LxvPVirDN7QvEZE=
Subject key identifier:   66:74:98:B4:29:26:18:26:AD:80:8F:59:73:2E:F5:A6:C8:1D:EF:23
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       64A74C79E43E9228070ABF91CDF6C5E72499B911
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66b6103b-42bf-4804-87da-374ed23ffff2.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f1c::/36 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:a7:4c:79:e4:3e:92:28:07:0a:bf:91:cd:f6:c5:e7:24:99:b9:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=782b6eff38c7bdb38e3a4fc15e6e70cf90d34456c94a82220e65c038e06e88ae, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:da:e1:68:ba:df:ae:52:74:b7:bb:0f:31:d3:
                    87:67:a2:ad:47:a4:3a:c1:34:52:5a:e8:74:f7:f3:
                    a7:19:aa:b8:94:f6:47:eb:58:7f:e1:d4:6f:24:5f:
                    6b:c1:d3:f9:e3:36:f2:a0:03:d2:7e:9a:35:64:cb:
                    1b:d3:c2:17:0a:fe:64:9e:ac:35:a8:a5:ca:6b:ea:
                    f7:d3:3d:78:51:8f:db:fd:58:d4:a8:00:e7:fd:c0:
                    1d:05:28:d0:e1:e0:39:19:df:07:9d:2a:a2:14:94:
                    97:4e:1b:0c:13:0f:fe:b5:46:52:13:13:db:6e:45:
                    8a:82:e6:29:f2:e2:75:38:d2:0d:d6:4a:2f:8e:48:
                    24:69:05:b1:40:05:65:2b:82:96:33:10:52:3c:3e:
                    01:fc:20:d1:e8:e0:71:f2:28:ea:3d:06:e2:52:8d:
                    97:35:27:89:71:96:c5:23:90:1a:3a:bb:12:7e:9a:
                    5e:f4:bf:21:7e:3a:e8:f9:a9:91:b0:08:30:4f:9d:
                    f2:b0:3f:55:d7:87:1b:25:c3:9b:19:03:29:48:8f:
                    b5:78:7f:ce:80:dd:fd:d4:9d:a7:6e:13:ff:fa:25:
                    47:88:43:9f:db:fb:57:ee:46:76:7a:18:4e:be:30:
                    19:5c:12:8b:a9:43:98:81:8b:43:84:dd:ea:08:69:
                    5e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:74:98:B4:29:26:18:26:AD:80:8F:59:73:2E:F5:A6:C8:1D:EF:23
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/66b6103b-42bf-4804-87da-374ed23ffff2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1c::/36

    Signature Algorithm: sha256WithRSAEncryption
         13:75:c6:d6:a0:d7:5b:b7:63:eb:8c:51:d6:82:99:cd:7f:c2:
         55:80:53:3c:16:6c:5b:e2:42:b1:1d:40:70:65:24:7e:e8:6e:
         c7:16:b3:89:fe:44:68:33:55:35:38:8d:ad:75:97:94:67:35:
         e4:98:78:2a:a7:9d:f8:26:67:d1:ca:75:8c:27:ca:1c:da:1c:
         99:d3:46:a7:e8:ae:bf:9b:02:7f:48:0e:7a:13:a3:27:fe:36:
         cb:49:9e:ed:be:7f:05:02:09:54:1c:f1:dc:0e:88:33:cb:b7:
         49:51:b2:ee:c9:a4:72:a8:1c:70:ef:81:ec:55:d4:56:ef:3d:
         c7:a5:09:b9:fd:1b:cf:e0:c3:54:27:54:11:e0:b9:6c:d8:58:
         60:d6:6d:a9:75:2b:e9:f8:f7:44:0c:cb:8a:36:0e:33:28:39:
         57:e9:e9:51:23:0d:45:44:86:97:92:ef:3b:45:50:e4:47:8b:
         7f:87:13:11:64:d0:3e:3c:5f:69:21:ad:a7:42:c4:7c:ac:e6:
         68:f1:1e:13:23:99:82:93:ff:0d:b5:49:54:8d:1b:3b:8c:f8:
         75:1b:71:88:79:39:25:08:45:09:d5:c4:e8:37:18:2f:34:6b:
         d9:25:7f:e0:0f:a9:8d:fb:82:64:d1:56:3b:1b:48:94:53:2c:
         93:82:5e:ff
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZKdMeeQ+kigHCr+RzfbF5ySZuREwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3ODJiNmVmZjM4YzdiZGIzOGUzYTRmYzE1ZTZlNzBjZjkw
ZDM0NDU2Yzk0YTgyMjIwZTY1YzAzOGUwNmU4OGFlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDk2uFout+uUnS3uw8x04dnoq1HpDrBNFJa6HT386cZqriU
9kfrWH/h1G8kX2vB0/njNvKgA9J+mjVkyxvTwhcK/mSerDWopcpr6vfTPXhRj9v9
WNSoAOf9wB0FKNDh4DkZ3wedKqIUlJdOGwwTD/61RlITE9tuRYqC5iny4nU40g3W
Si+OSCRpBbFABWUrgpYzEFI8PgH8INHo4HHyKOo9BuJSjZc1J4lxlsUjkBo6uxJ+
ml70vyF+Ouj5qZGwCDBPnfKwP1XXhxslw5sZAylIj7V4f86A3f3UnaduE//6JUeI
Q5/b+1fuRnZ6GE6+MBlcEoupQ5iBi0OE3eoIaV6jAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUZnSYtCkmGCatgI9Zcy71psgd7yMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY2YjYxMDNiLTQyYmYtNDgwNC04N2RhLTM3NGVkMjNmZmZmMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8cADANBgkqhkiG9w0BAQsFAAOCAQEAE3XG1qDXW7dj64xR1oKZzX/C
VYBTPBZsW+JCsR1AcGUkfuhuxxazif5EaDNVNTiNrXWXlGc15Jh4Kqed+CZn0cp1
jCfKHNocmdNGp+iuv5sCf0gOehOjJ/42y0me7b5/BQIJVBzx3A6IM8u3SVGy7smk
cqgccO+B7FXUVu89x6UJuf0bz+DDVCdUEeC5bNhYYNZtqXUr6fj3RAzLijYOMyg5
V+npUSMNRUSGl5LvO0VQ5EeLf4cTEWTQPjxfaSGtp0LEfKzmaPEeEyOZgpP/DbVJ
VI0bO4z4dRtxiHk5JQhFCdXE6DcYLzRr2SV/4A+pjfuCZNFWOxtIlFMsk4Je/w==
-----END CERTIFICATE-----