Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67e62cea-c1b4-4f72-8b72-eb20d907a3d0.roa
File:                     67e62cea-c1b4-4f72-8b72-eb20d907a3d0.roa (raw, json)
Hash identifier:          2bdI94l5KbFDr9tSvrF/wOcvegMZZv+Nkaij30UsY0I=
Subject key identifier:   C6:82:5B:16:E7:97:CF:24:84:B0:90:A7:A2:C6:76:13:25:A9:2A:64
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       372641D66B5B12983A33B78F1CAAB0BAA9242D2E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67e62cea-c1b4-4f72-8b72-eb20d907a3d0.roa
Signing time:             Mon 16 Dec 2024 00:00:00 +0000
ROA not before:           Mon 16 Dec 2024 00:00:00 +0000
ROA not after:            Mon 20 Jan 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f36:8000::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:26:41:d6:6b:5b:12:98:3a:33:b7:8f:1c:aa:b0:ba:a9:24:2d:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 16 00:00:00 2024 GMT
            Not After : Jan 20 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:98:32:39:50:92:d7:0f:44:b5:2d:00:41:ad:
                    35:fd:01:08:50:40:cb:16:1f:00:79:11:55:39:5a:
                    ac:8c:b0:77:92:6e:8e:b7:19:96:31:97:aa:a7:05:
                    0a:33:41:e8:81:11:a8:50:fd:91:04:8b:7b:23:87:
                    cc:0a:45:c0:c0:eb:e6:48:cc:5b:90:d3:c8:e8:c4:
                    0c:7c:74:60:a0:cd:46:ae:b2:95:3e:be:91:d0:87:
                    7f:ca:ee:cc:6a:5b:ec:a5:38:db:ba:74:9a:6a:53:
                    32:b4:57:05:a9:69:2a:14:28:48:a8:4d:60:e7:5b:
                    91:d0:7f:22:97:55:fa:49:6c:34:80:7b:36:c9:1a:
                    f8:bc:ef:f6:a3:b6:b4:db:8b:75:87:cb:60:3a:1a:
                    a1:90:9a:15:f6:42:8a:93:39:29:28:2a:81:46:3e:
                    89:fa:e3:9f:2f:f8:72:a3:91:28:d3:41:02:74:bc:
                    68:d3:dc:36:9d:09:9a:de:13:f3:a4:84:82:25:47:
                    a5:bc:63:b7:b5:2e:ed:c7:78:21:9f:fb:76:f8:32:
                    02:9a:c3:c4:a8:2c:09:b2:d6:f7:a1:39:2d:33:4c:
                    e5:3d:e3:62:d7:2e:72:56:ec:de:43:e6:12:17:fe:
                    cf:e8:f5:69:c6:a1:0a:40:bd:fc:a4:34:64:31:13:
                    7c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:82:5B:16:E7:97:CF:24:84:B0:90:A7:A2:C6:76:13:25:A9:2A:64
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/67e62cea-c1b4-4f72-8b72-eb20d907a3d0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f36:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         69:f5:13:10:5c:10:ff:fa:e1:00:b8:30:b2:6a:66:87:5a:88:
         e6:4f:b1:d2:3a:fc:a7:29:e6:a3:2b:28:04:cc:4f:9c:a5:80:
         1f:6a:1d:bc:67:f8:22:f1:50:39:be:14:f4:aa:3b:ef:76:a2:
         4c:46:54:3c:a4:46:1d:cb:d7:a3:57:01:47:cd:d5:26:1e:41:
         36:01:d9:63:7d:d5:d1:62:01:35:62:f9:b0:3e:5b:8a:b2:77:
         61:95:af:8e:27:cc:ff:a6:bd:83:1e:d1:e1:ff:71:3d:5d:47:
         e6:fe:64:82:79:e3:8a:b6:92:84:1d:6b:ab:f7:2f:19:aa:35:
         e6:0f:2b:e3:a7:cf:f9:11:86:1d:2d:74:3d:b2:d8:9a:c2:cb:
         a9:fb:5b:ca:fd:28:3c:88:59:70:bd:f8:90:55:57:9a:eb:a9:
         51:70:1a:2b:c1:a4:cd:b6:33:69:5e:7a:9b:ed:bf:7d:be:b4:
         bf:3e:13:3e:93:d9:30:ad:07:0e:b6:df:37:3d:27:da:08:05:
         35:77:b9:86:1b:ea:bb:4f:da:48:fa:05:96:dc:76:9e:c5:d6:
         be:e2:10:dd:52:27:03:ba:87:aa:b7:72:51:ed:5f:3f:53:5d:
         99:24:c8:1a:5b:ae:42:41:df:75:f0:4d:f0:5a:45:62:ad:52:
         79:59:a7:9e
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUNyZB1mtbEpg6M7ePHKqwuqkkLS4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE2MDAwMDAwWhcNMjUwMTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A2NzRjZGJmNmZlNGJlMGIyMmMxNTA5MWY2OTE0ZWZjYTdi
MWFjNmU1YzU4MTJlZjJjYjRhMjZiYmEyZjY1ZjMxMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDwmDI5UJLXD0S1LQBBrTX9AQhQQMsWHwB5EVU5WqyMsHeS
bo63GZYxl6qnBQozQeiBEahQ/ZEEi3sjh8wKRcDA6+ZIzFuQ08joxAx8dGCgzUau
spU+vpHQh3/K7sxqW+ylONu6dJpqUzK0VwWpaSoUKEioTWDnW5HQfyKXVfpJbDSA
ezbJGvi87/ajtrTbi3WHy2A6GqGQmhX2QoqTOSkoKoFGPon6458v+HKjkSjTQQJ0
vGjT3DadCZreE/OkhIIlR6W8Y7e1Lu3HeCGf+3b4MgKaw8SoLAmy1vehOS0zTOU9
42LXLnJW7N5D5hIX/s/o9WnGoQpAvfykNGQxE3xZAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUxoJbFueXzySEsJCnosZ2EyWpKmQwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzY3ZTYyY2VhLWMxYjQtNGY3Mi04YjcyLWViMjBkOTA3YTNkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB82gDANBgkqhkiG9w0BAQsFAAOCAQEAafUTEFwQ//rhALgwsmpmh1qI
5k+x0jr8pynmoysoBMxPnKWAH2odvGf4IvFQOb4U9Ko773aiTEZUPKRGHcvXo1cB
R83VJh5BNgHZY33V0WIBNWL5sD5birJ3YZWvjifM/6a9gx7R4f9xPV1H5v5kgnnj
iraShB1rq/cvGao15g8r46fP+RGGHS10PbLYmsLLqftbyv0oPIhZcL34kFVXmuup
UXAaK8GkzbYzaV56m+2/fb60vz4TPpPZMK0HDrbfNz0n2ggFNXe5hhvqu0/aSPoF
ltx2nsXWvuIQ3VInA7qHqrdyUe1fP1NdmSTIGluuQkHfdfBN8FpFYq1SeVmnng==
-----END CERTIFICATE-----