Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/723cdf4a-1016-40db-8e26-4cf822671140.roa
File:                     723cdf4a-1016-40db-8e26-4cf822671140.roa (raw, json)
Hash identifier:          hJsIKkwZoydSnVe7yqVTqLu3TUaLcb/yILbfCtF6bno=
Subject key identifier:   49:3D:7F:49:CB:B6:BF:92:ED:61:12:11:E0:A1:5B:82:D2:14:4D:83
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       36BF3069D78E3F5871284969020F2256920A9A7F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/723cdf4a-1016-40db-8e26-4cf822671140.roa
Signing time:             Mon 17 Feb 2025 15:30:23 +0000
ROA not before:           Mon 17 Feb 2025 15:30:23 +0000
ROA not after:            Mon 24 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f30:8020::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:bf:30:69:d7:8e:3f:58:71:28:49:69:02:0f:22:56:92:0a:9a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb 17 15:30:23 2025 GMT
            Not After : Mar 24 23:59:59 2025 GMT
        Subject: serialNumber=186e41006313116494a8a4be2ee6c2367fcfe8515efd78774d6ecf57b641eb1d, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fa:ba:e6:e6:c8:fb:09:9f:62:58:1f:e5:a8:
                    10:eb:68:80:17:de:0f:2e:47:9e:70:dd:13:af:ae:
                    2d:dd:12:f8:da:39:af:8f:f6:59:ba:b5:20:7e:b8:
                    68:e3:94:53:b5:12:83:ce:78:9f:3d:8b:b3:32:2a:
                    16:fc:4e:b5:64:2b:e0:27:b7:74:83:f0:65:63:3f:
                    40:bc:22:d0:bf:bd:bd:54:bc:5b:3c:16:61:0e:c4:
                    e9:41:97:25:5b:72:1d:fc:80:96:59:0f:95:0a:40:
                    77:b9:f2:df:b3:4b:e0:90:1a:aa:59:d4:91:da:28:
                    fb:a8:31:02:9f:bc:60:55:c8:db:ba:ea:90:2d:f8:
                    ec:24:6f:90:31:0d:6a:a5:e8:ec:30:d0:0e:70:b5:
                    b1:49:04:64:23:23:ff:c6:26:ee:c9:4c:ed:2f:e4:
                    73:c6:6f:ae:e9:0b:a3:95:d4:55:86:1c:c4:0b:27:
                    eb:0f:06:89:18:ee:f7:fe:eb:89:4b:b3:ce:8b:ba:
                    39:8d:76:bd:19:9f:b8:a5:9b:6c:3c:1a:54:a4:d4:
                    b7:2e:6c:4f:46:d8:9d:40:dd:ae:ba:51:cf:30:88:
                    bc:90:fb:3b:68:b6:0b:0f:cf:6f:4b:c7:d4:56:1e:
                    21:b3:a4:a6:5d:e0:80:71:d5:42:bd:b9:63:83:f3:
                    1f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:3D:7F:49:CB:B6:BF:92:ED:61:12:11:E0:A1:5B:82:D2:14:4D:83
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/723cdf4a-1016-40db-8e26-4cf822671140.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f30:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:0f:f7:6e:3f:2c:82:6e:af:e2:24:34:55:69:e5:87:ba:b7:
         24:23:61:fc:d7:a9:1e:5c:6c:bd:dd:26:c4:f1:bf:ae:b8:dd:
         95:81:47:cf:40:88:a5:b2:09:61:95:16:25:3f:9d:12:ea:d9:
         cd:b6:3f:12:be:38:22:30:df:85:de:21:e5:fa:f5:cb:2a:92:
         37:bd:5c:4c:9f:30:dc:a1:39:bf:33:b2:a2:79:8b:55:a4:20:
         da:e5:80:54:0c:b5:79:ea:28:87:43:e5:e2:66:62:79:6c:e8:
         be:40:d9:7c:50:16:07:53:d6:94:1d:67:1b:a5:99:b2:42:75:
         81:49:1c:0c:03:94:3a:04:4c:4c:47:8a:e2:85:59:50:a0:2e:
         28:84:7a:3d:ad:cb:73:ee:ca:65:11:8d:37:5a:8f:a6:3b:af:
         57:3e:8e:d2:c2:f0:8f:d9:a6:53:47:d4:7e:eb:c8:cb:42:81:
         5c:2e:d9:e9:b8:92:89:df:c8:24:a9:92:11:a4:6c:23:49:2d:
         3a:97:39:ea:a0:04:4f:2d:d1:69:68:74:4a:b9:20:55:3e:fe:
         b1:c5:0a:b2:49:2c:b9:a5:34:37:fc:48:ec:84:9b:0f:e2:ce:
         b2:73:2f:44:76:70:43:7a:c3:50:34:a8:42:0e:5b:cb:db:5a:
         e7:84:6e:47
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUNr8wadeOP1hxKElpAg8iVpIKmn8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjE3MTUzMDIzWhcNMjUwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxODZlNDEwMDYzMTMxMTY0OTRhOGE0YmUyZWU2YzIzNjdm
Y2ZlODUxNWVmZDc4Nzc0ZDZlY2Y1N2I2NDFlYjFkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCj+rrm5sj7CZ9iWB/lqBDraIAX3g8uR55w3ROvri3dEvja
Oa+P9lm6tSB+uGjjlFO1EoPOeJ89i7MyKhb8TrVkK+Ant3SD8GVjP0C8ItC/vb1U
vFs8FmEOxOlBlyVbch38gJZZD5UKQHe58t+zS+CQGqpZ1JHaKPuoMQKfvGBVyNu6
6pAt+Owkb5AxDWql6Oww0A5wtbFJBGQjI//GJu7JTO0v5HPGb67pC6OV1FWGHMQL
J+sPBokY7vf+64lLs86LujmNdr0Zn7ilm2w8GlSk1LcubE9G2J1A3a66Uc8wiLyQ
+ztotgsPz29Lx9RWHiGzpKZd4IBx1UK9uWOD8x+5AgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUST1/Scu2v5LtYRIR4KFbgtIUTYMwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzcyM2NkZjRhLTEwMTYtNDBkYi04ZTI2LTRjZjgyMjY3MTE0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB8wgCAwDQYJKoZIhvcNAQELBQADggEBAJ0P924/LIJur+IkNFVp5Ye6
tyQjYfzXqR5cbL3dJsTxv6643ZWBR89AiKWyCWGVFiU/nRLq2c22PxK+OCIw34Xe
IeX69csqkje9XEyfMNyhOb8zsqJ5i1WkINrlgFQMtXnqKIdD5eJmYnls6L5A2XxQ
FgdT1pQdZxulmbJCdYFJHAwDlDoETExHiuKFWVCgLiiEej2ty3PuymURjTdaj6Y7
r1c+jtLC8I/ZplNH1H7ryMtCgVwu2em4konfyCSpkhGkbCNJLTqXOeqgBE8t0Wlo
dEq5IFU+/rHFCrJJLLmlNDf8SOyEmw/izrJzL0R2cEN6w1A0qEIOW8vbWueEbkc=
-----END CERTIFICATE-----