Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/77a7434c-c4a3-421e-afd6-129ff5970b20.roa
File:                     77a7434c-c4a3-421e-afd6-129ff5970b20.roa (raw, json)
Hash identifier:          L6V2UMRX8q/zeitX6rKoXZg/bSM6LlWTR5gQGZbjt10=
Subject key identifier:   9C:B0:0A:68:BC:3A:DD:EB:AE:B7:15:66:FB:EA:B4:5E:0B:A1:A5:C2
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E3584E4AB5AB25E488E09D27889F9CD0A4C74EA
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/77a7434c-c4a3-421e-afd6-129ff5970b20.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f15:4000::/36 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:35:84:e4:ab:5a:b2:5e:48:8e:09:d2:78:89:f9:cd:0a:4c:74:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=0c5f95c27a52af0267a34f19a7e8b64815361bb4ad05212ecd1462706b52a9a0, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4f:29:91:c4:f5:64:33:99:23:15:ca:af:44:
                    2a:ed:f7:ec:27:a7:52:b9:01:55:89:c4:da:d9:8e:
                    3e:b4:3d:e6:fd:7d:cb:f4:0a:fc:03:ee:b3:c6:b8:
                    38:c4:63:5c:11:f6:6e:ff:35:2a:45:85:6d:d2:80:
                    6d:86:19:82:42:11:1e:bb:15:73:86:b9:54:c1:80:
                    c0:ce:3d:70:73:75:38:09:a0:4b:c9:01:57:d5:08:
                    b6:3e:fd:08:ee:36:8a:a7:20:6a:cd:b8:db:04:1c:
                    0a:25:ae:a5:74:5f:0a:18:16:0e:69:05:f7:92:ae:
                    ab:4e:39:2d:b7:58:84:e1:4f:72:d1:cd:ee:d8:96:
                    ae:82:8e:76:61:11:11:a2:b3:06:a0:77:ae:3b:aa:
                    a0:b6:46:06:aa:0b:be:27:46:50:36:ff:a7:da:dd:
                    2e:2c:4c:53:2b:75:6c:c8:93:a3:a8:ea:84:d9:a9:
                    71:df:f8:98:f6:0d:e1:16:0e:7f:77:53:a3:ff:78:
                    ec:e2:f8:98:dc:dd:9c:60:0b:d1:c6:ec:f9:b5:bc:
                    06:ca:99:d0:49:c2:44:15:c5:1d:2f:bc:6f:2c:b8:
                    98:29:96:74:54:b7:41:0a:bb:7f:87:c0:5d:27:6f:
                    3c:3e:a3:05:74:4e:74:6e:7b:b0:91:61:94:3e:a3:
                    e5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:B0:0A:68:BC:3A:DD:EB:AE:B7:15:66:FB:EA:B4:5E:0B:A1:A5:C2
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/77a7434c-c4a3-421e-afd6-129ff5970b20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f15:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         ad:52:0f:27:7d:f1:a3:44:4e:f7:9f:93:99:7c:ec:c5:8e:87:
         dd:f3:99:95:3c:5a:1c:47:83:6d:f7:7c:ae:15:0f:87:44:e4:
         cf:0a:2e:54:0d:32:f1:4d:2d:4c:e5:77:c7:ab:66:b0:19:c8:
         3f:3d:1f:7e:cd:06:5e:cf:09:09:e6:48:61:ae:2b:da:42:4a:
         02:8d:37:4d:b0:96:86:92:01:ab:69:87:c7:83:dc:32:18:28:
         9b:35:d6:d9:b6:5c:47:08:50:b4:1d:0a:02:93:52:96:43:bc:
         3f:0b:64:97:64:92:50:88:f9:68:e5:98:1d:04:9d:e5:ed:bf:
         8f:b3:38:7b:6c:e7:a7:9a:8e:53:60:20:89:c7:b3:34:d3:c8:
         40:ba:55:a5:39:e4:c4:cf:29:77:38:03:28:01:b8:ba:65:e7:
         c2:01:94:6f:64:9d:88:b4:e2:a1:67:e6:20:a6:d6:0e:59:74:
         bb:af:bf:3c:0b:a4:48:8c:f0:dc:0f:a8:06:f6:c0:5d:08:8f:
         21:2a:c4:22:67:74:0e:44:90:2a:57:bb:1c:49:31:38:3a:ca:
         f0:b2:e3:5e:2d:7d:25:e4:7c:67:7c:ba:45:bd:fd:0c:70:7a:
         9c:06:f2:46:09:e2:eb:53:9c:4b:d9:6d:a6:3e:10:ed:fb:12:
         98:d1:a3:86
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUHjWE5Ktasl5IjgnSeIn5zQpMdOowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTA3MDAwMDAwWhcNMjUwMjExMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzVmOTVjMjdhNTJhZjAyNjdhMzRmMTlhN2U4YjY0ODE1
MzYxYmI0YWQwNTIxMmVjZDE0NjI3MDZiNTJhOWEwMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzTymRxPVkM5kjFcqvRCrt9+wnp1K5AVWJxNrZjj60Peb9
fcv0CvwD7rPGuDjEY1wR9m7/NSpFhW3SgG2GGYJCER67FXOGuVTBgMDOPXBzdTgJ
oEvJAVfVCLY+/QjuNoqnIGrNuNsEHAolrqV0XwoYFg5pBfeSrqtOOS23WIThT3LR
ze7Ylq6CjnZhERGiswagd647qqC2RgaqC74nRlA2/6fa3S4sTFMrdWzIk6Oo6oTZ
qXHf+Jj2DeEWDn93U6P/eOzi+Jjc3ZxgC9HG7Pm1vAbKmdBJwkQVxR0vvG8suJgp
lnRUt0EKu3+HwF0nbzw+owV0TnRue7CRYZQ+o+XTAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUnLAKaLw63euutxVm++q0XguhpcIwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc3YTc0MzRjLWM0YTMtNDIxZS1hZmQ2LTEyOWZmNTk3MGIyMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8VQDANBgkqhkiG9w0BAQsFAAOCAQEArVIPJ33xo0RO95+TmXzsxY6H
3fOZlTxaHEeDbfd8rhUPh0TkzwouVA0y8U0tTOV3x6tmsBnIPz0ffs0GXs8JCeZI
Ya4r2kJKAo03TbCWhpIBq2mHx4PcMhgomzXW2bZcRwhQtB0KApNSlkO8Pwtkl2SS
UIj5aOWYHQSd5e2/j7M4e2znp5qOU2AgicezNNPIQLpVpTnkxM8pdzgDKAG4umXn
wgGUb2SdiLTioWfmIKbWDll0u6+/PAukSIzw3A+oBvbAXQiPISrEImd0DkSQKle7
HEkxODrK8LLjXi19JeR8Z3y6Rb39DHB6nAbyRgni61OcS9ltpj4Q7fsSmNGjhg==
-----END CERTIFICATE-----