Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7819d184-8878-447a-8c21-4b078bfb731f.roa
File:                     7819d184-8878-447a-8c21-4b078bfb731f.roa (raw, json)
Hash identifier:          95lh1m0iK2FuxghZg1yogHFFe8XPYjgrYg3S9l6/8KY=
Subject key identifier:   07:5F:D6:EF:08:F3:A9:09:5C:D1:C5:E9:5C:41:78:BB:13:31:BC:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03BF53EF2F1BA3B25F7ED640218F46F516B291A2
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7819d184-8878-447a-8c21-4b078bfb731f.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1ffb:5000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:bf:53:ef:2f:1b:a3:b2:5f:7e:d6:40:21:8f:46:f5:16:b2:91:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: serialNumber=bea5b8d77afc43edd85bcc6c763235f856c73e3756eafeb9f9b9969c126138d6, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:38:60:bc:f7:7c:d1:15:92:81:f2:14:31:b1:
                    fd:3c:94:cf:99:7c:51:6e:e2:40:40:54:80:00:ce:
                    19:96:5f:22:70:e6:16:3b:fc:ec:0d:af:b1:b8:8d:
                    49:a5:8c:71:9e:10:a0:48:8b:df:72:de:f3:ba:9a:
                    75:cd:99:ce:2f:d1:c6:0f:f2:f2:1d:c0:63:31:cf:
                    7e:ea:40:a8:06:e8:c9:fd:0e:05:5f:1a:55:a3:d0:
                    89:4b:18:12:26:34:c7:77:c8:72:bc:36:44:1d:74:
                    ef:d3:75:9e:ed:f8:7b:d6:9d:9a:18:08:b5:2d:39:
                    d5:fa:e7:86:bb:7a:cb:d5:0c:f5:77:b9:c5:28:01:
                    aa:45:ff:89:6b:07:9d:d2:73:b6:04:90:8d:56:71:
                    81:b2:7f:6f:4f:85:af:d1:17:c1:45:1a:20:13:9f:
                    78:41:34:69:86:a0:b4:73:21:a8:1d:c1:e8:b5:39:
                    83:09:29:d8:de:c1:52:2c:48:a1:bc:d4:23:88:92:
                    d3:60:65:a7:fb:2b:a2:f4:56:dc:f2:46:76:a3:52:
                    6d:3f:05:3c:bb:39:83:62:84:ee:d0:fb:19:f0:7e:
                    12:ee:73:1a:b7:f5:6a:ec:67:db:6e:7f:79:38:7b:
                    0b:70:34:00:be:c4:7b:8b:51:f6:df:a2:76:f4:7f:
                    52:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5F:D6:EF:08:F3:A9:09:5C:D1:C5:E9:5C:41:78:BB:13:31:BC:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7819d184-8878-447a-8c21-4b078bfb731f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffb:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         cb:a4:86:b5:07:bb:4c:6a:eb:1d:c3:9c:9e:cf:4c:50:5c:53:
         4e:08:49:ae:49:f0:c0:21:ba:b6:47:97:bd:65:63:e5:6f:a5:
         ee:c3:59:10:8d:1d:08:b0:66:ab:3d:1c:f4:7b:e3:52:4f:e3:
         cb:bb:a2:ae:6f:fc:4e:f3:31:8f:08:3a:2e:08:58:58:c7:da:
         b0:33:ad:89:39:eb:3c:4d:95:66:12:be:b4:52:15:22:24:33:
         1f:e4:d9:df:f5:cb:5d:7a:13:78:8f:b9:08:68:a6:88:b0:31:
         f7:56:1e:a9:d7:d6:62:ad:c8:ec:f8:f7:43:76:33:41:2c:5c:
         ee:77:2b:e0:80:5d:97:6f:e9:de:39:5c:84:f0:ec:17:1b:b6:
         0e:80:37:fd:bc:b5:39:5f:75:cb:8d:79:02:af:14:78:82:83:
         6f:45:ea:45:ae:ce:0e:b7:bb:9b:64:6e:61:d9:50:d5:6d:58:
         b0:63:e5:95:2c:01:20:f3:c6:d0:4b:c6:ff:07:45:45:86:50:
         35:9a:76:99:48:25:a1:28:fc:65:0a:a0:ce:41:bc:25:fa:14:
         c3:55:b7:c1:5a:64:af:66:1f:1e:ac:4d:0e:5c:f0:00:0f:37:
         b6:d8:b4:fb:98:ad:88:23:21:5d:ec:43:a2:57:bd:73:0e:22:
         2d:e2:fe:5f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUA79T7y8bo7JfftZAIY9G9RaykaIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZWE1YjhkNzdhZmM0M2VkZDg1YmNjNmM3NjMyMzVmODU2
YzczZTM3NTZlYWZlYjlmOWI5OTY5YzEyNjEzOGQ2MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4OGC893zRFZKB8hQxsf08lM+ZfFFu4kBAVIAAzhmWXyJw
5hY7/OwNr7G4jUmljHGeEKBIi99y3vO6mnXNmc4v0cYP8vIdwGMxz37qQKgG6Mn9
DgVfGlWj0IlLGBImNMd3yHK8NkQddO/TdZ7t+HvWnZoYCLUtOdX654a7esvVDPV3
ucUoAapF/4lrB53Sc7YEkI1WcYGyf29Pha/RF8FFGiATn3hBNGmGoLRzIagdwei1
OYMJKdjewVIsSKG81COIktNgZaf7K6L0VtzyRnajUm0/BTy7OYNihO7Q+xnwfhLu
cxq39WrsZ9tuf3k4ewtwNAC+xHuLUfbfonb0f1JLAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUB1/W7wjzqQlc0cXpXEF4uxMxvCYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzc4MTlkMTg0LTg4NzgtNDQ3YS04YzIxLTRiMDc4YmZiNzMxZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/7UDANBgkqhkiG9w0BAQsFAAOCAQEAy6SGtQe7TGrrHcOcns9MUFxT
TghJrknwwCG6tkeXvWVj5W+l7sNZEI0dCLBmqz0c9HvjUk/jy7uirm/8TvMxjwg6
LghYWMfasDOtiTnrPE2VZhK+tFIVIiQzH+TZ3/XLXXoTeI+5CGimiLAx91YeqdfW
Yq3I7Pj3Q3YzQSxc7ncr4IBdl2/p3jlchPDsFxu2DoA3/by1OV91y415Aq8UeIKD
b0XqRa7ODre7m2RuYdlQ1W1YsGPllSwBIPPG0EvG/wdFRYZQNZp2mUgloSj8ZQqg
zkG8JfoUw1W3wVpkr2YfHqxNDlzwAA83tti0+5itiCMhXexDole9cw4iLeL+Xw==
-----END CERTIFICATE-----