Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b94d636-8971-4240-9841-9ed2d3ff7131.roa
File:                     7b94d636-8971-4240-9841-9ed2d3ff7131.roa (raw, json)
Hash identifier:          fp18/wA0c4AFbaP0YVj+qko0xkfb9o84PqejQ+Y2RTg=
Subject key identifier:   F0:B9:DA:60:BF:6B:C5:5B:93:CF:10:57:7D:DB:F5:99:46:B1:7D:87
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       72A406613C44FA1941252CC62F26E13044191073
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b94d636-8971-4240-9841-9ed2d3ff7131.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ff4:8000::/39 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a4:06:61:3c:44:fa:19:41:25:2c:c6:2f:26:e1:30:44:19:10:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=46634c717754d5ee4cc72a89f21ff9f21a1d85c19261a649a010d415655e318f, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a0:6d:cf:c1:21:37:1a:08:28:c2:50:b1:3c:
                    e7:27:54:ac:f9:e0:e3:7f:62:55:ad:a3:a0:4e:87:
                    0c:70:3e:bc:32:96:3b:5c:26:e3:50:af:e3:2b:6e:
                    04:83:46:c9:f1:32:98:76:1a:fe:2e:15:6a:52:ff:
                    e3:cb:51:ba:da:56:cf:ea:dc:32:18:15:76:41:88:
                    c3:70:da:d5:de:ee:aa:21:05:f5:79:16:e3:89:9c:
                    a5:5e:33:98:45:43:93:fa:9b:9c:16:5c:7e:eb:1c:
                    38:99:b6:ae:3d:95:d6:00:ca:1b:45:ab:be:c2:3d:
                    12:49:19:4e:f4:ad:36:8e:8b:c3:c6:8f:7d:0d:a1:
                    e0:35:65:57:b8:55:1a:12:2a:04:87:d7:55:61:ea:
                    53:4a:92:fe:0e:4e:ee:0b:a0:d3:4f:4c:5b:64:20:
                    10:e9:36:ba:e9:97:b9:57:ec:80:c6:1b:ae:ad:c5:
                    19:bc:82:4e:4c:d7:35:f7:27:57:2a:af:78:67:53:
                    de:ae:05:a9:fa:52:b3:85:fe:16:2f:8b:68:36:3e:
                    df:49:5f:8c:fc:6c:b3:02:39:9b:7a:7c:12:6f:de:
                    35:90:b9:5b:4a:1e:e4:e3:4c:54:65:05:73:ba:1e:
                    57:7a:92:bb:2a:09:af:ae:03:bf:82:33:a1:cb:77:
                    88:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:B9:DA:60:BF:6B:C5:5B:93:CF:10:57:7D:DB:F5:99:46:B1:7D:87
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7b94d636-8971-4240-9841-9ed2d3ff7131.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         4b:f9:00:86:90:00:9b:75:77:64:f6:ab:3f:68:e0:14:22:aa:
         76:87:4c:1c:45:3d:b2:39:12:35:35:ad:fc:7e:92:50:c8:1f:
         69:a6:7b:13:4b:18:91:50:d2:a4:61:d7:ce:f0:0b:df:e0:b0:
         26:71:d3:99:a7:fc:9c:e2:30:a2:19:5b:0a:77:ba:cc:17:1e:
         5a:ef:49:48:72:76:f1:4f:64:e7:10:81:71:4c:bb:4a:0d:7c:
         fc:7d:8a:42:06:9d:f5:94:98:c5:d2:cd:e4:f1:03:1c:88:00:
         7c:79:c7:90:e0:c8:da:d4:f0:92:6a:f1:3d:61:5f:4f:78:7e:
         b0:8e:37:4a:64:b8:d7:58:00:8c:f8:77:c3:da:69:c8:9d:c7:
         16:9f:2d:dc:fc:c1:59:f0:c9:93:5a:35:df:b4:0a:19:05:1b:
         12:16:80:0a:c1:a9:e3:62:13:c6:a1:38:fb:fa:d8:b9:63:61:
         ce:a0:f9:26:95:13:2d:a4:a3:00:0a:2f:e2:7d:7b:bd:e7:5b:
         a2:18:96:f7:3f:c3:f7:6e:fc:e5:05:2f:82:e4:f7:3f:32:48:
         9f:d5:ee:d6:46:28:f3:89:73:15:b4:cf:16:9d:ac:01:bc:1f:
         61:39:61:0b:c1:ba:7a:88:d9:de:29:7c:23:96:5f:18:c7:90:
         dd:d6:75:db
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUcqQGYTxE+hlBJSzGLybhMEQZEHMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0NjYzNGM3MTc3NTRkNWVlNGNjNzJhODlmMjFmZjlmMjFh
MWQ4NWMxOTI2MWE2NDlhMDEwZDQxNTY1NWUzMThmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCoG3PwSE3GggowlCxPOcnVKz54ON/YlWto6BOhwxwPrwy
ljtcJuNQr+MrbgSDRsnxMph2Gv4uFWpS/+PLUbraVs/q3DIYFXZBiMNw2tXe7qoh
BfV5FuOJnKVeM5hFQ5P6m5wWXH7rHDiZtq49ldYAyhtFq77CPRJJGU70rTaOi8PG
j30NoeA1ZVe4VRoSKgSH11Vh6lNKkv4OTu4LoNNPTFtkIBDpNrrpl7lX7IDGG66t
xRm8gk5M1zX3J1cqr3hnU96uBan6UrOF/hYvi2g2Pt9JX4z8bLMCOZt6fBJv3jWQ
uVtKHuTjTFRlBXO6Hld6krsqCa+uA7+CM6HLd4gHAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU8LnaYL9rxVuTzxBXfdv1mUaxfYcwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdiOTRkNjM2LTg5NzEtNDI0MC05ODQxLTllZDJkM2ZmNzEzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB/0gDANBgkqhkiG9w0BAQsFAAOCAQEAS/kAhpAAm3V3ZParP2jgFCKq
dodMHEU9sjkSNTWt/H6SUMgfaaZ7E0sYkVDSpGHXzvAL3+CwJnHTmaf8nOIwohlb
Cne6zBceWu9JSHJ28U9k5xCBcUy7Sg18/H2KQgad9ZSYxdLN5PEDHIgAfHnHkODI
2tTwkmrxPWFfT3h+sI43SmS411gAjPh3w9ppyJ3HFp8t3PzBWfDJk1o137QKGQUb
EhaACsGp42ITxqE4+/rYuWNhzqD5JpUTLaSjAAov4n17vedbohiW9z/D92785QUv
guT3PzJIn9Xu1kYo84lzFbTPFp2sAbwfYTlhC8G6eojZ3il8I5ZfGMeQ3dZ12w==
-----END CERTIFICATE-----