Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ce602f7-7486-45e9-a328-b819c68190d3.roa
File:                     7ce602f7-7486-45e9-a328-b819c68190d3.roa (raw, json)
Hash identifier:          L4NlSC1RX2T1Ldx0LZu/gwXuH9Y0ju5H7WxiwheQ8Jc=
Subject key identifier:   97:D6:25:EA:B3:AF:53:01:19:40:E8:A6:C0:58:43:A6:8C:0D:34:21
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       03091D26A4D54FC92204AF4013781682E95DAF26
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ce602f7-7486-45e9-a328-b819c68190d3.roa
Signing time:             Mon 30 Dec 2024 00:00:00 +0000
ROA not before:           Mon 30 Dec 2024 00:00:00 +0000
ROA not after:            Mon 03 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1ffc:6000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:09:1d:26:a4:d5:4f:c9:22:04:af:40:13:78:16:82:e9:5d:af:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 30 00:00:00 2024 GMT
            Not After : Feb  3 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:42:a2:db:b5:9a:81:b8:09:e3:be:a4:6d:4a:
                    5b:c4:f5:d1:97:85:80:c9:ff:63:7f:57:87:e6:7f:
                    19:01:16:cb:81:00:ed:47:2e:05:ed:e3:d5:39:e3:
                    6b:de:b9:68:c9:27:c4:85:91:c9:f5:49:a8:3a:7a:
                    9e:ba:18:6a:8b:4a:9a:02:5a:63:36:5a:3a:c5:61:
                    1e:e2:ba:53:dd:cb:36:c6:91:26:22:a3:84:00:8b:
                    d5:3c:c1:c7:0b:ec:b7:57:94:dc:29:72:46:5a:ae:
                    79:ca:6c:fa:94:9a:54:bf:53:40:d2:8c:09:8b:39:
                    33:0f:aa:dc:17:45:1b:48:1b:85:68:f9:ae:13:42:
                    7a:a5:fd:cd:33:97:b0:48:52:79:d3:63:58:ea:5b:
                    c4:03:cf:ec:01:83:7f:8d:ee:22:c1:12:46:08:86:
                    fb:22:a5:17:6a:6c:ae:3e:07:dc:dc:95:92:a7:77:
                    c2:4e:d6:5f:02:2c:88:47:3d:70:b6:c7:4c:d1:15:
                    f3:d2:15:22:ed:93:20:75:0a:5b:d9:67:04:12:9f:
                    59:8b:8a:05:d6:11:2e:2f:0d:36:6c:d3:e5:99:ac:
                    a4:30:e4:60:fb:c8:31:e9:c6:7e:1b:3d:a0:5e:24:
                    ad:b2:fb:0c:59:55:4c:fd:0e:d7:c4:60:90:27:93:
                    e8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:D6:25:EA:B3:AF:53:01:19:40:E8:A6:C0:58:43:A6:8C:0D:34:21
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/7ce602f7-7486-45e9-a328-b819c68190d3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ffc:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8e:ab:c2:18:b3:d3:a4:13:0d:39:37:81:8f:6b:2c:1c:42:bd:
         4c:99:5c:32:61:32:ed:67:61:65:31:c2:38:fd:cf:97:a3:7c:
         17:e4:2e:ec:1b:c9:e0:3b:03:07:23:83:f7:e6:fc:22:24:de:
         2b:59:62:7f:b0:69:12:2b:36:3e:54:2f:e2:28:a6:b8:b7:97:
         ce:16:f2:e4:cf:27:ba:5e:14:70:2d:0e:3f:cd:28:67:17:7b:
         7e:06:7d:52:cc:d8:64:03:4a:58:d9:9a:ac:ea:bf:2c:1b:9f:
         56:be:06:2e:f3:7d:c5:ea:76:ed:0a:94:0a:e5:1d:4c:ca:a7:
         2d:9e:12:cf:c6:95:22:24:58:62:30:35:30:5a:7f:c2:af:19:
         f0:d3:1c:b6:17:6f:0a:98:63:9a:55:de:41:25:e7:b9:60:3f:
         d4:55:f5:f3:d1:c9:42:a4:64:5b:dc:10:d4:48:02:54:94:04:
         50:11:68:03:5d:29:f0:43:09:23:46:02:35:0f:2f:52:13:5d:
         b9:f9:e1:0c:5d:9d:6c:93:54:b2:79:81:db:21:59:b9:cd:af:
         ba:f7:ca:f6:b7:05:1c:49:79:30:f0:5a:f9:5d:e4:9a:7c:c6:
         dc:96:35:c2:30:39:36:76:7a:6b:e6:0e:24:84:48:23:f3:15:
         31:da:cf:5b
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUAwkdJqTVT8kiBK9AE3gWguldryYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjMwMDAwMDAwWhcNMjUwMjAzMjM1OTU5
WjB6MUkwRwYDVQQFE0AxYzY4ZDM5NGExOWUwMjI0M2ZkMWE3YWI2NDg5Y2MzZmYy
OTk3YmEyOGJkYTI5ZjQwMzFiOGNmMjJlNGJkMmI5MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSQqLbtZqBuAnjvqRtSlvE9dGXhYDJ/2N/V4fmfxkBFsuB
AO1HLgXt49U542veuWjJJ8SFkcn1Sag6ep66GGqLSpoCWmM2WjrFYR7iulPdyzbG
kSYio4QAi9U8wccL7LdXlNwpckZarnnKbPqUmlS/U0DSjAmLOTMPqtwXRRtIG4Vo
+a4TQnql/c0zl7BIUnnTY1jqW8QDz+wBg3+N7iLBEkYIhvsipRdqbK4+B9zclZKn
d8JO1l8CLIhHPXC2x0zRFfPSFSLtkyB1ClvZZwQSn1mLigXWES4vDTZs0+WZrKQw
5GD7yDHpxn4bPaBeJK2y+wxZVUz9DtfEYJAnk+iJAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUl9Yl6rOvUwEZQOimwFhDpowNNCEwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzdjZTYwMmY3LTc0ODYtNDVlOS1hMzI4LWI4MTljNjgxOTBkMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB/8YDANBgkqhkiG9w0BAQsFAAOCAQEAjqvCGLPTpBMNOTeBj2ssHEK9
TJlcMmEy7WdhZTHCOP3Pl6N8F+Qu7BvJ4DsDByOD9+b8IiTeK1lif7BpEis2PlQv
4iimuLeXzhby5M8nul4UcC0OP80oZxd7fgZ9UszYZANKWNmarOq/LBufVr4GLvN9
xep27QqUCuUdTMqnLZ4Sz8aVIiRYYjA1MFp/wq8Z8NMcthdvCphjmlXeQSXnuWA/
1FX189HJQqRkW9wQ1EgCVJQEUBFoA10p8EMJI0YCNQ8vUhNdufnhDF2dbJNUsnmB
2yFZuc2vuvfK9rcFHEl5MPBa+V3kmnzG3JY1wjA5NnZ6a+YOJIRII/MVMdrPWw==
-----END CERTIFICATE-----