Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81b536ec-bf60-4f65-b2d3-2ffebe8da9ff.roa
File:                     81b536ec-bf60-4f65-b2d3-2ffebe8da9ff.roa (raw, json)
Hash identifier:          lLiByeFoiEQNT7CAWDpPVdlDXqKVv14U9CmxLx2ZJ/A=
Subject key identifier:   75:76:6C:81:08:98:7E:12:F6:41:FA:85:E2:EC:17:9B:B9:32:98:10
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       60A537E1FE8F5AED3D10B43567B4EEFA54D1C4AB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81b536ec-bf60-4f65-b2d3-2ffebe8da9ff.roa
Signing time:             Wed 01 Jan 2025 00:00:00 +0000
ROA not before:           Wed 01 Jan 2025 00:00:00 +0000
ROA not after:            Wed 05 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fb8:5000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:a5:37:e1:fe:8f:5a:ed:3d:10:b4:35:67:b4:ee:fa:54:d1:c4:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan  1 00:00:00 2025 GMT
            Not After : Feb  5 23:59:59 2025 GMT
        Subject: serialNumber=c9c9752dfd4d681c06f42e235f03ed4d117df44204d49a38bbc8195681957f6c, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:99:4b:23:5c:5a:11:cc:9d:c8:2f:b0:01:
                    ad:f6:57:eb:74:f9:88:c5:5d:39:a5:67:0c:c2:6b:
                    f4:d7:30:8c:ed:00:aa:6e:d5:9e:5d:15:56:cc:f1:
                    2d:96:c5:63:f1:7a:f0:2f:b5:bc:e5:3a:97:95:b8:
                    c8:65:31:19:41:1e:aa:c0:53:1b:64:c8:d0:70:14:
                    79:08:43:12:38:29:b5:b9:f7:85:15:12:9b:9d:5a:
                    d7:70:d3:ff:bc:d7:cc:b2:7f:63:fd:5f:49:7f:58:
                    b7:7a:d5:22:45:56:a0:a8:5c:02:de:05:82:69:02:
                    65:4d:2f:c6:09:b3:43:c7:65:6d:a1:4b:cb:e9:3d:
                    31:71:09:df:c3:3a:7d:75:7a:45:44:59:80:a5:50:
                    2f:60:7f:85:0d:68:a5:d6:58:08:c5:e5:b5:b4:e4:
                    47:65:a7:cb:ec:91:b9:d6:e9:dd:52:32:93:54:55:
                    f8:79:35:98:ae:8e:e6:86:89:92:fa:5e:df:e0:18:
                    76:49:f6:8b:48:d4:17:7c:d6:b3:d2:15:be:c5:b0:
                    0d:51:18:e3:34:59:b5:b2:52:ba:62:fa:67:ef:ca:
                    b5:b4:ec:d2:c0:a8:e4:b6:56:ea:75:3e:d0:71:98:
                    bc:c0:18:8b:1d:88:79:ca:46:54:9b:10:fd:63:d4:
                    3f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:76:6C:81:08:98:7E:12:F6:41:FA:85:E2:EC:17:9B:B9:32:98:10
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/81b536ec-bf60-4f65-b2d3-2ffebe8da9ff.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fb8:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a4:ac:59:b4:4e:7b:c0:bf:e4:cd:8b:54:3c:36:92:96:2a:f1:
         5e:9f:e2:0a:f1:df:cb:a1:15:ca:86:01:d8:87:e5:8d:39:8c:
         42:71:d1:c0:23:59:c0:51:b0:bb:8b:97:ae:b4:d9:30:76:ea:
         1c:ee:22:0f:54:cf:51:43:6d:f1:9c:d1:a1:4b:eb:84:cd:a2:
         98:5a:24:51:56:cd:e2:4d:ae:7d:9c:7a:5c:db:e5:08:a1:2d:
         74:ef:00:0b:a5:11:89:59:a3:32:5e:a0:cd:af:24:c4:51:6e:
         ed:9a:28:94:30:22:24:b8:1c:e3:8b:4f:f5:92:c1:be:ee:0b:
         19:ff:20:66:d7:65:38:89:1d:d9:75:27:05:e9:89:74:86:5e:
         0c:a8:6c:ac:c8:fc:39:a0:c3:38:1b:a9:8f:ce:84:9b:93:df:
         bb:df:ac:cf:10:08:8c:dc:9a:45:27:eb:a1:53:6f:81:12:e0:
         13:60:66:c3:25:3a:f6:36:45:45:95:d3:15:af:ee:fb:c5:9e:
         64:be:f0:76:03:16:1c:37:08:13:89:a9:05:2a:14:4d:fa:05:
         88:0a:06:65:ce:4c:e0:ae:b4:47:77:d4:44:fd:31:09:44:80:
         22:cc:38:c7:ae:fc:ec:25:5f:88:f9:ac:e3:72:9c:de:a9:02:
         17:f5:53:21
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUYKU34f6PWu09ELQ1Z7Tu+lTRxKswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTAxMDAwMDAwWhcNMjUwMjA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BjOWM5NzUyZGZkNGQ2ODFjMDZmNDJlMjM1ZjAzZWQ0ZDEx
N2RmNDQyMDRkNDlhMzhiYmM4MTk1NjgxOTU3ZjZjMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC3aJlLI1xaEcydyC+wAa32V+t0+YjFXTmlZwzCa/TXMIzt
AKpu1Z5dFVbM8S2WxWPxevAvtbzlOpeVuMhlMRlBHqrAUxtkyNBwFHkIQxI4KbW5
94UVEpudWtdw0/+818yyf2P9X0l/WLd61SJFVqCoXALeBYJpAmVNL8YJs0PHZW2h
S8vpPTFxCd/DOn11ekVEWYClUC9gf4UNaKXWWAjF5bW05Edlp8vskbnW6d1SMpNU
Vfh5NZiujuaGiZL6Xt/gGHZJ9otI1Bd81rPSFb7FsA1RGOM0WbWyUrpi+mfvyrW0
7NLAqOS2Vup1PtBxmLzAGIsdiHnKRlSbEP1j1D8XAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUdXZsgQiYfhL2QfqF4uwXm7kymBAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgxYjUzNmVjLWJmNjAtNGY2NS1iMmQzLTJmZmViZThkYTlmZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+4UDANBgkqhkiG9w0BAQsFAAOCAQEApKxZtE57wL/kzYtUPDaSlirx
Xp/iCvHfy6EVyoYB2IfljTmMQnHRwCNZwFGwu4uXrrTZMHbqHO4iD1TPUUNt8ZzR
oUvrhM2imFokUVbN4k2ufZx6XNvlCKEtdO8AC6URiVmjMl6gza8kxFFu7ZoolDAi
JLgc44tP9ZLBvu4LGf8gZtdlOIkd2XUnBemJdIZeDKhsrMj8OaDDOBupj86Em5Pf
u9+szxAIjNyaRSfroVNvgRLgE2BmwyU69jZFRZXTFa/u+8WeZL7wdgMWHDcIE4mp
BSoUTfoFiAoGZc5M4K60R3fURP0xCUSAIsw4x6787CVfiPms43Kc3qkCF/VTIQ==
-----END CERTIFICATE-----