Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8388dfcd-1e47-46a9-b951-38ea753f59a1.roa
File:                     8388dfcd-1e47-46a9-b951-38ea753f59a1.roa (raw, json)
Hash identifier:          u0fCtVrcMdwxX/BP9Sxku8qqdtfH5azWpef+9fyQ0IA=
Subject key identifier:   BB:B6:F7:80:90:5F:95:BA:8E:1D:77:43:16:97:B5:0C:F7:A8:3F:25
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       683B37F5E1172246C5B4335F4B5B101236D615B5
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8388dfcd-1e47-46a9-b951-38ea753f59a1.roa
Signing time:             Tue 17 Dec 2024 00:00:00 +0000
ROA not before:           Tue 17 Dec 2024 00:00:00 +0000
ROA not after:            Tue 21 Jan 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        2600:1f38:2000::/40 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:3b:37:f5:e1:17:22:46:c5:b4:33:5f:4b:5b:10:12:36:d6:15:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 17 00:00:00 2024 GMT
            Not After : Jan 21 23:59:59 2025 GMT
        Subject: serialNumber=145972b1370f6ea38731e3fafd5158e4403be283f19fed0805b86b9ee6d7a204, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:91:8e:61:b6:36:c6:c8:f1:62:d6:26:9b:91:
                    01:50:20:65:00:4c:56:5c:99:08:75:92:d3:36:7b:
                    dd:3f:67:b9:6b:a9:fb:0e:d7:39:de:22:9a:51:67:
                    51:ff:c4:9d:09:71:da:04:31:bf:8f:2b:f1:a3:5b:
                    96:3d:cd:89:27:d3:50:55:79:6a:a9:4d:a0:1e:d5:
                    be:ec:63:f5:bf:72:eb:c2:79:e1:b1:cb:ed:30:6c:
                    a2:39:a6:fb:1f:fb:1a:b7:87:b7:fb:ed:28:db:f7:
                    c1:c3:49:e8:ec:29:e0:00:60:c1:fc:ec:63:e1:d5:
                    3b:63:b5:94:24:70:f1:51:cc:77:f3:99:10:b1:1d:
                    12:9c:0b:57:cc:91:e6:7c:19:f8:95:79:62:ba:5f:
                    cc:ae:3b:56:2d:22:34:99:0c:29:77:f8:8c:f8:10:
                    82:4f:24:87:f0:ce:48:e8:7e:63:6b:84:a1:fa:6d:
                    eb:34:08:3f:ae:f0:b9:1c:c0:19:38:13:53:11:65:
                    c6:8e:da:ee:5d:a8:c3:c4:1c:0c:28:d7:0d:a3:3e:
                    42:22:2c:dd:53:2f:f2:2a:f4:9e:50:d9:51:f8:14:
                    1c:4a:2f:d9:f5:a1:cc:bb:11:11:80:59:73:eb:43:
                    63:9e:ae:f5:dd:e5:e1:4e:cc:3c:1f:56:fe:9e:3a:
                    94:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B6:F7:80:90:5F:95:BA:8E:1D:77:43:16:97:B5:0C:F7:A8:3F:25
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/8388dfcd-1e47-46a9-b951-38ea753f59a1.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f38:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:e7:bd:2a:53:84:60:fa:6b:c7:f9:0e:be:57:d8:db:83:66:
         d9:ca:65:28:8d:67:7a:42:e5:09:1d:4b:e5:02:e1:11:33:fa:
         f3:e0:52:57:f9:41:fd:9e:8c:0a:8b:05:ee:49:50:53:91:89:
         2a:54:b1:69:78:18:ee:53:97:84:66:db:86:52:64:09:48:02:
         cb:d7:01:85:b4:89:5d:86:c7:1e:84:48:ee:3d:77:83:5a:3e:
         1b:cc:33:f6:01:f5:b3:2a:03:d8:37:1e:6b:86:b7:31:f1:20:
         34:4c:fb:ac:12:a5:34:a0:c4:93:c7:4d:43:1d:db:5f:c0:55:
         8a:6e:e8:1b:1b:3a:21:22:dc:bc:05:a5:29:e6:b5:a2:76:0c:
         0e:e3:eb:8a:39:31:35:d5:fd:f5:78:3e:74:2f:48:be:f2:68:
         a5:d6:07:d6:39:b1:0b:8e:02:35:06:36:ce:30:5a:fc:ca:0f:
         bf:c1:ea:16:bc:09:1a:81:d7:a8:37:b1:58:18:88:9d:6e:21:
         5d:2f:f5:72:79:55:8c:1f:6b:3a:b3:ff:1b:0e:b7:e7:e9:c6:
         48:bf:1f:44:22:5e:56:ac:0a:45:95:6e:e6:3b:e4:fe:5a:90:
         7d:48:3d:fa:c0:2a:d9:d6:21:cb:bc:a3:7e:d2:ed:ca:cc:a4:
         f0:f4:26:12
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUaDs39eEXIkbFtDNfS1sQEjbWFbUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjE3MDAwMDAwWhcNMjUwMTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDU5NzJiMTM3MGY2ZWEzODczMWUzZmFmZDUxNThlNDQw
M2JlMjgzZjE5ZmVkMDgwNWI4NmI5ZWU2ZDdhMjA0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDikY5htjbGyPFi1iabkQFQIGUATFZcmQh1ktM2e90/Z7lr
qfsO1zneIppRZ1H/xJ0JcdoEMb+PK/GjW5Y9zYkn01BVeWqpTaAe1b7sY/W/cuvC
eeGxy+0wbKI5pvsf+xq3h7f77Sjb98HDSejsKeAAYMH87GPh1TtjtZQkcPFRzHfz
mRCxHRKcC1fMkeZ8GfiVeWK6X8yuO1YtIjSZDCl3+Iz4EIJPJIfwzkjofmNrhKH6
bes0CD+u8LkcwBk4E1MRZcaO2u5dqMPEHAwo1w2jPkIiLN1TL/Iq9J5Q2VH4FBxK
L9n1ocy7ERGAWXPrQ2OervXd5eFOzDwfVv6eOpSfAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUu7b3gJBflbqOHXdDFpe1DPeoPyUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzgzODhkZmNkLTFlNDctNDZhOS1iOTUxLTM4ZWE3NTNmNTlhMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB84IDANBgkqhkiG9w0BAQsFAAOCAQEAOee9KlOEYPprx/kOvlfY24Nm
2cplKI1nekLlCR1L5QLhETP68+BSV/lB/Z6MCosF7klQU5GJKlSxaXgY7lOXhGbb
hlJkCUgCy9cBhbSJXYbHHoRI7j13g1o+G8wz9gH1syoD2Dcea4a3MfEgNEz7rBKl
NKDEk8dNQx3bX8BVim7oGxs6ISLcvAWlKea1onYMDuPrijkxNdX99Xg+dC9IvvJo
pdYH1jmxC44CNQY2zjBa/MoPv8HqFrwJGoHXqDexWBiInW4hXS/1cnlVjB9rOrP/
Gw635+nGSL8fRCJeVqwKRZVu5jvk/lqQfUg9+sAq2dYhy7yjftLtysyk8PQmEg==
-----END CERTIFICATE-----